There are few certainties in life, with taxes being very much at the top of the list. However, for (ISC)2 members in the UK, we have some good news for you on that front. From now on, members in the UK will be able to claim tax relief on their annual maintenance fee (AMF) in most cases. We have been granted Approved Professional Organisations and Learned Societies status by HM Revenue & Customs (HMRC), the UK’s tax, payments and customs authority. This status recognises (ISC)2 among a select number of essential professional societies and bodies operating in the UK that... Continue reading

As the cybersecurity skills shortage intensifies, cyber professionals have become the target of stiff competition among recruiters and employers. Compensation and benefits packages are becoming increasingly generous, essentially giving jobseekers the chance to write their own ticket. Compensation packages have exceeded $6 million at some large technology companies, according to a recent Bloomberg article. Such packages typically involve mostly stock but even so, they prove that it definitely pays to be in the cybersecurity field. Even the direct charges of top security officers are commanding salaries in the $1 million range, according to Bloomberg. The reasons for these bloated pay... Continue reading

Recruiting cybersecurity professionals is a major challenge because of the scarcity of qualified candidates, but at least employers don’t have to worry about them wanting to change professions. Most cybersecurity workers (64%) plan to finish out their careers in cybersecurity, according to (ISC)² research. Of course, this creates a new challenge for employers – how to retain their cybersecurity staff. With a worldwide shortage of nearly 3 million, there’s always a chance workers will leave for better pay or more attractive working conditions. To prevent this, employers must put serious effort into retention with measures such as robust training, professional... Continue reading

Already have a background in IT? Here are three tips for moving toward a more security-focused role. Take a cue from Goldilocks: Go after the industry certification that’s “just right.” This entails pursuing a credential that helps augment technical skills with security practices. Many choose the SSCP for its balance between the foundational and technical. SSCP allows you to prove a technical understanding without having to seek a more entry-level certification. Change your perspective to layer security into the work you’re already doing. Moving from IT to security is a natural evolution. Once you’ve gained the requisite knowledge and put... Continue reading

(ISC)²’s biggest and best Security Congress yet – with three days of more than 175 sessions and 200 speakers – kicks off in less than three months! Act now - Early Bird registration is still open and workshops and pre-conference trainings are filling up. This year’s conference will be held at the Walt Disney World Swan and Dolphin Resort and will feature workshops, career resources, awards, an escape room and so much more. Our Center for Cyber Safety and Education will once again host its annual volunteer orientation and other special programming. Find out what Center Day at (ISC)² Security... Continue reading

Part of (ISC)²’s role in the cybersecurity industry includes representing its members in legislative matters to ensure that we’re advocating for the profession and providing guidance to government leaders on new policies that may be championed. On Wednesday, August 14, (ISC)² Director of Cybersecurity Advocacy John McCumber will meet with The U.S. Senate Committee on Commerce, Science and Transportation to discuss the findings of the (ISC)² Cybersecurity Workforce Study and its implications on cybersecurity workforce advancement that the U.S. government might spearhead in collaboration with the private sector. This type of input session will help to inform the committee during... Continue reading

You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the... Continue reading

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure. Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America We’ve all been there, staring at the blank page or the blank screen, frustrated that the words aren’t flowing anymore, if they ever were. For the fortunate, this feeling can be fleeting, quickly replaced by a geyser of ideas and sentences that flow onto the page. For the rest of us, the momentary blockage can take a more serious turn, resulting in days or weeks of “challenged writing” in which you have no choice but to plow through the slow drip-drip of words and ideas. In extreme... Continue reading

By Mike Wills, CISSP, SSCP Let’s face it: Opportunity goes to the well-prepared. And living in dangerous and dynamic times, each of us needs to be so much better prepared to face tomorrow than we were today. We’re all at risk. Everything we value, everyone we hold dear are held hostage to the badly misinformed decisions of the well-intended; are targets of opportunities to those with malice at heart. Those people, the “bad guys,” the black hats, are already outspending most legitimate businesses and organizations when it comes to investing in their knowledge, skills and abilities to attack. The right... Continue reading

Cybersecurity concerns remain top of mind for global CEOs as they weigh the challenges their organizations will face in the next five to 10 years. A new report by global management consultancy EY reveals that cybersecurity tops the list of concerns for CEOs, along with income inequality and job loss caused by technology advances. The findings in EY’s 2019 CEO Imperative Study confirm earlier research showing that chief executives view cybersecurity threats as one of their most daunting challenges. Adding to the problem, the EY study reveals that CEOs lack confidence in the C-suite’s ability to address these challenges. Only... Continue reading

With half the year already in the rearview, it’s a great time to reflect on your goals. Is achieving the CISSP, CCSP, SSCP or another elite (ISC)² certification part of your plans? If so, do you have a winning strategy in place? Here are three tips to help you get – and stay – on track as you pursue next steps. Set an exam date. Registering now can keep you motivated and focused on your certification goals. And the sooner you pass the exam, the sooner you’ll prove your cybersecurity expertise to employers and peers! Develop a study plan. Work... Continue reading

Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be. (ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.”... Continue reading

One of the toughest challenges of cybersecurity is to raise awareness among users. Technology solutions are instrumental in achieving a solid security posture, but they only get you so far. There’s always the risk a user will make a split-second bad decision and open the door to attack. User awareness was the topic of a recent (ISC)² webcast, Delivering Security Awareness that Works. Participants shared their experiences in modifying user behavior and the challenges they face on a daily basis to save users from their own potentially harmful actions. User Risks One theme quickly emerged: Cybersecurity teams must be on... Continue reading

You’ve been curious. You’ve waited patiently. And now you’ll know exactly which sessions you can look forward to at our ninth annual Security Congress in Orlando! The full agenda for this conference is now online for you to browse and you won’t want to miss this year’s event. Security Congress will advance a global perspective and vision as our premier conference for thousands of cybersecurity professionals from all over the world. With 18 tracks, 175 sessions and more than 200 speakers, this will be the biggest program ever. Featured sessions include: A panel discussion on Diversity, Equity and Inclusion: How... Continue reading

While large enterprises are highly confident in their cybersecurity defenses, a new (ISC)² study suggests they need to be more diligent in a couple of areas – taking action when told about security vulnerabilities and removing privileges for users who no longer need access to systems. The (ISC)² Securing the Partner Ecosystem study polled respondents from both small businesses and large enterprises. Asked if they’ve alerted enterprise clients to security vulnerabilities they’ve discovered on the enterprise’s systems, 53% of small business respondents said yes. Yet, 35% of large enterprise respondents said nothing is done about these alerts. In response to... Continue reading

Parents can play an influential role in their children’s choice of careers but when it comes to cybersecurity, most parents have no advice to give. That’s because they really don’t know much, if anything, about the subject. A survey by cybersecurity training provider SANS Institute revealed that 63% of parents in the U.K. can’t answer questions about how to find a job in the cybersecurity field. Almost as many parents (61%) said they have little or no knowledge of any career opportunities in the industry, even though 91% said they have heard of cybersecurity. And despite the high earning potential... Continue reading

A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec. Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says. “Declining skills are highly problematic for cyber security professionals, who are effectively... Continue reading

A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only... Continue reading

While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of 500 executives. The report, “The Future of Cyber Survey 2019,” reveals a disconnect between organizational aspirations for a “cyber everywhere” future and their actual cyber posture. One area where this is evident is in budgeting, with organizations allocating only 14% of their digital transformation budgets to cybersecurity. Further evidence is how often cyber appears on the agendas of company board meetings. Cybersecurity makes it to the agenda of 49% of... Continue reading

Nominations are now open for the 2019 Information Security Leadership Awards Americas. The awards will be presented during a ceremony at (ISC)² Security Congress on Wednesday, October 30 at the Walt Disney World Swan and Dolphin Resort in Orlando and will be open to All-Access pass attendees. As this is the first global event in (ISC)² history, it is expected to be the largest Security Congress ever, with as many as 4,000 attendees. The ISLA Americas nominations are open to (ISC)² members and non-members alike who are working in North, South and Central America. The deadline to submit all nominations... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America Writing can be one of those professional development win-win activities that not only brings joy to the person engaged in it, but also brings knowledge, value — and yes, in some cases even joy — to the reader. All of us remember reading a particularly well-crafted sentence and thinking to ourselves “wow, that was well written.” You might have even thought “gee, I wish I could write like that.” Well, you probably can, but unlike in the movies, it probably won’t come to you in a full... Continue reading

Following the signing of a Multilateral Recognition Arrangement (MLA) signed last year that confirms the American National Standards Institute’s (ANSI) standing as an internationally respected accrediting body with rigorous standards, all nine (ISC)² cybersecurity certifications are now recognized by the International Accreditation Forum (IAF). The MLA applies to IAF accrediting bodies, including ANSI, and shows that the organizations they accredit all meet the same rigorous standards. According to a press release issued by ANSI, “Regional Accreditation Group members of IAF are admitted to the IAF MLA only after a most stringent evaluation of their operations by a peer evaluation team... Continue reading

The (ISC)² Cybersecurity Workforce Study is conducted to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions to issues facing the industry. The 2.93M workforce gap number has been reported on far and wide, but the gap is just one part of the report. It’s important that we focus on finding answers to the problems facing cybersecurity practitioners, management and organizations. In just a few weeks, we will be conducting our next round of research and we want to hear from you! We need the opinions and insights from professionals on the front... Continue reading