By Paul Lanois, SSCP, CIPP, CIPT, CIPM and Eric Tierling, CISSP, CIPP/E The landscape of privacy and related legislation in the United States continues to get more interesting. Despite the California Consumer Privacy Act (CCPA) being the talk of the town for privacy and security professionals, New York also put something noteworthy in place, called the “Stop Hacks and Improve Electronic Data Security Act,” or SHIELD Act, in short. Not only is it relatively prescriptive, but it also encompasses cybersecurity obligations that are particularly relevant for security professionals. The SHIELD Act of New York was signed into law in July... Continue reading

Continuing education allows cybersecurity professionals to stay in tune to the constant changes in the industry. (ISC)² provides webcasts throughout the year on various security-related topics to help keep you informed, as well as provide opportunities to earn CPEs. Based on ratings by cybersecurity professionals, here are our top 10 webcasts from 2019: Ransomware Tools Continue to Increase Ransomware continues to be a widespread problem for organizations. Defending against such attacks are paramount for security teams at businesses small and large. Hear about the latest information concerning many of the leading ransomware threats, as well as updates on the state... Continue reading

As published in the September/October 2019 edition of InfoSecurity Professional Magazine By Wesley Simpson, COO There’s an untapped resource hiding in security departments that many of us may consider an intangible or even undefinable asset. When strengthened, it can have a drastic effect on an organization’s security and contribute to its overall value stream. I’m talking about building a strong culture within your cybersecurity team. There are some very tangible practices you can deploy within your team that can have a huge impact on engagement and satisfaction and make your business more secure at the same time. One way to... Continue reading

As published in the September/October edition of InfoSecurity Professional Magazine By Deborah Johnson Advice on how to mitigate a sudden job loss due to redundancy, recession or ‘rightsizing’. Diana Contesti was a business continuity planner at a major steel manufacturer in Hamilton, Ontario, when a recession hit the Canadian steel industry in the early 1990s. The economic contraction forced companies to cut jobs. Her employer called it “rightsizing” when leadership announced it would cut approximately 3,000 positions. The layoffs were based on seniority by department, and based on that criterion, Contesti knew she was out. “I was extremely worried. I’m... Continue reading

Security Congress 2019 was our largest and most in-depth cybersecurity education conference to date. Held over the course of three days in October, the event was jam-packed with more than 180 sessions (covering 18 tracks), over 200 speakers and headline-worthy keynote speakers. There was a 32% increase in overall registration from the previous year and 58% of all attendees were attending (ISC)2 Security Congress for the very first time. Attendees from more than 50 different countries came together to network and learn from their colleagues in the cybersecurity field. In addition to learning about such topics as Cloud Security, Cyber... Continue reading

By David Shearer, CISSP, (ISC)² CEO As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly changing, so it seems right that 2019 was no different for our association. We began the year by officially launching our Professional Development Institute (PDI) as part of our mission to deliver even more value to our members. We wrapped up the year strong with our international Security Congress – our largest yet in attendance and number of programs... Continue reading

By Lee Kim, JD, CISSP, CIPP/US, Director, Privacy and Security, HIMSS The most valuable part of the healthcare system is the patient. Patient safety is paramount in the healthcare sector. With the digitization of healthcare information, the free flow of information comes at a price. We need to be responsible stewards of healthcare information. Patients entrust us with their healthcare information and their lives. Those of us in the healthcare cybersecurity field have the unique task of protecting and securing patient information yet ensuring that the information is available on demand—especially when critical, life threatening situations arise. The Vulnerabilities of... Continue reading

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for SSCP will be reviewed in early 2020. In preparation for the upcoming review, we would like to hear from our SSCP members regarding new and emerging IT cyber security issues... Continue reading

Last week, LinkedIn released its third-annual Emerging Jobs Report, which highlights the fastest-growing jobs around the world. Topping the list in the United States is Artificial Intelligence Specialist, with 74% annual growth over the past four years. “This is the third year in a row a role related to machine learning or artificial intelligence has topped the list, and we can only expect demand to increase,” says Guy Berger, the principal economist at LinkedIn. AI is now applied across a variety of industries, including computer software, information technology and services, higher education and consumer electronics to name a few. Indeed.com... Continue reading

Cybersecurity professionals face plenty of challenges in their work – there’s always something new to learn, cyber attackers are relentless and security teams are usually short-staffed. Still, nearly two-thirds of cybersecurity professionals (66%) say they are satisfied with their jobs. But that number jumps to 72% among cybersecurity workers whose employers pay for their certifications, according to the 2019 (ISC)2 Cybersecurity Workforce Study. For professionals whose organizations pay for only part or none of their certification costs, the number drops to 63%. This is an important finding for employers who are trying to build their cybersecurity teams. Currently there is... Continue reading

Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018.... Continue reading

(ISC)² members and associates have an exclusive opportunity to win a Nintendo Switch while earning CPEs. This participation-based contest is running until the end of December – just in time for the holidays. Fifteen winners will be chosen. Steps to complete in order to be entered to win: Members and associates must fill out a registration form for December entries, even if there has been a previous entry. Complete any (ISC)² PDI free online courses by December 31, 2019. Score at least 70% on the final assessment. Submit an end-of-course evaluation for each course completed. Participants can earn additional entries... Continue reading

by Dr. Chris Veltsos, CISSP (ISC)² Security Congress wrapped up four weeks ago. The event sported world-class keynotes and also had many great sessions. This article shares some reflections on Captain Sully’s keynote, and his message to all of us information security professionals. A Perfect Fit for Cybersecurity The opening keynote at the 2019 (ISC)² Security Congress could easily be mistaken for a figure larger than life. Captain Sully’s story is one of calm in the face of chaos, with the result being that everyone on board that fateful flight was able to get out alive. As some of the... Continue reading

Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row. The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S.... Continue reading

By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. In the previous post, we discussed the growing influence of digital authoritarianism, which has now contributed to nine consecutive years of a decline in internet freedoms across the globe. We’ll now turn to two other competing global influences that are further shaping data... Continue reading

By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. On October 29, the internet turned 50. Despite original aspirations of a free and open internet, the modern internet is increasingly segmented and shaped by political boundaries. Included within broader technological shifts such as 5G, artificial intelligence, and the internet of things, these... Continue reading

Unlike doctors or engineers, most cybersecurity professionals didn’t set out to work in their chosen field. In fact, more than half started their careers elsewhere and eventually made the move to cybersecurity. But once they make the move, most decide to stay. Nearly two thirds of cybersecurity professionals (65%) intend to stay in the field until they retire, thanks to high demand for their skills and the challenging nature of the work, according to the (ISC)2 Cybersecurity Workforce Study, 2019. The desire to stay indicates most are finding fulfillment in the field, even if working in cybersecurity wasn’t their original... Continue reading

Gender diversity in the cybersecurity industry is a key issue as we seek to create a larger, more representative, balanced and welcoming industry for all. As the (ISC)2 2019 Cybersecurity Workforce Study revealed, a global shortage of more than four million trained cybersecurity professionals exists, and women represent just 30% of the current workforce, meaning recruitment and advancement of women is a strategic imperative to limiting, if not closing, the gap. A separate report by (ISC)2 published earlier this year highlighted the surge of women into senior roles, but confirmed that there remains much more work to do to both... Continue reading

As organizations struggle to staff their cybersecurity teams, new (ISC)2 research reveals they also may be suffering from an imbalance in the distribution of team member roles. Positions that currently appear overstaffed include compliance, forensics and operational technology security while jobs in security operations, security administration and risk management seem to be understaffed. This creates a need for CISOs and cybersecurity managers to take a close look at their teams and figure out what adjustments to make. Keeping too many people in certain roles while understaffing other positions potentially makes it harder for an organization to build and maintain effective... Continue reading

As organizations struggle to fill cybersecurity vacancies due to a worldwide shortage of 4 million professionals, they should consider implementing strategies to attract qualified candidates and prevent experienced staff from leaving. The (ISC)2 Cybersecurity Workforce Study 2019 lays out four strategies organizations should consider: Address cybersecurity team members’ needs with training and career development opportunities. Properly set internal expectations about applicant qualifications to widen the search for candidates as much as possible. Target recent college graduates and workers with degrees relevant to cybersecurity. Grow your cybersecurity team from within with further development and cross-training opportunities. All of these strategies are... Continue reading

The (ISC)² Chapter Recognition Awards are presented to official regional chapters of (ISC)² that best promote the vision of (ISC)² by inspiring a safe and secure cyber world. The chapters demonstrate a well-rounded offering of activities and services designed to benefit members and affiliates, while making a significant contribution to the profession and their local community through the core focus areas of the (ISC)² Chapter Program of Connect, Educate, Inspire and Secure. (ISC)² chapters self-nominated by completing a questionnaire on their accomplishments. Members of the newly formed Chapter Advisory Committee reviewed and scored the entries, and the top-rated chapter in... Continue reading

The cybersecurity industry in the United States and 10 other major global economies currently employs 2.8 million professionals. But the industry continues to struggle with a significant workforce shortage, and it would take another 4 million professionals to close the gap. That would mean an increase of 145% cybersecurity workers, according to the findings of the (ISC)² Cybersecurity Workforce Study 2019. The study, released this week, represents the first estimate of how many people are employed in cybersecurity. Countries covered by the study are the U.S., U.K., Canada, Germany, France, Australia, Singapore, Brazil, Mexico, Japan and South Korea. According to... Continue reading

On November 1, 2019 CNBC’s Nightly Business Report featured the growing need for qualified cybersecurity workers in their “Help Wanted” segment. The (ISC)2 Cybersecurity Workforce Study, 2019 served as the foundation of this story, which pointed to the newly reported shortage of 4 million trained cybersecurity professionals worldwide. Cybersecurity analyst Mandi Ingersoll of TDI Security, a cybersecurity firm in Washington, D.C., began her career in cybersecurity in the U.S. Navy. She chose to stay in the field after retiring from military service. “It’s interesting because it’s always something new.” TDI’s CEO, Paul Innella, CISSP-ISSMP says the firm has had trouble... Continue reading

Human Spirit Admiral William H. McRaven (retired) was one of the speakers at (ISC)2 Security Congress who received a standing ovation. Another was Eric Wahl, an artist and best-selling author, who delivered the lunch hour keynote on the second day. He mesmerized the audience by painting portraits of Michael Jordan, John Lennon and Albert Einstein to heart-pounding music in a matter of minutes. He urged attendees to let the human spirit drive them even as they increasingly rely on digital tools, data, analytics and automation to do their job of protecting people and organizations. Wahl talked about the importance of... Continue reading

Sometimes you need a boatload of people to help you through. It’s a lesson Admiral William H. McRaven (retired) learned after a parachute accident that left him bedridden for months. The accident happened while he was participating in a Naval Special Warfare exercise involving a 1,000-foot free-fall jump. McRaven, who served as the ninth commander of the U.S. Special Operations command from August 2011 to August 2014, got both legs tangled in his parachute because another parachutist was underneath him and opened his chute into McRaven’s falling body. When McRaven opened his own chute, his legs became tangled and the... Continue reading