By Diana-Lynn Contesti (Chief Architect, CISSP-ISSAP, ISSMP, CSSLP, SSCP), John Martin (Senior Security Architect, CISSP-ISSAP, CISM, Open Group Certified Architect Master) and Richard Nealon (Senior Security Consultant, CISSP-ISSMP, SSCP, SABSA SCF) Cybersecurity professionals are often faced with making difficult decisions under intense pressure with the potential of long-term effects on the business. Over time, this stress can weigh on cybersecurity pros and potentially cause “burnout” among employees as well as long-term psychological effects. What can be done to prevent burnout among employees and how can we support our fellow colleagues? These questions are becoming more prevalent in the industry as... Continue reading

In 2018, the UK’s Department for Digital, Culture, Media and Sport (DCMS) funded the creation of the UK Cyber Security Council, which launched in March 2021. The UK government will look to the council as the authority on the cyber profession as it works to implement and enforce consistent standards for the industry. In January 2022, DCMS issued a public consultation on proposals to develop the cybersecurity profession in the UK. The proposal looks to provide clarity to the industry by looking at similar established fields such as accounting, law, and engineering that already have professional standards and pathways in... Continue reading

Finding qualified cybersecurity personnel is never easy. Recruitment has become an even bigger challenge in the last two years as workforce shortages intensified and corporate networks expanded into employees’ homes. Worldwide, 60% of organizations say they are struggling to recruit cybersecurity talent, while 52% struggle to retain qualified people, according to a new report by Fortinet. The report is based on a survey of 1,223 IT and cybersecurity decision-makers across the globe. The struggle has a cost: 67% of respondents say the cybersecurity talent shortage creates additional risks for their organizations. Already, 80% of organizations have suffered at least one... Continue reading

Have you ever considered joining the (ISC)² Board of Directors? Our all-member and all-volunteer Board of Directors give their time and expertise to help guide our association forward and lead us in our vision of Inspiring a Safe and Secure Cyber World.  New this year, (ISC)² is hosting an open call for self-nominations for its available (ISC)² Board of Directors positions. All (ISC)² members in good standing and interested in serving are encouraged to submit their applications before June 12.  This new process enables more (ISC)² members to step forward and volunteer for the Board by submitting their nomination. This... Continue reading

By Ruchika Sachdeva, CISSP, Certified Lead Auditor ISO 27001, Partner Trainer ISO 27001 with PECB. With the advent of the pandemic, the plethora of enterprises has turned inside out. The accelerated digital business has led to an exponential increase in cognition of both the service providers as well as the user community. Nevertheless, the hacktivists (a combination of hacker and activist) have found a persistent playground to play their part and constantly outsmart modern cyber security technologies. As per the Cost Of Data Breach Report (CODB), there has been 10% increase in the average total cost of a breach, 2020-2021.... Continue reading

By Jon France, CISSP, CISO at (ISC)². Following our last quarterly meeting with our Board of Directors, Jon began to think about what a CISO should present, how to present it and, of course, what you hope the key takeaways are. Board priorities are clear – protect the organisation, discharge duty of care, grow the business and set or correct strategic direction, but what and how does the CISO tell the board what the cyber landscape is? The purpose of a Board – like the (ISC)² Board of Directors – is to consider strategic directions, bring expertise, balance risk and... Continue reading

On August 1, several changes will be made to the CCSP exam. We are excited to share that the CCSP exam will be available in four more languages. Currently, the CCSP exam is available in English and Japanese. We will also be offering the CCSP exam in Chinese, Korean, German and Spanish beginning in August. In addition to these new languages, we will be updating the length of the CCSP exam. As announced earlier this year for the CISSP exam, 25 pre-test (unscored) items will be added to the exams in all languages. These items do not impact the pass/fail... Continue reading

The (ISC)² Hellenic Chapter was awarded the bronze award for its initiatives and activities in the category of Public Cybersecurity Awareness at the Greece Cybersecurity Awards 2022 by Boussias. The event, a first of its kind in Greece, highlighted two cybersecurity categories: Cybersecurity Projects Per Industry Sector and Cybersecurity Projects Per Solution. The chapter was one of the winners among 33 awards given. The chapter was recognized for its efforts in promoting awareness of cybersecurity to the public and creating educational materials to train children and families. The (ISC)² Hellenic Chapter members volunteer and work together to provide free trainings... Continue reading

By John Iliadis, PhD, CISSP-ISSMP, CMgr MCMI, CRISC. John is an IT Infrastructure Manager; he also serves as a Board Member of (ISC)² Hellenic Chapter. Opinions expressed herein do not express the views or opinions of any third party or employer. Cloud migrations probably evoke emotions of love and hate at the same time, to most cybersecurity professionals. Going cloud (or not) presents a kind of dilemma that was first expressed some 400 years ago. Hamlet was the first one, To Cloud or Not to Cloud? The past ten years have been a turbulent period. Global financial crises emerged, while... Continue reading

Duncan Jones, Head of Cybersecurity for Cambridge Quantum, recently spoke with Fierce Electronics about quantum cybersecurity and where it’s headed. In the interview, Duncan referred to quantum as “a boogeyman for cyber,” but said “it’s also going to help us as well.” With rapidly advancing technology, as many as 80% of cyber pros believe that quantum computers will become powerful enough over the next few years to break current encryption methods. For organizations looking to prepare for the threat of quantum and figure out the best path forward, Duncan will be presenting on how to protect your organization against threats... Continue reading

Malicious cyberattacks increased exponentially in 2021. A record number of almost 850,000 complaints related to cybersecurity were recorded by Americans last year resulting in close to U.S. $7 billion lost, according to the FBI’s Internet Crime Complaint Center (IC3). Among the types of cybercrimes reported to the FBI, ransomware is on the rise and becoming more sophisticated in recent years while remote work and schooling are more prevalent. For those unaware, ransomware is a malicious software (malware) that makes a computer unusable while a cyber criminal holds data hostage until they are paid. The Cybersecurity & Infrastructure Security Agency (CISA)... Continue reading

Great team members like yours help our cybersecurity community share education, host stellar events, create a sense of community and continue to grow. The (ISC)² Global Achievement Awards honors these contributors annually. This year’s award winners will be highlighted during (ISC)² Security Congress being held in person in Las Vegas and online globally, October 10-12. The (ISC)² James R. Wade Service Award highlights the engagement of volunteers who merit special distinction for their sustained and valuable service to (ISC)². Those who volunteer to support the greater cybersecurity community to help promote a safe and secure cyber world are valued in... Continue reading

Volunteering is at the heart of the mission of (ISC)². The individuals who offer their time, skills and knowledge positively impact their community helping create a safer and more secure cyber world. We want to highlight some of our volunteers, the impact they make on the cybersecurity profession and the world at large during annual Volunteer Appreciation Week. We interviewed Lisa Vaughan, CISSP to discuss her cybersecurity career, the various volunteer roles she has held at (ISC)² and the impact volunteering has on her life. Lisa is the Executive Director, Information Technology for Hexagon U.S. Federal. In addition to holding... Continue reading

April’s event calendar kicked off with (ISC)² SECURE London, a return to regional events for (ISC)² members and a conference that took place amid an unprecedented time for our industry and for practitioners. A global skills gap of over 2.7 million, years of disruption due to the pandemic and unprecedented digital transformation, geopolitical strife at the doorstep of Europe generating global cyberattack fallout and profound changes in the threats being faced and the technologies, tools and tactics that counter them. The day began with a keynote from Chris Ensor, Deputy Director for Cyber Skills and Growth at the NCSC. Ensor... Continue reading

By Samuel Rugi, an MSc Information technology (Security), Certified Information Security Professional (CISSP), Certified Information Security Management (CISM), Cybersecurity Mentor at the Cyversity Organization and a Co-Chair Leadership LaunchPad at Technology Association of Oregon. Key Items to Consider for an Impactful Security Awareness Agenda 1 - Identify and understand security drivers and what they mean to the business. Confidentiality Integrity Availability 2 - Interlink those critical drivers with the following security themes. People Technology Data and Privacy Processes 3 - Understand the business environment. Threats Customers Public Community (Local, Regional, Continental and Global) Governance Structures Political, Social, Religious and Economic... Continue reading

(ISC)² Organizational Statement in Opposition of Anti-DEI Legislation As the world’s foremost cybersecurity professional organization, (ISC)² is leading the charge to ensure our profession reflects the diversity of the world we serve. Diversity, equity and inclusion are strategic priorities for the individuals and organizations (ISC)² represents, and we believe that inspiring a safe and secure cyber world means ensuring a diverse, equitable and inclusive cybersecurity profession. Today, our profession does not reflect the world we live in, and at the same time, the current Cybersecurity Workforce Gap as tracked by the (ISC)² Cybersecurity Workforce Study reports unfilled demand for more... Continue reading

By Greg Anderson, (ISC)² Associate is an emerging cybersecurity professional with an interest in digital privacy. The U.S. Postal Service is in trouble. It’s $63 billion dollars in debt, and is expected to lose another $160 billion over the coming decade. Lawmakers are scratching their heads about how to pull it out of its deepening hole. Ideas to expand USPS revenue streams include offering check-cashing services, utility bill payments and selling bonds. What about something more innovative? To offer a more contemporary service, USPS can borrow an idea from the big tech playbook. Here’s how it would work: the postal... Continue reading

In 1970, April was designated Autism Awareness Month and in recent years has been expanded to be known as Neurodiversity Awareness Month. (ISC)² is excited to celebrate all the different ways our brains navigate the world in which we live and work. But what does “Neurodiversity” mean? There are three aspects that we must first define: Neurodiversity refers to the fact that people experience and interact with the world differently from each other. The Neurodiversity Movement is a social justice movement that aims to increase acceptance of, and destigmatize, neurodivergence. It seeks civil rights, equality, and full social inclusion for... Continue reading

Angel Sayani is making her mark in the cybersecurity world at just 19 years of age. She already holds several industry certifications including Associate of (ISC)², Cloud Security Alliance’s CCSK and eight from CompTIA. Passing all of them within seven months. She is also the founder of IntellChromatics Inc., a Security-as-a-Service (SECaaS), software ML and application-AI robotics company and published the app Glitter Funny Stickers on Google Play. We spoke to Angel to gain more insights into her passion for cyber and what she’s looking forward to in her career. What prompted your initial interest in cybersecurity? I was reading... Continue reading