In cloud computing environments, files are not stored in a hierarchical way. Most cloud architectures use a combination of splitting data vertically, horizontally and replication to improve response times, scalability, availability and fault tolerance. This is called object storage. Objects are accessible through APIs or through a web interface. Object storage introduces new challenges related to data consistency, which are not present in relational databases. One of the more fundamental decisions cloud professionals need to make is whether they will choose eventual consistency for data in corporate systems or strong consistency. Selecting a data consistency model is a decision that... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In this installment, we talk Chinyelu Philomena Karibi-Whyte. Chinyelu shares with us why she pursued CISSP and how achieving it enabled her to develop her career and negotiate a better salary. What job do you do today? I am a Cyber Security Consultant within the Cloud Infrastructure... Continue reading

When it comes time to decommission data storage systems, there is much that must be planned and thoroughly carried out. It’s not just about the activity, it is also about due diligence, oversight, and proof. Data that appears to have been deleted is often still recoverable, and in many cases, people make mistakes, such as forgetting a second backup exists somewhere else, or forgetting to verify that a destruction has been successfully and completely deployed. Human errors like this are referred to as unintentional insider threats, since they lead to the potential of data theft, litigation, and penalties. It is... Continue reading

By deciding to take the CISSP exam, you’ve chosen to further your education and showcase your knowledge and experience by achieving the world’s premier cybersecurity certification. Soon, you will join the ranks of more than 147,000 global leaders committed to a safe and secure cyber world. Make a Timeline As you prep for your CISSP exam, first consider your experience level and determine a timeline that fits for your current workload and lifestyle. The amount of time you need to dedicate to studying can vary based on your experience. Do you have questions about creating a CISSP study plan? Learn... Continue reading

Where do you begin your journey in InfoSec? What do you need to study? How do you even get started in a vast field with so many areas, and so many opportunities? These questions often haunt a new InfoSec candidate, sometimes causing them to freeze, doing nothing for fear of taking the wrong path. Everywhere you look, it is apparent that cloud computing is not only the future of Information Security, it is happening right now. If you are asking the question of where to begin, there is no better place to look than cloud security. Along with that, while... Continue reading

According to a new report from Cybereason, 89% of global companies are concerned about repeat cyberattacks ahead of the holiday season, but, surprisingly, only two-thirds have a cyber response plan. Concerns that attackers will strike over the holidays are valid, as cybersecurity researchers have observed a year-over-year uptick in cybercriminal activity on Black Friday through Cyber Monday. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have previously issued warnings that they’ve observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.” Furthermore, the volume of ransomware attacks is up significantly. Unit 42, the Palo Alto... Continue reading

Insiders can become a real threat to organizations migrating to the cloud because they do not have to breach any external security fences. Insider threats could either come in the form of a human error or as a malicious action. Human errors in cloud security configurations could result in sensitive data and asset disclosure, loss or theft. On the other hand, malicious insiders misuse authorized access to an organization’s cloud assets to overcome security controls and launch their malicious actions. Insiders are a growing risk to cloud security because insider attacks are hard to detect and respond to and they... Continue reading

For cybersecurity professionals, baseline management is vital because any asset not properly configured can become a security vulnerability. Baselines are fundamental to managing projects of all types and this is especially important in cybersecurity, where everything is a race against time and against very guileful opponents. Although baseline management seems like time-consuming “record keeping,” it is in fact the only way to know where you are, how your assets are operating, what has changed, and what needs to be changed. Not only does this help ensure the safety and security of the assets under your watch, it also helps with... Continue reading

Are Employer Demands Contributing to the Cybersecurity Skills Gap? You’ve seen the job posting. It starts, “Looking for a cybersecurity specialist. Must have a master’s degree, certifications and 10 years of experience,” followed by, “This is an entry-level position with non-compensated job shadowing requirements.” These unrealistic expectations are the obstacles many cybersecurity professionals face once they complete their studies and rigorous exams. It’s an unfair barrier to entry. Clearly, hiring a person to work in any department in any organization is a risk. It costs money to locate, attract, assess, interview, hire, onboard and train someone, and it’s many months... Continue reading

The mounting cybersecurity challenges facing organizations worldwide show no sign of slowing. Not only the shortage of qualified cybersecurity staff but also the lack of security awareness and skills among employees remain the biggest concerns, according to the 2021 Cloud Security Report by Cybersecurity Insiders. Global need for cybersecurity experts specializing in cloud security is growing demand for certification. But with so many credentials out there, which most effectively demonstrates the broad knowledge and skills required to secure any cloud environment? Let’s compare three leading certifications: (ISC)² Certified Cloud Security Professional (CCSP) vs. Symantec Certified Specialist-Administration of Symantec Cloud Workload... Continue reading

(ISC)² Security Congress 2021 was a big success with more than 3,000 virtual attendees participating live and viewing 125+ educational breakout sessions on demand as well. During and after the show, we prioritized getting feedback on improving attendees’ conference experience year over year. We heard your feedback and are happy to share that we will host (ISC)² Security Congress 2022 in Las Vegas, NV, October 10-12, 2022, at Caesars Palace and virtually. What’s In the Works for 2022 Star keynotes with marquee value 100+ educational sessions on trending cyber topics CPE credit opportunities Exclusive (ISC)² networking Career guidance and resources... Continue reading

Internet of Things (IoT) devices are now everywhere. Ever since the earliest devices started to appear on the market, in homes, and worse, in corporations, security professionals have sounded the alarm about how these devices were built with no security in mind. Now, the National Institute of Standards and Technology (NIST) has released new draft guidance documents on securing these devices, both before release, as well as acquisition, and integration. These new publications will serve both corporations and consumers in a positive way. However, like any technical directions, the ideas set forth are only effective in capable and qualified hands.... Continue reading

To fill the cybersecurity workforce gap, we need to address the workforce shortage facing the industry, especially among entry- and junior-level positions. Creating an entry-level certification will help encourage new professionals to begin a cybersecurity career. After surveying cybersecurity experts on the most important domains, or subject matter areas, for new professionals, we have published the preliminary exam outline for the upcoming entry-level cybersecurity certification pilot program. This exam outline will allow the pilot program candidates to know which subjects they should be familiar with prior to taking the exam. Since this is an exam pilot program, topics are subject... Continue reading

(ISC)² currently supports more than 150 chapter groups in 50 countries with 32,000 members and growing. Chapter membership is open to all aspiring and current cybersecurity professionals encouraging connections on a local level. In joining an (ISC)² Chapter, you will find opportunities for mentorship, leadership roles, volunteer days, study groups and more. This year, the (ISC)² New Jersey Chapter has seen rapid growth through various recruitment efforts and word of mouth has made a stand-out mark within their geographical area, by increasing their membership by 400% within a year. The chapter has coordinated many successful meetings, generating deeper relationships and... Continue reading

Earlier this year, several (ISC)² members reached out to us regarding the candidate background qualifications that we ask all individuals as part of their endorsement process after passing an (ISC)² exam. The question on our eligibility review asked candidates: “Have you ever been involved, or publicly identified, with criminal hackers or hacking?” We heard you loud and clear. Being involved in “hacking” – especially in regard to learning how systems work, researching vulnerabilities or general curiosity and learning – doesn’t make you ineligible for (ISC)² certification. The use of the term “hacker” has changed significantly over the years, and we... Continue reading

Adoption and usage of the cloud is evolving to combine with technologies like artificial intelligence, the Internet of Things, 5G and more, according to Sid Nag, Research Vice President at Gartner. “In other words,” he says, “cloud will serve as the glue between many other technologies that CIOs want to use more of, allowing them to leapfrog into the next century as they address more complex and emerging use cases.” With cloud roles expanding and so many certifications out there, which option offers cybersecurity experts the flexibility to grow with the coming waves of opportunity? Let’s compare two popular options,... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In this installment, we talk to influential trailblazer Dr. Christine Izuakor. Christine shares with us her incredible story as the youngest student and first African-American woman to achieve a P.hD in Security Engineering, how she planned her journey to achieve her dream job and how her passion... Continue reading

Application programming interfaces (APIs) allow applications to communicate with each other, simplifying software development. Developers add functionality from other existing solutions or build applications using services by third-party providers. APIs have become the drivers for businesses digital transformation initiatives opening up their apps and data to partners, suppliers and customers. Besides their increased applicability and benefits, APIs are often the source of security concerns and threats because businesses fail to secure them. Surveys have identified that authentication, vulnerabilities and visibility are the key pain points, enabling malicious actors to exploit insecure APIs and turn them into attack vectors. Despite the... Continue reading

The Center for Cyber Safety and Education Julie Peeler Franz "Do It for The Children" Volunteer Award recognizes an individual who has significantly contributed to the betterment of internet safety. This year's distinction is awarded to Roela Santos of BAE Systems, Inc. for her long-time support of Center programs and leadership in developing the Raytheon, Engility, and SAIC cybersecurity scholarships, which have awarded $424,000 to 56 students over the past six years. Santos is the Vice President of Communications at BAE Systems, a global leader in defense technology and systems integration for the U.S. government and one of the world’s... Continue reading

This month, CEO Clar Rosso received a Cyber Futurist Executive Award during the 6th Annual Cyber Future Summit in Augusta, Georgia, U.S. The Cyber Futurist awards celebrate c-suite and boardroom leaders who recognize the importance of cybersecurity within their organization and community. These awards shine a light on senior level leadership who exemplify the importance of cyber resilience in all aspects of decision-making within their organization. During the presentation, Clar was introduced by Karl Mattson, CISO at No Name Security, as an “innovator that is representative of being a thought leader in the industry.” He further described Clar and the... Continue reading

Growing your knowledge and earning continuing professional education (CPE) credits has never been easier. The education platform (ISC)² Learn has been fully revised to provide an updated and improved user experience. This refresh includes an improved navigation process with easier access to your courses and support. When you sign in to your (ISC)² member account, visit My Courses to see the changes and view instructional videos designed to help you navigate your courses. Homepage Highlights The new navigation bar and welcome banner link to store, awards, support and FAQs. Courses are now sortable, allowing you to pin your favorites and... Continue reading

The global cybersecurity skills gap narrowed over the past year, from 3.1 million to 2.7 million people, and job satisfaction got a substantial boost, according to the newly-published 2021 (ISC)2 Cybersecurity Workforce Study. The narrower skills gap reflects an increase in people joining the field, the study found. “For 2021, our study estimates there are 4.19 million cybersecurity professionals worldwide, which is an increase of more than 700,000 compared to last year.” However, the gap in Asia-Pacific (APAC) was reduced by 500,000 this year, overshadowing the increased deficits in all other regions where the gap has actually increased. Roughly one-third... Continue reading

Different personality types, different approaches to life, and different styles of learning; these qualities are what make us all unique, helping us to add our perspective to make the world a better place. However, when trying to pass a rigorous exam, these distinctive qualities can seem like a hindrance, causing some to doubt their abilities to succeed. Fortunately, the people at (ISC)² recognize and celebrate that not all people have the same approach. (ISC)² has taken great measures to create study materials to meet a variety of learning styles, and needs, giving each candidate an equal chance of success. Whether... Continue reading

The (ISC)² Government Professional Award recognizes government cybersecurity leaders whose commitment to excellence has helped to improve government information security and advance an in-demand workforce. The recognition is given to individuals whose initiatives have improved the areas of technology, process/policy or workforce and has led to significant developments in the security posture of a department, agency or entire government. We had a chance to learn more about the 2021 (ISC)² Government Professional Award honorees and their contributions to a safer and more secure cyber world. Asia-Pacific Region (ISC)² Government Professional Award Honoree Group Captain Amorn Chomchoey, CISSP is Acting Deputy... Continue reading