This week, SC Media released its list of Finalists for the 2019 SC Awards and (ISC)2 is once again in consideration as the best professional certification program in the cybersecurity industry. Winners will be announced at the SC Awards dinner, a gala evening convening hundreds of the industry’s brightest luminaries to network, toast the winners, and celebrate the best the cybersecurity community has to offer. The event takes place on March 5 at the InterContinental Hotel in San Francisco during the week of RSA Conference. Tickets can be purchased here. Continue reading

Name: Ramana Krothapalli Title: Consultant - Information Security & GRC Employer: Self-Employed Location: Hyderabad, India Education: M.Sc., PGDCA Years in IT: 7 Years in cybersecurity and/or privacy: 17 Cybersecurity certifications: CISSP, HCISSP, CISA, CISM, ISO 27001 LA How did you decide upon a career in healthcare security and/or privacy? It’s rather a chance than a choice. As the chief information security officer (CISO) of a software development firm, I was tasked to implement information security and privacy in multiple healthcare development projects. I am happy that I could contribute to security of healthcare. Why did you decide to pursue your... Continue reading

The National Cyber Security Centre (NCSC) has outlined new rules of the road for earning its Certified Cyber Professional (CCP) specialist certification. The new pilot program for the certification commences in 2019 and focuses on assessing two main areas of specialism: risk management and security architecture. Why is this of interest to you? The NCSC has outlined three ways in which candidates can demonstrate foundational cybersecurity knowledge in order to qualify for the scheme. One of those ways is to hold a CISSP certification and a full (ISC)2 membership. This is yet another signpost that highlights the industry recognition of... Continue reading

Our own John McCumber, director of cybersecurity advocacy for North America, was provided a great opportunity this week to present the findings from our recent 2018 Cybersecurity Workforce Study to the National Initiative for Cybersecurity Education Working Group (NICEWG) at its monthly meeting. As you may well know – or can guess – this working group covers the NICE Framework published by the National Institute for Standards and Technology (NIST) and brings together a diverse group of public and private sector cybersecurity experts to discuss ways to advance cybersecurity education, training and workforce development. To be invited to present to... Continue reading

Name: Shawn O’Reilly Title: Information Security Officer Employer: SUNY Upstate Medical University Location: Syracuse, New York Education: Master’s in Information Management, Syracuse University Years in IT: 25 Years in cybersecurity and/or privacy: 20 Cybersecurity certifications: CISSP, CCSP, HCISPP, CISM, CISA How did you decide upon a career in healthcare security and privacy? The opportunity to move into a healthcare security and privacy career presented itself about 15 years ago when I was searching for a new job. I was previously employed by a Big 4 accounting firm, where I got my start as a cybersecurity consultant. I was looking to... Continue reading

Cyberattacks rank as the number one risk of doing business in North America, Europe and the East Asia-Pacific region, according to a World Economic Forum report, Regional Risks of Doing Business. While business leaders in other areas of the globe are more concerned about unemployment, unstable governments and oil prices, cyber risks rank as the fifth highest worldwide. The concern about cyberattacks shows just how critical cybersecurity has become, ranking even higher than terrorism in the global top 10. Not surprisingly, cyber risks are a bigger concern among the most industrialized areas of the globe such as North America, where... Continue reading

Name: George Chacko Title: Senior Manager, Information Security Employer: New York Blood Center Location: New York, NY, U.S. Education: State University of New York at Buffalo Years in cybersecurity and/or privacy: 14 Cybersecurity certifications: CISSP, HCISPP How did you decide upon a career in healthcare security and/or privacy? After starting my career in financial services as an information security professional, I knew that the healthcare industry was an area in which experienced resources were needed due to the rise in major breaches of medical records and personal healthcare information. I had many family and friends in different roles in healthcare... Continue reading

The holidays are a great time to give back to your local community. November 27 is known as Giving Tuesday, a global day of giving. This year, the Center for Cyber Safety and Education is adding some “cattitude” to Giving Tuesday. Sign up for the Center’s “Round-Up” program from November 1 to November 27 and you will be entered for the chance to win a Jim Davis autographed holiday-themed Garfield print. Once enrolled, the program “rounds up” your change on every day purchases and donates them to the charity of your choice. Another way to give back is at the... Continue reading

(ISC)² is most widely known for the Certified Information Systems Security Professional (CISSP) certification. Holding your CISSP certification means something. It means you are experienced, well-trained, dedicated and constantly working to stay up to speed on the ever-evolving world of cybersecurity. There are more than 125,000 certified CISSPs around the world working at Fortune 100 companies, start-ups and as independent contractors. Certification Magazine surveyed a group of CISSPs and discovered they remain among the highest compensated security professionals, with an average U.S. salary of $131,030. To learn more about CISSP salary information, including job satisfaction and experience levels, read the... Continue reading

The 2018 Cybersecurity Workforce Study, recently released by (ISC)2, reveals that 63% of organizations currently don’t have enough cybersecurity staff. The number is hardly surprising considering the worldwide cybersecurity workforce shortage is nearly 3 million. Employers have an acute need to build their cyber teams with the requisite skills and experience. Their priorities in looking for candidates include: relevant work experience – 49% understanding of advanced cybersecurity concepts – 47% cybersecurity certifications – 43% extensive cybersecurity work experience – 40% strong non-technical/soft skills – 39% If you’re seeking employment in a cybersecurity role, keep these priorities in mind. They provide... Continue reading

Each year, (ISC)² and the Center for Cyber Safety and Education partner together to offer scholarships to students around the world. There are three categories of scholarships in this program: Graduate, Undergraduate and Women’s. All are open to students pursuing cybersecurity degrees in any country in the world, whether they are full-time or part-time students, online or attending a campus. The Graduate Scholarship period is open until January 15. Applicants must be pursuing, or plan to pursue, a master’s degree program, or a doctoral study, with a focus on cybersecurity or information assurance. The Undergraduate Scholarship application period will open... Continue reading

Download the report or infographic Continue reading

If you’re looking to break into the field of cybersecurity – and workforce research shows, we need you to join us – (ISC)²’s SSCP certification may be the way to go. Certification Magazine recently wrote about the SSCP certification as a solid point of entry for aspiring security professionals. The certification is ideal for those in “boots on the ground” positions within security operations. The SSCP exam is highly technical and focused on hands-on knowledge skills. The certification is ideal for security analysts, systems engineers, database administrators and others responsible for the day-to-day operations of securing their organizations critical assets.... Continue reading

(ISC)² recently honored two additions to the distinguished group of Fellows of (ISC)². This recognition is designated upon elite cybersecurity professionals who have made outstanding contributions over the course of their careers to the profession and industry at large. John McCumber, director of cybersecurity advocacy in North America for (ISC)², is a past Fellow and presented the honor to two outstanding and deserving individuals this year at Security Congress in New Orleans during the Information Security Leadership Awards ceremony. The first Fellow honored was Dr. Ronald Ross. His area of focus has been systems security engineering and risk management. He... Continue reading

Despite a shortage of 3 million cybersecurity professionals across the globe, a comfortable majority of those currently employed (68%) are happy in their jobs, according to (ISC)2’s newly published Cybersecurity Workforce Study. Their job satisfaction is related to the level of investment employers make in cybersecurity skills, technology and practices – all of which determines how cybersecurity professionals spend their time. The study is instructive to employers who are hampered by the skills shortage, but nevertheless need to improve their cybersecurity posture and culture. “By providing the right security resources, whether that means additional personnel, training or specialized cybersecurity solutions,... Continue reading

New Orleans jazz band welcomes attendees to the city and declares (ISC)2 Security Congress 2018 open By David Shearer, CISSP, (ISC)² CEO When I made the decision two years ago to transform the annual (ISC)2 Security Congress into an independent event, I knew it would be a huge undertaking for our team, but I also understood the passion of our member base and that we had enough interest to support this evolution. After returning from the 2018 Congress held in New Orleans just a few weeks ago (from October 8-10) I am reaffirmed that it was the right move. Our... Continue reading

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. A JTA Study Workshop for CSSLP has tentatively been scheduled toward the end of January 2019. In preparation for the upcoming study, we would like to hear from our CSSLP members. Please comment on the... Continue reading

This year’s (ISC)² Security Congress event took place at the New Orleans Marriott in Louisiana October 8-10, 2018, with nearly 2,000 cybersecurity professionals in attendance to share best practices, learn new skills and explore solutions to top challenges facing the profession. With keynote addresses from Congressman Cedric Richmond, Jane McGonigal, Theresa Payton and Dr. Jessica Barker, Security Congress featured more than 100 educational breakout sessions on a dozen security tracks, including cloud security; critical infrastructure; cybercrime; governance, regulation and compliance; incident response and forensics; identity access management; privacy; professional development; research; software assurance and application security; and cyber threats. Top... Continue reading

2,930,000 That is the size of the global cybersecurity workforce gap. The breakdown is around 498,000 in North America, 136,000 in Latin America, 142,000 in Europe, the Middle East and Africa, with the largest deficit coming in Asia Pacific at 2.14 million. But what does this big, scary number even mean? Where did it come from? First, this new Cybersecurity Workforce Study from (ISC)² has evolved from past studies to become a more accurate representation of the broader workforce. We surveyed nearly 1,500 professionals around the world who spend at least 25% of their time on cybersecurity activities, which includes... Continue reading

You might want to sit down for this one: The shortage of cybersecurity professionals around the globe has never been more acute. New research by (ISC)2 places the estimate at just under 3 million – 2.93 million to be exact – with roughly 500,000 of those positions located in North America. According to (ISC)2’s Cybersecurity Workforce Study, the gap is having a serious real-world impact around the globe. Asia-Pacific, with its growing economies and new privacy regulations, is experiencing the biggest shortage – 2.14 million positions. The massive worldwide shortage not only places organizations affected by the shortage at higher... Continue reading

The future of cybersecurity was the subject of lively discussion during a session on blockchain’s potential to revolutionize how data is protected. The session was part of the 2018 (ISC)2 Security Congress, taking place this week in New Orleans. The Blockchain session’s presenters, Nitin Uttreja and Ashish Dwivedi, who are both cybersecurity engineers for CA Technologies, argued that blockchain provides effective, reliable ways to secure cloud storage and the Internet of Things (IoT), and to manage identities and passwords. But not everyone in attendance was buying it. Questions arose as to whether networks still have to be secured in conjunction... Continue reading

About three thirds (76%) of companies currently have cyber insurance, but less than a third of them (32%) get policies that cover all risks, according to two representatives from insurer RLI Corp. who spoke during this week’s (ISC)2 Security Congress 2018 in New Orleans. While having a cyber policy is always a good idea, there is a fair amount of complexity that makes it difficult to determine how much coverage you need. Often third parties such as cloud providers are involved, creating coverage nuances that companies must be aware of when taking out a policy. Beyond that, companies often don’t... Continue reading

It was standing room only at security consultant Ron Woerner’s presentation on tools, tips and techniques for cybersecurity professionals this week at the 2018 (ISC)2 Security Congress in New Orleans. Woerner, president and chief cybersecurity consultant at RWX Security Solutions, focused primarily on easily available, free resources that anyone can find with a simple internet search or by typing in a URL. The resources are useful in cybersecurity assessments, investigations, awareness and administration. That Congress attendees lined up patiently to get into the session indicates how much hunger there is for resources that can help them in their jobs. Perhaps... Continue reading

Stop saying humans are the weakest link in security. That was the main message delivered by former White House CIO Theresa Payton during her keynote at (ISC)2’s Congress 2018, taking place this week in New Orleans. “The technology is the weakest link. The human is at risk. We have to change how we think about this in our industry,” said Payton, who is now president and CEO of Fortalice Solutions, and stars in the CBS show “Hunted.” Even though cybersecurity teams implement various measures, follow rules and frameworks, and complete compliance checklists, breaches still occur, she said. That’s because technology... Continue reading

Privacy is one of the greatest challenges of the digital age. Who has the right to access an individual’s personal data and when? That’s the question at the heart of a series of court cases regarding search and seizure of mobile phones at U.S. border crossings. Currently border agents are allowed to access and search metadata, including the origin, time and date of phone calls, without a search warrant. However, true data typically requires a warrant, according to Scott M. Giordano, vice president of data protection at Spirion, a data management software provider. He addressed the topic to a packed... Continue reading