Cybersecurity is becoming increasingly important as more businesses collect, share, and use more and more data as part of their practices. The news headlines have been dominated by security incidents affecting the personal data of millions of people around the world. The importance of cybersecurity is underscored by the cost of a breach, with IBM estimating the average cost of a data breach in the United States being $8.19 million. Zero unemployment is not a dream! The cybersecurity industry has a zero percent unemployment, which make it an attractive statistic. It certainly is a great reason for everyone, either IT... Continue reading

As we look forward to (ISC)² Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Trends in Cloud Security: Where We're Going, We Don't Need Roads Cloud security remains one of the most popular tracks at Security Congress. In this session, Liz Tesch from Microsoft examines the current state of security in a hybrid cloud environment, discusses cloud security tools and... Continue reading

Software glitches like the Y2K bug and its recent echoes, such as the New York City parking meter failure serve to remind us of the complacency that often settles into organizational culture, and which allows security threats to turn into full-on failures. The New York City parking meter failure was soon eclipsed by the enormity of the COVID-19 pandemic, which has occupied the world’s attention ever since. But this story should not be forgotten, because it has roots that extend far back into the past and – more importantly – has serious implications for computing and threat management far into... Continue reading

By AJ Yawn, CISSP Introduction Amazon Web Services (AWS) is the market-leading cloud service provider for many reasons. One of the reasons for its market share is the breadth and depth of security services available to organizations hosted on AWS. With new services being released almost daily, it is understandable for security practitioners to get lost in the many options to secure your AWS account. AWS CloudTrail is one of these services that are commonly underused but fairly simple to set up and critical for security governance, detection, and incident response. What is CloudTrail, and Why Does it Matter? AWS... Continue reading

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. BY JASON McDOWELL, CISSP Companies from all industries are looking for qualified cybersecurity professionals to fill the skills gap in their current workforce. Demand is high, and many companies are willing to pay top dollar to those who possess the skills they need. With this high-demand, high-paying environment, what could go wrong? Plenty. With the exception of companies that specialize in information security, accurate valuation of the cybersecurity role in many companies is still very challenging, and many managers lack even a basic understanding of what cybersecurity professionals do... Continue reading

Professionalizing the world of cybersecurity education and training is a major focus area for the UK Government, especially in the new realities we find ourselves in. It included plans in its National Cyber Security Strategy in 2016 to develop the cyber security profession, including creating a UK Cyber Security Council to focus on professional development, professional ethics, thought leadership, influence and outreach. Late last year, the Department for Digital, Culture, Media and Sport commissioned the creation of the Council through a consortium of cyber security professional bodies – including (ISC)² –known as the Cyber Security Alliance. (ISC)² has been diligently... Continue reading

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe... Continue reading

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. By Anne Saita In 2012, a Fortune 500 oil and gas company joined the early adopters migrating assets and business processes to “the cloud.” Corporate executives’ biggest security concern then was the potential for a rogue administrator from a chosen cloud service provider to pilfer all of its data. “That was the big fear at the time,” explained Jon-Michael C. Brook, CISSP, CCSK, a principal at Guide Holdings who consulted with the company during its initial cloud migration. “They weren’t as worried about errors that they might make; they... Continue reading

As we look forward to (ISC)2 Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Preparing for Cyber War: Learnings from Responding to Disruptive Breaches Charles Carmakal and Jermey Koppen, both from Mandiant, share real world case studies of threat actors and their motivations of money, fame and power. They share the importance of investigating attacks by both internal and external... Continue reading

If you’re looking for ways to fulfill your CPE requirements, it doesn’t get much more convenient than the Professional Development Institute (PDI), a portfolio of timely and relevant continuing education courses that are provided to (ISC)2 members as part of their membership benefits. The latest addition – available now – to the on-demand library of 36 courses is a Lab course titled “Security Analysis with SPARTA,” which is aimed at security practitioners and anyone looking to implement the penetration testing execution standard (PTES) and the tools and processes found within SPARTA and security assessment tools. SPARTA’s design automates many common... Continue reading

By AJ Yawn, CISSP FedEx. Booz Allen Hamilton. Republican National Committee. Dow Jones & Co. Verizon Wireless. Time Warner Cable. WalMart. These eight organizations all have the same thing in common: Leaky S3 buckets that were misconfigured and exposed sensitive customer data. Amazon S3 (or Simple Storage Service) bucket misconfigurations and breaches continue to show up in cybersecurity publications. A disappointing fact considering how newsworthy these breaches have been. Amazon S3 is an object storage service on Amazon Web Services (AWS) that provides customers with infinitely scalable and durable storage for websites, mobile applications, backup and restore, and many other... Continue reading

We recently announced that this year’s (ISC)² Security Congress will take place entirely virtually. The decision was made as COVID-19 cases continue to surge around the globe in the interest of safety of attendees, speakers, sponsors and staff. This year’s event will include three days of sessions from top security experts November 16-18. We’ll announce the sessions – including the timing of the programming – soon, but in the meantime, many sessions from the 2019 event are available online completely free. Get a taste of what Security Congress 2020 will have to offer, while getting ahead on your CPEs by... Continue reading

As COVID-19 continues to surge across the globe and corporate travel restrictions put in place, (ISC)² has announced its decision to make its Security Congress for 2020 a virtual conference. The renowned three-day conference, focused on industry discussion and continuing education for security professionals of all levels, will be held online from November 16-18. This decision is in recognition of the fact that many training budgets have been reallocated due to the economic impact of COVID-19. As such, (ISC)² Security Congress 2020 is offering a heavily discounted Early Bird pricing to (ISC)² members and associates of just $295 for an... Continue reading

Contributed by The Center for Cyber Safety and Education As a parent, keeping up with the latest online trends can be exhausting. One week your kids are “Snapping” with friends and the next they are trying to create viral videos on TikTok. That’s why at the nonprofit, Center for Cyber Safety and Education, we focused on giving you tools to teach safe habits rather than a rundown of the latest trending apps. At the Center, we know you are the kind of parent who wants to keep your child safe and secure online. But first, you need access to efficient... Continue reading

Research conducted since the start of the COVID-19 pandemic shows an increase in cyber threats as cybercriminals try to take advantage of users working remotely. What most users may not realize is that they could be making it easier for threat actors to target them. Here’s how: Every time a user posts a picture of his or her remote office setup on social media or participates in a videoconference, the user unwittingly may be revealing personal or company information that threat actors can exploit. In an opinion piece published by the Wall Street Journal, a cybersecurity expert warned about the... Continue reading

When it comes to (ISC)² certification exam prep, there is no shortage of choices – especially for the CISSP and CCSP credentials. With so many options, where’s the assurance that you’re putting your time, faith and money into a vetted training resource? It’s an excellent question. So let’s break down three key distinctions between (ISC)² Official Training from an authorized provider versus training from an unauthorized company. Because the right source can make all the difference in crushing your certification goal – and protecting your investment. (ISC)² Authorized Instructors Taking on the globally recognized CISSP or CCSP demands commitment and... Continue reading

The original article by Diego Delfino can be found at https://delfino.cr/2020/05/caso-maze-bcr-expertos-comparten-reflexiones-lecciones-y-sugerencias Óscar Monge España, founding member of (ISC)² chapter Costa Rica has 16 years of experience in multiple fields of cybersecurity, such as incident response, threat intelligence, risk management and vulnerability management at the corporate level and in the cloud methodology Agile and ITIL, information security expert and cloud security professional. His work in the field led him to obtain the award as the best security participant for America (America’s ISLA) awarded by the renowned organization ISC2 in 2017. He currently works for RaboBank in The Netherlands as a cybersecurity... Continue reading

El artículo original fue publicado por Diego Delfino en: https://delfino.cr/2020/05/caso-maze-bcr-expertos-comparten-reflexiones-lecciones-y-sugerencias Óscar Monge España, miembro fundador de (ISC)² capitulo Costa Rica, tiene 16 años de experiencia en múltiples campos de la ciberseguridad, como lo son la Respuesta de Incidentes, Inteligencia de Amenazas, Manejo de Riesgos y Manejo de vulnerabilidades a nivel corporativo y en la nube, metodologías ágiles e ITIL, experto en seguridad de la información y profesional en seguridad en la nube. Su trabajo en el campo, le llevó a obtener el galardón como el mejor practicante de seguridad para America (America’s ISLA) otorgado por la reconocida organización (ISC)² en... Continue reading

Amid easing COVID-19 lockdown measures, exam and training centers are opening up. As Thiago Earp from Firebrand Training explains, it will soon resume training at its dedicated facility, starting with courses for the (ISC)2 CISSP certification. Training and examinations have been impacted by the outbreak of COVID-19. Understandably, classrooms and testing centers have had to pause around the world as part of efforts to combat the virus. In the UK, lockdown restrictions are easing and allowing a multitude of businesses and services to resume physical operations. Lockdown easing is allowing testing and training to return, albeit with some changes to... Continue reading

There is no question that now is a great time to break into cybersecurity as a career. (ISC)² research shows the shortage of skilled security resources is approaching 3 million globally. Getting into this line of work can be approached from many different angles. Whether you are an experienced professional looking to make a pivot into security or a college student exploring the field, the right preparation, network and credentials can make all the difference. We asked three cyber professionals about their journey into security and the advice they would give to up-and-comers in the field. Here’s what they shared.... Continue reading

Understaffing in cybersecurity teams remains a major challenge for organizations, with 62% of respondents in a recent ISACA survey saying they are struggling with it. And even though the number of understaffed organizations fell by seven percentage points from last year, staffing issues are making some organizations more vulnerable to cyberattacks. Concerns over the ability to respond to threats are widespread, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report, which gathered responses from 2,000 respondents in 102 countries. Only 21% of respondents in “significantly understaffed” organizations say they are completely or very confident in their organization’s ability... Continue reading

With breach rates growing and cyberattacks becoming a daily occurrence for business, IT leaders are looking to beef up their security teams. This is good news for anyone who is considering a career in information security. But as new talent begins to navigate breaking into the field, many may wonder: What skills should I focus on developing for a security career? Most security hiring managers are looking for a blend of skills and backgrounds. Here are 10 things you need to enter the cybersecurity workforce today. Technical prowess While some career paths in security may not require technical skills, many... Continue reading

Demand is up for cybersecurity solutions and services as businesses try to cope with the effects of the COVID-19 pandemic. In a survey of technology firms, industry association CompTIA found that customer inquiries regarding cybersecurity were up by 36% in April -- second only to inquiries about communications, collaboration and A/V technologies. The increased demand for cybersecurity and collaboration technologies makes sense in light of the sudden increase in work-from-home (WFH) numbers. The ranks of remote workers shot up as a result of stay-at-home and lockdown directives issued by governments in efforts to manage the spread of COVID-19. Recent (ISC)2... Continue reading

(ISC)² has sent a letter to Senator Jacky Rosen (D-NV) in support of proposed bipartisan legislation that would direct the Secretary of Commerce, in coordination with relevant agencies, to establish “grand challenge” competitions to achieve high-priority breakthroughs in cybersecurity, including expanding our cybersecurity workforce, defending against artificial intelligence threats, and protecting our nation against cyberattacks. The proposed Cyber Leap Act of 2020 can be read here: https://www.commerce.senate.gov/services/files/60A3EF97-3FE3-47D9-A5B9-04E2A8AE2200 In a press release issued by Senator Rosen, who is a member of the Committee on Commerce, Science, and Transportation, she said about the bill: “We put our nation at risk if we... Continue reading

Appropriate experience is one of the biggest hurdles to overcome when trying to land a job in information security. In fact, a poll from Tripwire finds most job seekers (80%) say they need more experience to be considered for many of the roles they apply for in infosec. The survey, conducted via Twitter, also found lack of certification or appropriate training (20%) were other issues keeping people from security jobs. There’s no question landing that first gig in security can be difficult. But there are practical ways to stand out and get the attention of hiring managers, even without a... Continue reading