A member recap of “Achieving Data Security and Analytics with AI” presented by Glendon Schmitz at (ISC)² Security Congress 2022. By Angus Chen, CISSP, CCSP, PMP, MBA Although “data is the new oil”, there are many problems with working on production data directly. Organizations encounter regulations to protect privacy such as General Data Protection Regulation (GDPR). The fine for violating GDPR is 17 million British Pounds or 4% annual global turnover. Amazon was charged with U.S. $887 million, WhatsApp U.S. $267 million and Marriott 18 million British Pounds for data breaches. The list goes on and on. Furthermore, organizations sharing... Continue reading

The following individuals were elected to the Board and will begin their three-year term in January 2023: Laurie-Anne Bourdain, CISSP – Belgium Edward Farrell, SSCP, CISSP – Australia Nalneesh Gaur, CISSP-ISSAP – United States Guy Ngambeket, CISSP – United Arab Emirates Yiannis Pavlosoglou, CISSP – Greece Congratulations to our directors! The election ran from November 1-14, 2022, and 4,717 (ISC)² certified members voted in the election and results were independently tabulated and verified by our third-party election facilitator and audited by an independent third-party. The (ISC)² Board of Directors is responsible for: Strategic direction, governance and oversight for (ISC)² Developing... Continue reading

A member recap of Dr. Thomas Scanlon’s session at (ISC)² Security Congress 2022 by Angus Chen, CISSP, CCSP, MBA, PMP. Dr. Scanlon started his talk by showing images of women and posing a question to the audience: Can you spot the fake person? See the image to left. To my surprise, none of them are a real person! These images are generated by an AI algorithm, generative adversarial network (GAN), source: https://thispersondoesnotexist.com. In my opinion, it is a little creepy. Several websites today use data-driven unconditional generative image modeling to create deepfake images such as https://thisxdoesnotexist.com. According to CISA, a... Continue reading

Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and... Continue reading

By Dr. Fulvio Arreghini, CSSLP, Head of International Sales at INFODAS GmbH. Fulvio is a CDR of the Italian Navy (reserve). He has an Master Degree in communication engineering and a PhD in Information engineering. During his active service in the Navy he’s been working mainly in the areas of Secure Tactical Communication and Command and Control systems, acting often also as security officer and risk manager. Since 2020 in the private sector, he joined Infodas at first as solution architect to later become head of international sales. Cyberattacks to operational technology (OT) are on the rise and the providers... Continue reading

(ISC)² recently announced an expansion of its diversity, equity and inclusion (DEI) initiative through partnerships with several organizations around the world. “It’s no secret that the cybersecurity industry isn’t nearly as diverse as it should be,” said Dwan Jones, director of Diversity, Equity and Inclusion at (ISC)². “Our mission at (ISC)² is to not only enable individuals from all backgrounds to enter the cybersecurity industry but also to empower and equip them to excel in their positions and continuously grow in their careers.” BUiLT (Blacks United in Leading Technology) is one of the DEI partners, and along with (ISC)² will... Continue reading

What do you get when you cross a teacher with an entrepreneur who also has a passion for cybersecurity? You get Matt Lee. Matt is the Senior Director of Security and Compliance at Pax8, where he is a force multiplier in the mission to empower Managed Service Providers (MSP) to continue to grow in their security knowledge and operability. We recently had a chance to speak with Matt about his experiences, and to offer some solid advice to those who are looking to enhance their cloud security. Q: Could you tell us a little about your background, and how you... Continue reading

Microsoft security updates, Trojans attack Google and the SEC announces enforcement action for SolarWinds….Here are the latest threats and advisories for the week of November 11, 2022. Threat Advisories and Alerts FBI Announces That Hacktivist DDoS Attacks Can Have Minimal Impact As Russian military attacks on Ukraine continue, hacktivists are using DDoS attacks to target critical infrastructure companies. The FBI has released a notification emphasizing that these attacks can have minimal impact with the right mitigations. Hacktivists often try to exaggerate and publicize the severity of their attacks by posting about them in the news and on social media. Their... Continue reading

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. (ISC)² Security Congress 2022 was a huge success with engaging speakers from around the world filled with insights. The theme of this year’s event was Empower a Safer, More Secure Cyber World and they certainly inspired many to do so. In this blog, we would be sharing the excerpts from Top Cloud Security Fails and How to Avoid Them delivered by Karl Ots, CISSP, Head of Cloud Security, EPAM and Linkedin Learning Instructor. (ISC)² Security Congress attendees can earn CPE credits by watching this and all other... Continue reading

Regardless of what the economy or job market is doing, a career in cybersecurity promises near limitless possibilties. And with the current threats to cyber stability around the world, there’s never been a greater urgency for cybersecurity professionals. The latest research reveals a formidable gap in available talent — the workforce needs an influx of 2.7 million cybersecurity professionals to meet global demand.1 The data is obvious in its message. Cybersecurity is in dire need of skilled professionals and it’s costing organizations money. A recent study finds 64% experienced breaches that resulted in lost revenue and/or fines in the past... Continue reading

Cyberattacks on Dropbox, Europe’s biggest copper producer and another Australian business make this week’s headlines. Here are the latest threats and advisories for the week of November 4, 2022. Threat Advisories and Alerts Google Chrome Suffers Seventh Zero-Day Vulnerability of the Year Google has released an emergency update for its Chrome web browser to address its seventh zero-day vulnerability (CVE-2022-3723) of the year. If the security flaw is exploited, attackers could perform remote code execution, access memory regions that could crash applications or read sensitive information of other apps. Google Chrome users are advised to update their browsers immediately. Source:... Continue reading

The 2022 (ISC)² Cybersecurity Workforce Study revealed a global workforce gap of 3.4 million professionals. While 55% of respondents believe diversity will increase among their teams within two years, it is no surprise that diversity in the cybersecurity industry is still lacking. To bridge the gap and effectively secure information and assets, we need to cast a wider net and embrace greater diversity within the profession – specifically, enabling individuals from all backgrounds to join the field and equip them with the right tools to succeed in their cybersecurity career journey. To empower individuals to continuously grow in their cybersecurity... Continue reading

The International Association of Privacy Professionals (IAPP) and (ISC)² teamed up to dive into similar challenges facing security and privacy professionals in a constantly evolving world. The latest (ISC)² Workforce Study shows an IT background – either from education or work experience – remains the most common point of entry for cybersecurity roles as 63% of participants reported it as their path to cybersecurity. This percentage has lowered in recent years, giving way to a variety of other entry points. Today, just over one-third of cybersecurity professionals get their start outside of IT. This number continues to expand as the... Continue reading

By Allen Ari Dziwa, CISSP, CCSP a risk specialist and SME for the Federal Reserve Bank of Cleveland. He has worked in technology and cybersecurity consulting for 15 years. Allen currently serves on the Board of Directors of ISSA North Texas, E-Council’s Ethical Hacking Advisory Board and contributed to CISSP reviews for (ISC)². He is a certified ethical hacker and certified threat intelligence analyst. The purpose of a Board of Directors is to provide governance and hold senior management accountable, including implementing cybersecurity strategy within established cyber risk appetite. A goal for any organization is generating revenue from business activities,... Continue reading

Tech giant vulnerabilities, menacing malware and child abductions via rideshare apps…. Here are the latest threats and advisories for the week of October 28, 2022. Threat Advisories and Alerts Daixin Team Ransomware Group Targets U.S. Businesses The FBI and CISA released a joint cybersecurity advisory to warn companies of the cybercrime group Daixin Team. The threat actors are a ransomware and data extortion group that have been actively targeting U.S. businesses since at least June 2022, mostly in the healthcare sector. The group gains access to victims’ systems via virtual private network (VPN) servers, and then moves laterally via Remote... Continue reading

Over the past two years, the workforce has changed in unimaginable ways. Hybrid work is now the norm, leadership strategies have evolved to encompass the new way of work, and workers are taking the time to decide if they actually like their job. We have witnessed the highest resignation numbers in decades – according to the World Economic Forum, 4.4 million workers left their jobs in September 2021 alone! However, the Great Resignation can be your Great Opportunity, especially if you are pursuing a career in cloud security. The Great Resignation brings Great Opportunities You have probably seen headlines about... Continue reading

I *The blog.isc2.org platform is having technical difficulties. If you are having trouble reading this blog in its entirety please view here: https://community.isc2.org/t5/Blog/Proposed-Bylaws-Amendments-What-They-Mean/ba-p/54775 (ISC)² has added additional insights to the Bylaws amendment documentation to address specific questions raised by our members. You can review the entire Bylaws packet here, and we are sharing the added rationale for changes below. All members are encouraged to review the Bylaws documentation prior to voting. The Board of Directors recommends a VOTE FOR THE AMENDMENTS.  (ISC)² Board of Directors Chairperson Zach Tudor, CISSP, shared additional insights into the proposed Bylaws changes you can read here. From... Continue reading

This Cybersecurity Awareness Month we are reviewing the three sides of mentorship by speaking with members who are experienced mentors, mentees and those who have taken part in reverse mentorship. Review our part one blog and hear from experienced mentors. In this, our second part of our three-part interview series we will hear from Jean Tam, CISSP, Cybersecurity Manager/Lead, Subject Matter Expert at Lockheed Martin on what the mentee experience is like. What drove you to seek mentorship? I was just out of college and wanted to figure out what I wanted to be when I grew up. What did... Continue reading

As cyberthreats continue to make daily headlines, the need for security experts is at an all-time high. Yet talent is scarce. Research shows the cybersecurity workforce needs an influx of 2.7 million professionals to meet global demand. Near limitless job opportunities are wide open to problem-solvers with an analytical mindset. How can you start your career in cybersecurity? Working cybersecurity professionals agree, certification is the most important way for career pursuers to enter the field. But with so many cybersecurity certifications out there, how do you choose the one that will help you break into the field and help lead... Continue reading

A reminder to all (ISC)² certified members in good standing as of October 2, voting is now open for the amendments to the (ISC)² Bylaws. Any individual who has earned an (ISC)² certification and is an active member in good standing as of October 2, 2022, is eligible to vote. This includes new Certified in Cybersecurity (CC) holders. Visit your member dashboard to find your voting access. On October 19, members of the (ISC)² Board of Directors – Dan Houser, CISSP-ISSAP, ISSMP, CCSP, CSSLP, Yiannis Pavlosoglou, CISSP and Lisa Young, CISSP – participated in a live webinar, along with (ISC)²... Continue reading

A reminder to all (ISC)² certified members in good standing as of October 2, voting is now open for the amendments to the (ISC)² Bylaws. Any individual who has earned an (ISC)² certification and is an active member in good standing as of October 2, 2022, is eligible to vote. This includes new Certified in Cybersecurity (CC) holders. Visit your member dashboard to find your voting access. On October 19, members of the (ISC)² Board of Directors – Dan Houser, CISSP-ISSAP, ISSMP, CCSP, CSSLP, Yiannis Pavlosoglou, CISSP and Lisa Young, CISSP – participated in a live webinar, along with (ISC)²... Continue reading

Ransomware derails big businesses as the Australian cyberattack spree and student loan forgiveness scam highlight a disturbing week in the cybersecurity world. Here are the latest threats and advisories for the week of October 21, 2022. Threat Advisories and Alerts FBI Warns That Fraudsters May Target Beneficiaries of Student Loan Forgiveness Individuals seeking US federal student loan forgiveness should be cautious of potential scams related to the Student Loan Debt Relief Plan introduced in August of this year. Scammers are using a variety of digital tools – including websites, email, mobile phones and more – to trick victims into giving... Continue reading

This Cybersecurity Awareness Month we are looking at three sides of mentorship from the mentor’s perspective, the mentee’s insights and reverse mentorship. Follow along with us though this three-part interview series highlighting member perspectives from varying industries. In this first blog, we will hear from three experienced mentors sharing their insights and takeaways from years of experience helping to guide the next generation. Chaddrick “Chad” Nevills, CISSP, Service Engineer at Microsoft What motivates you to succeed as a mentor? Seeing someone else succeed using the knowledge from my experiences to their advantage. It is fruitful to see someone from my... Continue reading

The cybersecurity field has become larger than ever, but as the ranks of cybersecurity professionals increase, so does the workforce gap. The 2022 (ISC)² Cybersecurity Workforce Study reveals the workforce has grown to 4.7 million, an 11% increase from a year ago, while the workforce gap is now 3.4 million, up from 2.7 million. “Despite adding more than 464,000 workers in the past year, the cybersecurity workforce gap has grown more than twice as much as the workforce with a 26.2% year-over-year increase, making it a profession in dire need of more people,” the newly published report says. Findings were... Continue reading

Many developing countries lack the resources to secure valuable information and data effectively. To strengthen cyber defenses in these economies, additional cybersecurity professionals are needed – with the right skills and knowledge – to defend critical assets. Understanding the challenge and wanting to improve the global cybersecurity ecosystem, today (ISC)² and Korea Internet & Security Agency (KISA) signed a Memorandum of Understanding (MOU) to collaborate and leverage the expertise of our organization, as well as KISA, to nurture the global cybersecurity workforce. The collaboration will expand cybersecurity professional education and training by providing professionals with the necessary knowledge and skills... Continue reading