As COVID-19 continues to surge across the globe and corporate travel restrictions put in place, (ISC)² has announced its decision to make its Security Congress for 2020 a virtual conference. The renowned three-day conference, focused on industry discussion and continuing education for security professionals of all levels, will be held online from November 16-18. This decision is in recognition of the fact that many training budgets have been reallocated due to the economic impact of COVID-19. As such, (ISC)² Security Congress 2020 is offering a heavily discounted Early Bird pricing to (ISC)² members and associates of just $295 for an... Continue reading

Contributed by The Center for Cyber Safety and Education As a parent, keeping up with the latest online trends can be exhausting. One week your kids are “Snapping” with friends and the next they are trying to create viral videos on TikTok. That’s why at the nonprofit, Center for Cyber Safety and Education, we focused on giving you tools to teach safe habits rather than a rundown of the latest trending apps. At the Center, we know you are the kind of parent who wants to keep your child safe and secure online. But first, you need access to efficient... Continue reading

Research conducted since the start of the COVID-19 pandemic shows an increase in cyber threats as cybercriminals try to take advantage of users working remotely. What most users may not realize is that they could be making it easier for threat actors to target them. Here’s how: Every time a user posts a picture of his or her remote office setup on social media or participates in a videoconference, the user unwittingly may be revealing personal or company information that threat actors can exploit. In an opinion piece published by the Wall Street Journal, a cybersecurity expert warned about the... Continue reading

When it comes to (ISC)² certification exam prep, there is no shortage of choices – especially for the CISSP and CCSP credentials. With so many options, where’s the assurance that you’re putting your time, faith and money into a vetted training resource? It’s an excellent question. So let’s break down three key distinctions between (ISC)² Official Training from an authorized provider versus training from an unauthorized company. Because the right source can make all the difference in crushing your certification goal – and protecting your investment. (ISC)² Authorized Instructors Taking on the globally recognized CISSP or CCSP demands commitment and... Continue reading

The original article by Diego Delfino can be found at https://delfino.cr/2020/05/caso-maze-bcr-expertos-comparten-reflexiones-lecciones-y-sugerencias Óscar Monge España, founding member of (ISC)² chapter Costa Rica has 16 years of experience in multiple fields of cybersecurity, such as incident response, threat intelligence, risk management and vulnerability management at the corporate level and in the cloud methodology Agile and ITIL, information security expert and cloud security professional. His work in the field led him to obtain the award as the best security participant for America (America’s ISLA) awarded by the renowned organization ISC2 in 2017. He currently works for RaboBank in The Netherlands as a cybersecurity... Continue reading

El artículo original fue publicado por Diego Delfino en: https://delfino.cr/2020/05/caso-maze-bcr-expertos-comparten-reflexiones-lecciones-y-sugerencias Óscar Monge España, miembro fundador de (ISC)² capitulo Costa Rica, tiene 16 años de experiencia en múltiples campos de la ciberseguridad, como lo son la Respuesta de Incidentes, Inteligencia de Amenazas, Manejo de Riesgos y Manejo de vulnerabilidades a nivel corporativo y en la nube, metodologías ágiles e ITIL, experto en seguridad de la información y profesional en seguridad en la nube. Su trabajo en el campo, le llevó a obtener el galardón como el mejor practicante de seguridad para America (America’s ISLA) otorgado por la reconocida organización (ISC)² en... Continue reading

Amid easing COVID-19 lockdown measures, exam and training centers are opening up. As Thiago Earp from Firebrand Training explains, it will soon resume training at its dedicated facility, starting with courses for the (ISC)2 CISSP certification. Training and examinations have been impacted by the outbreak of COVID-19. Understandably, classrooms and testing centers have had to pause around the world as part of efforts to combat the virus. In the UK, lockdown restrictions are easing and allowing a multitude of businesses and services to resume physical operations. Lockdown easing is allowing testing and training to return, albeit with some changes to... Continue reading

There is no question that now is a great time to break into cybersecurity as a career. (ISC)² research shows the shortage of skilled security resources is approaching 3 million globally. Getting into this line of work can be approached from many different angles. Whether you are an experienced professional looking to make a pivot into security or a college student exploring the field, the right preparation, network and credentials can make all the difference. We asked three cyber professionals about their journey into security and the advice they would give to up-and-comers in the field. Here’s what they shared.... Continue reading

Understaffing in cybersecurity teams remains a major challenge for organizations, with 62% of respondents in a recent ISACA survey saying they are struggling with it. And even though the number of understaffed organizations fell by seven percentage points from last year, staffing issues are making some organizations more vulnerable to cyberattacks. Concerns over the ability to respond to threats are widespread, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report, which gathered responses from 2,000 respondents in 102 countries. Only 21% of respondents in “significantly understaffed” organizations say they are completely or very confident in their organization’s ability... Continue reading

With breach rates growing and cyberattacks becoming a daily occurrence for business, IT leaders are looking to beef up their security teams. This is good news for anyone who is considering a career in information security. But as new talent begins to navigate breaking into the field, many may wonder: What skills should I focus on developing for a security career? Most security hiring managers are looking for a blend of skills and backgrounds. Here are 10 things you need to enter the cybersecurity workforce today. Technical prowess While some career paths in security may not require technical skills, many... Continue reading

Demand is up for cybersecurity solutions and services as businesses try to cope with the effects of the COVID-19 pandemic. In a survey of technology firms, industry association CompTIA found that customer inquiries regarding cybersecurity were up by 36% in April -- second only to inquiries about communications, collaboration and A/V technologies. The increased demand for cybersecurity and collaboration technologies makes sense in light of the sudden increase in work-from-home (WFH) numbers. The ranks of remote workers shot up as a result of stay-at-home and lockdown directives issued by governments in efforts to manage the spread of COVID-19. Recent (ISC)2... Continue reading

(ISC)² has sent a letter to Senator Jacky Rosen (D-NV) in support of proposed bipartisan legislation that would direct the Secretary of Commerce, in coordination with relevant agencies, to establish “grand challenge” competitions to achieve high-priority breakthroughs in cybersecurity, including expanding our cybersecurity workforce, defending against artificial intelligence threats, and protecting our nation against cyberattacks. The proposed Cyber Leap Act of 2020 can be read here: https://www.commerce.senate.gov/services/files/60A3EF97-3FE3-47D9-A5B9-04E2A8AE2200 In a press release issued by Senator Rosen, who is a member of the Committee on Commerce, Science, and Transportation, she said about the bill: “We put our nation at risk if we... Continue reading

Appropriate experience is one of the biggest hurdles to overcome when trying to land a job in information security. In fact, a poll from Tripwire finds most job seekers (80%) say they need more experience to be considered for many of the roles they apply for in infosec. The survey, conducted via Twitter, also found lack of certification or appropriate training (20%) were other issues keeping people from security jobs. There’s no question landing that first gig in security can be difficult. But there are practical ways to stand out and get the attention of hiring managers, even without a... Continue reading

As published in the March/April 2020 edition of InfoSecurity Professional Magazine By Shaun Aghili, DBA, CISSP-ISSMP, CCSP, CISA and Bobby Swar, Ph.D. In May 2018, two major banks in Canada—Bank of Montreal and Canadian Imperial Bank of Commerce—received email threats from malicious hackers claiming to have gained access to customers’ sensitive information. The attackers demanded $1 million in cryptocurrency from each bank or they would publicly release customers’ information. The successful attacks on these banks led to 90,000 customers’ account information being compromised and an undisclosed amount of money lost as the result of the security breaches. In recent years,... Continue reading

It’s a great time to work in cybersecurity. Demand for security professionals continues to grow, and the need for qualified people with certain security certifications is strong. But getting that first opportunity to work in security can be challenging. That’s because security is a field where personal relationships count just as much as experience and education. So how can you get a leg up and develop the qualifications necessary to land a job? Here are 5 suggestions for forging your path to gainful security employment. Train and Join an Association One of the first places to start when you’re preparing... Continue reading

Last week, (ISC)2 launched the annual Cybersecurity Workforce Survey and we need to hear from you. When the study is released later this year, it will be shared with government agencies and security policy makers, as well as referenced in countless media reports. The report is often used by organizations of all sizes around the world as a benchmark for security hiring strategies. To participate, please take the survey here: ow.ly/i23d50zEj6F Your participation in the survey will help shape the conversation around the cybersecurity workforce during the year to come. Build awareness for the issues that matter most to professionals... Continue reading

As published in the March/April 2020 edition of InfoSecurity Professional Magazine By Crystal Bedell Humans have long been touted as the weakest link in security. But in many ways that axiom oversimplifies the issue of the human element and makes end users collectively the bad guy when, for the most part, they’re only trying to do their jobs. Understanding why humans behave the way they do, and allowing them to inform a security strategy, can strengthen the human element so that people aren’t the weakest link but a helpful component of your security arsenal. “We put people in front of... Continue reading

(ISC)2 recently announced the CISSP certification has been formally recognized as comparable to the U.K.’s Master’s degree standard, following the completion of an independent benchmarking process. We’ve compiled information here to help members – especially those in the U.K. and across Europe – understand this achievement. What does the CISSP being assessed as comparable to the U.K. Master’s Degree Standard mean for me and other CISSPs? While the value and importance of a globally-understood cybersecurity certification is well known within the (ISC)2 community, reinforcing the meaning of the certification in relation to other forms of education, and professional distinction and... Continue reading

The needs of those pursuing a cybersecurity career are unlike any other field. Stress is high, and the knowledge and skills it demands are evolving and changing all the time. That’s why it’s a great idea to have a mentor to serve as a sounding board at critical points throughout your career. A mentor can provide feedback on career management that you might not find in a job and also help you forge relationships with key contacts in the industry. Here are three key steps to cultivating this important professional relationship. Do Your Research Before you even try to find... Continue reading

There has never been a better time to become an information security professional. According to the U.S. Bureau of Labor Statistics, the demand for security experts is expected to grow exponentially through 2028. So, what are the hottest attributes employers are seeking out in 2020? Here are 5 of the most sought-after skills companies want for their security and IT teams today. Cloud Security Businesses are increasingly moving workloads to the cloud, and it has become an integral part of IT strategy that is only expected to grow. IDC predicts public cloud adoption will reach nearly $500 billion in just... Continue reading

So, you’ve decided you want to break into cybersecurity but have no relevant experience. The bad news is experience is important when it comes to working in this field. But that doesn’t mean finding your first job will be impossible either. The cybersecurity field continues to grow each year, and hiring managers are looking for varied skill sets to fill security roles. However, you will need to demonstrate you have other things to offer in lieu of years on the job in security. How do you do that? By getting creative. Here are 5 ways to stand out as a... Continue reading

When asked about changes experienced due to COVID-19, almost half (47%) of cybersecurity professionals polled by (ISC)2 said they have been reassigned to IT tasks. These findings are part of the (ISC)2 Cybersecurity Pulse Survey, in which 256 cybersecurity professionals shared insights on their current work situations during the first several weeks of their organizations’ response to the COVID-19 pandemic. Reassigning cybersecurity workers appears to be one of the ways companies were, at least initially, trying to cope with the increase of employees working from home. The move comes as threat actors seek to exploit organizations’ broader attack surfaces, as... Continue reading