A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only... Continue reading

While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of 500 executives. The report, “The Future of Cyber Survey 2019,” reveals a disconnect between organizational aspirations for a “cyber everywhere” future and their actual cyber posture. One area where this is evident is in budgeting, with organizations allocating only 14% of their digital transformation budgets to cybersecurity. Further evidence is how often cyber appears on the agendas of company board meetings. Cybersecurity makes it to the agenda of 49% of... Continue reading

Nominations are now open for the 2019 Information Security Leadership Awards Americas. The awards will be presented during a ceremony at (ISC)² Security Congress on Wednesday, October 30 at the Walt Disney World Swan and Dolphin Resort in Orlando and will be open to All-Access pass attendees. As this is the first global event in (ISC)² history, it is expected to be the largest Security Congress ever, with as many as 4,000 attendees. The ISLA Americas nominations are open to (ISC)² members and non-members alike who are working in North, South and Central America. The deadline to submit all nominations... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America Writing can be one of those professional development win-win activities that not only brings joy to the person engaged in it, but also brings knowledge, value — and yes, in some cases even joy — to the reader. All of us remember reading a particularly well-crafted sentence and thinking to ourselves “wow, that was well written.” You might have even thought “gee, I wish I could write like that.” Well, you probably can, but unlike in the movies, it probably won’t come to you in a full... Continue reading

Following the signing of a Multilateral Recognition Arrangement (MLA) signed last year that confirms the American National Standards Institute’s (ANSI) standing as an internationally respected accrediting body with rigorous standards, all nine (ISC)² cybersecurity certifications are now recognized by the International Accreditation Forum (IAF). The MLA applies to IAF accrediting bodies, including ANSI, and shows that the organizations they accredit all meet the same rigorous standards. According to a press release issued by ANSI, “Regional Accreditation Group members of IAF are admitted to the IAF MLA only after a most stringent evaluation of their operations by a peer evaluation team... Continue reading

The (ISC)² Cybersecurity Workforce Study is conducted to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions to issues facing the industry. The 2.93M workforce gap number has been reported on far and wide, but the gap is just one part of the report. It’s important that we focus on finding answers to the problems facing cybersecurity practitioners, management and organizations. In just a few weeks, we will be conducting our next round of research and we want to hear from you! We need the opinions and insights from professionals on the front... Continue reading

by Dr. Sanjana Mehta, Head of Market Research Strategy - EMEA May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the EU member states. It also has significant ramifications for companies outside the EU that hold personal information relating to EU citizens and organizations. Failure to comply with the GDPR can and will result in fines and other legal sanctions. The GDPR has already had... Continue reading

Whether you’re going for CISSP, SSCP, CCSP or another elite (ISC)² certification, the training route is an excellent way to prepare. (ISC)² certifications are highly regarded in the cybersecurity industry, and countless training companies offer exam prep for them. With so many options, it can be unnecessarily hard to make the right choice. Often, we think the more choices we have, the better. But too many cybersecurity training options have created confusion and led to false claims that border on unethical as companies compete for your business. When it comes to assertions trainer providers make about their courses for our... Continue reading

On May 21, (ISC)² COO Wesley Simpson was invited to join a panel of experts for testimony in front of the U.S. House of Representatives Committee on Homeland Security. The hearing, titled “Growing and Diversifying the Cyber Talent Pipeline” was a forum for committee members to ask witnesses for their observations and input on methods for growing the U.S. cybersecurity workforce and also for encouraging more minorities to join the profession. Mr. Simpson was joined on the panel by three other witnesses representing Grambling State University, The National Cybersecurity Institute at Excelsior College and McAfee. (ISC)² was approached by the... Continue reading

by Dr. Mansur Hasib, CISSP, PMP, CPHIMS Program Chair, Cybersecurity Technology, The Graduate School, University of Maryland University College In order for any discipline to advance and grow, each generation of established thought leaders must mentor and invest in the next generation. The new generation can infuse new ideas, varied approaches, and innovative new ways to explain and present material. This is exactly what happened in a dramatic way at the 2019 Secure Summit DC hosted by (ISC)² . John McCumber and Susan Lausch of (ISC)² invited me to organize a contingent of 30 graduate cybersecurity students and recent graduates... Continue reading

By Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America After many years of developing expertise in several technical domains, you’ve decided that this year you will invest more diligently into Group B CPE professional development activities. But how should you go about it? The official (ISC)² CPE handbook provides guidelines about the many options that will count towards Group B CPEs — and how much they will count — but figuring out how to prioritize the vast array of choices can be a challenge. After all, the field of possibilities is wide open, leaving us wondering... Continue reading

A debate is raging over who has the right to repair electronic equipment without voiding manufacturers’ warranties. On one side, companies such as Apple, Lexmark and Verizon are seeking to quash “right-to-repair” legislation; on the other, supporters of right of repair initiatives are accusing the tech industry of scare tactics. At issue is whether right-to-repair laws may impact cybersecurity considerations. Manufacturers argue cybersecurity would suffer by allowing unauthorized individuals to repair devices, however many cybersecurity professionals consider this claim an overreach. On May 2, cybersecurity advocacy group Securepairs.org issued a statement strongly supporting right-to-repair efforts. Declaring that “fixable stuff is... Continue reading

An Executive Order signed by United States President Donald Trump aims to grow the government’s cybersecurity capability, improve integration of the cybersecurity workforce between federal departments, and strengthen the skills of individual cybersecurity practitioners. The order, titled Executive Order on America’s Cybersecurity Workforce and signed by the president on May 2, creates measures to help federal agencies retrain workers interested in cybersecurity and requires agencies to adopt the National Initiative for Cybersecurity Education (NICE) Framework in government contracts. It includes an incentive component, creating an annual competition with cash rewards of at least $25,000 “to identify, challenge, and reward the... Continue reading

Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be... Continue reading

On April 16, at the World Forum in The Hague, The Netherlands, (ISC)2 COO Wesley Simpson provided closing remarks to summarize some of the key sessions from the two-day Secure Summit EMEA event as it was wrapping up. To give you a window into the kinds of topics addressed during the Summit, what follows is an excerpt from his address. [Edited for length] Now, to close out the 2019 (ISC)² Secure Summit EMEA, let’s take a few minutes to look back at what we can take away from this year’s event. I’ve had a chance to speak with many of... Continue reading

Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are... Continue reading

By Deshini Newman, Managing Director, EMEA, (ISC)² There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging. Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world's first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace... Continue reading

(ISC)²’s Professional Development Institute (PDI) launched earlier this year and aims to provide valuable, accessible education and training to cybersecurity professionals. One of the PDI courses currently available is Building a Strong Culture of Security. Like all PDI courses, it is free for (ISC)² members and associates, and available for purchase at $400 for the general public. Technology alone cannot protect an organization. It takes knowledgeable and aware team members to each do their part in ensuring critical assets are protected, and that goes beyond the security team. This self-paced, interactive course is intended for use by security professionals as... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America It’s easy to feel stressed, or conversely feel stuck in a rut, when it comes to the topic of professional development. We all know “we should/must do it” but aren’t exactly sure on how to go about it. And compared to security domain specific knowledge, skills, and abilities (group A CPE credits for holders of (ISC)² credentials), it’s easy to delay thinking and planning your activities regarding those strange group B CPE credits. Here’s to changing that reality, and in the process your mindset about their place... Continue reading

With more than 140,000 members around the world, (ISC)² has, quite literally, a lot of ground to cover to get face to face with our members. There are a number of opportunities to meet with the team coming up this year, starting just next week at Secure Summit EMEA in The Hague. Secure Summit EMEA will take place April 15-16 and is themed Enrich. Enable. Excel. The two-day event will feature the best minds in cybersecurity from across Europe, the Middle East and Africa. Keynote speakers include Felicity Aston, Dr. Dennis Broeders, Joseph Carson, Dr. Jessica Barker and Lorna Trayan.... Continue reading

The cybersecurity profession remains primarily a man’s world. But for how long? (ISC)² research reveals women are making fast gains in the industry, and as a group, they are setting their sights on leadership roles. Overall, female representation in the cybersecurity workforce has increased to about one quarter (24%), more than double the 11% estimate from 2016, according to (ISC)2’s Women in Cybersecurity report. The report is based on findings in the (ISC)² Cybersecurity Workforce Study 2018, and it uses different research methodology from the earlier study. For instance, it includes women who spend at least 25% of their work... Continue reading

By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry. Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation. In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle... Continue reading

Winner, winner, chicken dinner. That’s what was on the menu for (ISC)² at this week’s SC Awards gala event held in San Francisco, where the CISSP was recognized as the industry’s Best Professional Certification Program for 2019 by SC Media, which is coincidentally celebrating its 30th anniversary in the same year as (ISC)². The SC Awards are recognized throughout the cybersecurity industry as the crowning achievement for IT security, and winners are run through a rigorous judging process that includes testimonials, industry assessments and additional research. The CISSP was hand-picked by a panel of judges for its advancements in cybersecurity... Continue reading

Name: Jasmine Rodriguez Title: Managed Services Engineer Employer: KnowBe4 Location: Clearwater, FL Education: BA, Psychology from San Diego State University and Masters, Education from Vanderbilt University Years in IT: 3 Years in cybersecurity: 2 Cybersecurity certifications: SSCP, Associate of (ISC)², Security+, CEH How did you decide upon a career in cybersecurity? I found my way into the cybersecurity field a couple years after entering the workforce. I always had a passion for technology. My entry point was in a Network Operations Center where I soaked in knowledge quickly. How did you decide to pursue your CISSP? I utilized self-study materials... Continue reading