by Dr. Mansur Hasib, CISSP, PMP, CPHIMS Program Chair, Cybersecurity Technology, The Graduate School, University of Maryland University College In order for any discipline to advance and grow, each generation of established thought leaders must mentor and invest in the next generation. The new generation can infuse new ideas, varied approaches, and innovative new ways to explain and present material. This is exactly what happened in a dramatic way at the 2019 Secure Summit DC hosted by (ISC)² . John McCumber and Susan Lausch of (ISC)² invited me to organize a contingent of 30 graduate cybersecurity students and recent graduates... Continue reading

By Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America After many years of developing expertise in several technical domains, you’ve decided that this year you will invest more diligently into Group B CPE professional development activities. But how should you go about it? The official (ISC)² CPE handbook provides guidelines about the many options that will count towards Group B CPEs — and how much they will count — but figuring out how to prioritize the vast array of choices can be a challenge. After all, the field of possibilities is wide open, leaving us wondering... Continue reading

A debate is raging over who has the right to repair electronic equipment without voiding manufacturers’ warranties. On one side, companies such as Apple, Lexmark and Verizon are seeking to quash “right-to-repair” legislation; on the other, supporters of right of repair initiatives are accusing the tech industry of scare tactics. At issue is whether right-to-repair laws may impact cybersecurity considerations. Manufacturers argue cybersecurity would suffer by allowing unauthorized individuals to repair devices, however many cybersecurity professionals consider this claim an overreach. On May 2, cybersecurity advocacy group Securepairs.org issued a statement strongly supporting right-to-repair efforts. Declaring that “fixable stuff is... Continue reading

An Executive Order signed by United States President Donald Trump aims to grow the government’s cybersecurity capability, improve integration of the cybersecurity workforce between federal departments, and strengthen the skills of individual cybersecurity practitioners. The order, titled Executive Order on America’s Cybersecurity Workforce and signed by the president on May 2, creates measures to help federal agencies retrain workers interested in cybersecurity and requires agencies to adopt the National Initiative for Cybersecurity Education (NICE) Framework in government contracts. It includes an incentive component, creating an annual competition with cash rewards of at least $25,000 “to identify, challenge, and reward the... Continue reading

Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be... Continue reading

On April 16, at the World Forum in The Hague, The Netherlands, (ISC)2 COO Wesley Simpson provided closing remarks to summarize some of the key sessions from the two-day Secure Summit EMEA event as it was wrapping up. To give you a window into the kinds of topics addressed during the Summit, what follows is an excerpt from his address. [Edited for length] Now, to close out the 2019 (ISC)² Secure Summit EMEA, let’s take a few minutes to look back at what we can take away from this year’s event. I’ve had a chance to speak with many of... Continue reading

Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are... Continue reading

By Deshini Newman, Managing Director, EMEA, (ISC)² There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging. Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world's first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace... Continue reading

(ISC)²’s Professional Development Institute (PDI) launched earlier this year and aims to provide valuable, accessible education and training to cybersecurity professionals. One of the PDI courses currently available is Building a Strong Culture of Security. Like all PDI courses, it is free for (ISC)² members and associates, and available for purchase at $400 for the general public. Technology alone cannot protect an organization. It takes knowledgeable and aware team members to each do their part in ensuring critical assets are protected, and that goes beyond the security team. This self-paced, interactive course is intended for use by security professionals as... Continue reading

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America It’s easy to feel stressed, or conversely feel stuck in a rut, when it comes to the topic of professional development. We all know “we should/must do it” but aren’t exactly sure on how to go about it. And compared to security domain specific knowledge, skills, and abilities (group A CPE credits for holders of (ISC)² credentials), it’s easy to delay thinking and planning your activities regarding those strange group B CPE credits. Here’s to changing that reality, and in the process your mindset about their place... Continue reading

With more than 140,000 members around the world, (ISC)² has, quite literally, a lot of ground to cover to get face to face with our members. There are a number of opportunities to meet with the team coming up this year, starting just next week at Secure Summit EMEA in The Hague. Secure Summit EMEA will take place April 15-16 and is themed Enrich. Enable. Excel. The two-day event will feature the best minds in cybersecurity from across Europe, the Middle East and Africa. Keynote speakers include Felicity Aston, Dr. Dennis Broeders, Joseph Carson, Dr. Jessica Barker and Lorna Trayan.... Continue reading

The cybersecurity profession remains primarily a man’s world. But for how long? (ISC)² research reveals women are making fast gains in the industry, and as a group, they are setting their sights on leadership roles. Overall, female representation in the cybersecurity workforce has increased to about one quarter (24%), more than double the 11% estimate from 2016, according to (ISC)2’s Women in Cybersecurity report. The report is based on findings in the (ISC)² Cybersecurity Workforce Study 2018, and it uses different research methodology from the earlier study. For instance, it includes women who spend at least 25% of their work... Continue reading

By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry. Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation. In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle... Continue reading

Winner, winner, chicken dinner. That’s what was on the menu for (ISC)² at this week’s SC Awards gala event held in San Francisco, where the CISSP was recognized as the industry’s Best Professional Certification Program for 2019 by SC Media, which is coincidentally celebrating its 30th anniversary in the same year as (ISC)². The SC Awards are recognized throughout the cybersecurity industry as the crowning achievement for IT security, and winners are run through a rigorous judging process that includes testimonials, industry assessments and additional research. The CISSP was hand-picked by a panel of judges for its advancements in cybersecurity... Continue reading

Name: Jasmine Rodriguez Title: Managed Services Engineer Employer: KnowBe4 Location: Clearwater, FL Education: BA, Psychology from San Diego State University and Masters, Education from Vanderbilt University Years in IT: 3 Years in cybersecurity: 2 Cybersecurity certifications: SSCP, Associate of (ISC)², Security+, CEH How did you decide upon a career in cybersecurity? I found my way into the cybersecurity field a couple years after entering the workforce. I always had a passion for technology. My entry point was in a Network Operations Center where I soaked in knowledge quickly. How did you decide to pursue your CISSP? I utilized self-study materials... Continue reading

One of the most prestigious voices in the IT industry recently made an interesting proclamation: “The next big thing is dead.” So starts CompTIA’s IT Outlook 2019, which finds the next big thing is no longer about some new jaw-dropping technology advancement but rather a combination of various technologies, people and processes. If you’re expecting to be bowled over by a new technology trend any time soon, think again. Producing the desired business outcomes now means getting your human resources to expertly fuse together already-available technology building blocks and tools. And that’s what will fuel IT market growth of about... Continue reading

If you already have or are pursuing your CISSP from (ISC)², make sure you have your oven mitts at the ready. That’s because, as reported by CNBC, the new Upwork Skills Index includes the Certified Information Systems Security Professional as one of the 20 hottest job “skills” in the entire U.S. labor market. You read that right. Not just in security. Not just in IT. The entire labor market. Upwork is a platform for freelancers, so they keep a close eye on the types of skills employers are looking for and update their list quarterly to provide real-time validation of... Continue reading

As cybercrime rises, the world faces a shortage of nearly 3 million cybersecurity professionals. Show employers and prospects you have the advanced knowledge and technical skills to fill this critical and growing demand. With a globally recognized credential from (ISC)², you stand out at the forefront of the field. We know starting the journey to becoming certified can be challenging and even the brightest minds can benefit from having a guide on the journey to success. (ISC)²’s Ultimate Guides are your must-have resource for your certification journey. By downloading a NEW and IMPROVED Ultimate Guide, you will obtain an excellent... Continue reading

Today’s IT security landscape is tough terrain to navigate at the best of times. Cybersecurity professionals need all the guidance, insight and education they can get to help them stay on top of arguably the most challenging points where business and technology collide. As always, (ISC)2 is your partner on this journey, providing resources such as our series of webcasts to keep you up-to-date on the latest trends, issues, tactics and threats in cybersecurity. Want to know where to start? Here are the top 10 EMEA webcasts from the last year: Machine Learning in Infosec: Debunking Buzz and Demystifying Use... Continue reading

Today is an exciting day for (ISC)² members as your membership just got a whole lot more powerful. We are happy to announce the launch of the (ISC)² Professional Development Institute, known simply as PDI. PDI will be your go-to resource for timely and relevant continuing educational opportunities to keep your skills sharp and curiosity piqued. Best of all, these courses will all be available to members at no cost. With three courses already available — Building a Strong Culture of Security, DevSecOps: Integrating Security into DevOps, and GDPR for Security Professionals: A Framework for Success — we are thrilled... Continue reading

Stop us if you heard this one before: Cybersecurity professionals are responsible for protecting their organization’s users and data from the dangers of cyber threats, but they feel underappreciated. Two-thirds (67%) believe “IT security is viewed either as merely reactive to business needs or a cost rather than an asset to the organization,” says a survey of cybersecurity professionals and CISOs by Thycotic, a privileged access management (PAM) vendor. The survey found that a majority of cybersecurity professionals in the United Kingdom and Germany say executives and co-workers see them as more of a burden than a business benefit –... Continue reading

By John McCumber, Director of Cybersecurity Advocacy, (ISC)² After a lot of planning and coordination, we were excited to announce our new partnership with CyberUSA earlier this week. What is CyberUSA, you may ask? Governed by its members, the nonprofit was established to enhance information sharing between states and improve cyber resilience at all levels of participation: local, regional, and national. It is focused on the common mission of enabling innovation, education, workforce development, enhanced cyber readiness and resilience within our state and local communities, and connects them at the national level. What does all that mean? The key takeaway... Continue reading

Name: Renju Damodaran Title: Senior Manager, Cyber Risk Services Employer: Wipro Limited Location: Boston, MA Education: BS, Information Systems from BITS, Pilani. Years in IT: 20 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CISA, SABSA SCF How did you decide upon a career in cybersecurity? Back in the day (early 2000s), I was involved in setting up IT infrastructure for a startup company. I started interacting with information security professionals from external consulting firms and developed an interest in security as a profession. I learned BS7799 framework and landed an information security officer role in ING Vysya Bank (now known... Continue reading

Cheers to you on your decision to pursue an (ISC)² credential in 2019! You’re about to embark on a challenging and highly rewarding journey. Make sure you get the most out of it with the new (ISC)2 Certification Prep Kit. Preparing for the exam is no small task… Your path to success starts with the right study plan, and the Certification Prep Kit will help you map a course that fits your schedule and learning style. Dive right in for everything you’ll need to move ahead with confidence. Inside this free resource, you’ll find… Fast Facts on (ISC)2 Training and... Continue reading

By Marie E. Olson, CISM, CISSP, FIP Deputy Chief Privacy Officer, The Boeing Company This year, Data Privacy Day will spotlight the value of information. Whether you’re an individual looking to better manage your privacy and how your data is collected and shared, or a business collecting, using and storing that information, remember: Personal information is like money. Value it. Protect it. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first... Continue reading