With half the year already in the rearview, it’s a great time to reflect on your goals. Is achieving the CISSP, CCSP, SSCP or another elite (ISC)² certification part of your plans? If so, do you have a winning strategy in place? Here are three tips to help you get – and stay – on track as you pursue next steps. Set an exam date. Registering now can keep you motivated and focused on your certification goals. And the sooner you pass the exam, the sooner you’ll prove your cybersecurity expertise to employers and peers! Develop a study plan. Work... Continue reading

Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be. (ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.”... Continue reading

One of the toughest challenges of cybersecurity is to raise awareness among users. Technology solutions are instrumental in achieving a solid security posture, but they only get you so far. There’s always the risk a user will make a split-second bad decision and open the door to attack. User awareness was the topic of a recent (ISC)² webcast, Delivering Security Awareness that Works. Participants shared their experiences in modifying user behavior and the challenges they face on a daily basis to save users from their own potentially harmful actions. User Risks One theme quickly emerged: Cybersecurity teams must be on... Continue reading

You’ve been curious. You’ve waited patiently. And now you’ll know exactly which sessions you can look forward to at our ninth annual Security Congress in Orlando! The full agenda for this conference is now online for you to browse and you won’t want to miss this year’s event. Security Congress will advance a global perspective and vision as our premier conference for thousands of cybersecurity professionals from all over the world. With more than 4,000 attendees expected, 18 tracks, 175 sessions and more than 200 speakers, this will be the biggest program ever. Featured sessions include: A panel discussion on... Continue reading

While large enterprises are highly confident in their cybersecurity defenses, a new (ISC)² study suggests they need to be more diligent in a couple of areas – taking action when told about security vulnerabilities and removing privileges for users who no longer need access to systems. The (ISC)² Securing the Partner Ecosystem study polled respondents from both small businesses and large enterprises. Asked if they’ve alerted enterprise clients to security vulnerabilities they’ve discovered on the enterprise’s systems, 53% of small business respondents said yes. Yet, 35% of large enterprise respondents said nothing is done about these alerts. In response to... Continue reading

Parents can play an influential role in their children’s choice of careers but when it comes to cybersecurity, most parents have no advice to give. That’s because they really don’t know much, if anything, about the subject. A survey by cybersecurity training provider SANS Institute revealed that 63% of parents in the U.K. can’t answer questions about how to find a job in the cybersecurity field. Almost as many parents (61%) said they have little or no knowledge of any career opportunities in the industry, even though 91% said they have heard of cybersecurity. And despite the high earning potential... Continue reading

A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec. Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says. “Declining skills are highly problematic for cyber security professionals, who are effectively... Continue reading

A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only... Continue reading

While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of 500 executives. The report, “The Future of Cyber Survey 2019,” reveals a disconnect between organizational aspirations for a “cyber everywhere” future and their actual cyber posture. One area where this is evident is in budgeting, with organizations allocating only 14% of their digital transformation budgets to cybersecurity. Further evidence is how often cyber appears on the agendas of company board meetings. Cybersecurity makes it to the agenda of 49% of... Continue reading

Nominations are now open for the 2019 Information Security Leadership Awards Americas. The awards will be presented during a ceremony at (ISC)² Security Congress on Wednesday, October 30 at the Walt Disney World Swan and Dolphin Resort in Orlando and will be open to All-Access pass attendees. As this is the first global event in (ISC)² history, it is expected to be the largest Security Congress ever, with as many as 4,000 attendees. The ISLA Americas nominations are open to (ISC)² members and non-members alike who are working in North, South and Central America. The deadline to submit all nominations... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America Writing can be one of those professional development win-win activities that not only brings joy to the person engaged in it, but also brings knowledge, value — and yes, in some cases even joy — to the reader. All of us remember reading a particularly well-crafted sentence and thinking to ourselves “wow, that was well written.” You might have even thought “gee, I wish I could write like that.” Well, you probably can, but unlike in the movies, it probably won’t come to you in a full... Continue reading

Following the signing of a Multilateral Recognition Arrangement (MLA) signed last year that confirms the American National Standards Institute’s (ANSI) standing as an internationally respected accrediting body with rigorous standards, all nine (ISC)² cybersecurity certifications are now recognized by the International Accreditation Forum (IAF). The MLA applies to IAF accrediting bodies, including ANSI, and shows that the organizations they accredit all meet the same rigorous standards. According to a press release issued by ANSI, “Regional Accreditation Group members of IAF are admitted to the IAF MLA only after a most stringent evaluation of their operations by a peer evaluation team... Continue reading

The (ISC)² Cybersecurity Workforce Study is conducted to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions to issues facing the industry. The 2.93M workforce gap number has been reported on far and wide, but the gap is just one part of the report. It’s important that we focus on finding answers to the problems facing cybersecurity practitioners, management and organizations. In just a few weeks, we will be conducting our next round of research and we want to hear from you! We need the opinions and insights from professionals on the front... Continue reading

by Dr. Sanjana Mehta, Head of Market Research Strategy - EMEA May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the EU member states. It also has significant ramifications for companies outside the EU that hold personal information relating to EU citizens and organizations. Failure to comply with the GDPR can and will result in fines and other legal sanctions. The GDPR has already had... Continue reading

Whether you’re going for CISSP, SSCP, CCSP or another elite (ISC)² certification, the training route is an excellent way to prepare. (ISC)² certifications are highly regarded in the cybersecurity industry, and countless training companies offer exam prep for them. With so many options, it can be unnecessarily hard to make the right choice. Often, we think the more choices we have, the better. But too many cybersecurity training options have created confusion and led to false claims that border on unethical as companies compete for your business. When it comes to assertions trainer providers make about their courses for our... Continue reading

On May 21, (ISC)² COO Wesley Simpson was invited to join a panel of experts for testimony in front of the U.S. House of Representatives Committee on Homeland Security. The hearing, titled “Growing and Diversifying the Cyber Talent Pipeline” was a forum for committee members to ask witnesses for their observations and input on methods for growing the U.S. cybersecurity workforce and also for encouraging more minorities to join the profession. Mr. Simpson was joined on the panel by three other witnesses representing Grambling State University, The National Cybersecurity Institute at Excelsior College and McAfee. (ISC)² was approached by the... Continue reading

by Dr. Mansur Hasib, CISSP, PMP, CPHIMS Program Chair, Cybersecurity Technology, The Graduate School, University of Maryland University College In order for any discipline to advance and grow, each generation of established thought leaders must mentor and invest in the next generation. The new generation can infuse new ideas, varied approaches, and innovative new ways to explain and present material. This is exactly what happened in a dramatic way at the 2019 Secure Summit DC hosted by (ISC)² . John McCumber and Susan Lausch of (ISC)² invited me to organize a contingent of 30 graduate cybersecurity students and recent graduates... Continue reading

By Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America After many years of developing expertise in several technical domains, you’ve decided that this year you will invest more diligently into Group B CPE professional development activities. But how should you go about it? The official (ISC)² CPE handbook provides guidelines about the many options that will count towards Group B CPEs — and how much they will count — but figuring out how to prioritize the vast array of choices can be a challenge. After all, the field of possibilities is wide open, leaving us wondering... Continue reading

A debate is raging over who has the right to repair electronic equipment without voiding manufacturers’ warranties. On one side, companies such as Apple, Lexmark and Verizon are seeking to quash “right-to-repair” legislation; on the other, supporters of right of repair initiatives are accusing the tech industry of scare tactics. At issue is whether right-to-repair laws may impact cybersecurity considerations. Manufacturers argue cybersecurity would suffer by allowing unauthorized individuals to repair devices, however many cybersecurity professionals consider this claim an overreach. On May 2, cybersecurity advocacy group Securepairs.org issued a statement strongly supporting right-to-repair efforts. Declaring that “fixable stuff is... Continue reading

An Executive Order signed by United States President Donald Trump aims to grow the government’s cybersecurity capability, improve integration of the cybersecurity workforce between federal departments, and strengthen the skills of individual cybersecurity practitioners. The order, titled Executive Order on America’s Cybersecurity Workforce and signed by the president on May 2, creates measures to help federal agencies retrain workers interested in cybersecurity and requires agencies to adopt the National Initiative for Cybersecurity Education (NICE) Framework in government contracts. It includes an incentive component, creating an annual competition with cash rewards of at least $25,000 “to identify, challenge, and reward the... Continue reading

Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be... Continue reading

On April 16, at the World Forum in The Hague, The Netherlands, (ISC)2 COO Wesley Simpson provided closing remarks to summarize some of the key sessions from the two-day Secure Summit EMEA event as it was wrapping up. To give you a window into the kinds of topics addressed during the Summit, what follows is an excerpt from his address. [Edited for length] Now, to close out the 2019 (ISC)² Secure Summit EMEA, let’s take a few minutes to look back at what we can take away from this year’s event. I’ve had a chance to speak with many of... Continue reading

Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are... Continue reading

By Deshini Newman, Managing Director, EMEA, (ISC)² There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging. Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world's first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace... Continue reading