30 July 2020

How To Effectively Set Up AWS CloudTrail in 5 Steps

By AJ Yawn, CISSP Introduction Amazon Web Services (AWS) is the market-leading cloud service provider for many reasons. One of the reasons for its market share is the breadth and depth of security services available to organizations hosted on AWS. With new services being released almost daily, it is understandable for security practitioners to get lost in the many options to secure your AWS account. AWS CloudTrail is one of these services that are commonly underused but fairly simple to set up and critical for security governance, detection, and incident response. What is CloudTrail, and Why Does it Matter? AWS... Read more →

Posted by on 30 July 2020 at 08:45 AM in Cloud Security | | Comments (0)

Tags: amazon web services, API, AWS, aws encryption, AWS key management services, cloud security, cloud security provider, cloudtrail, cloudwatch, network security, S3 buckets

| |

27 July 2020

5 Ways to Make Sure You Hire the Right Cybersecurity Team Member

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. BY JASON McDOWELL, CISSP Companies from all industries are looking for qualified cybersecurity professionals to fill the skills gap in their current workforce. Demand is high, and many companies are willing to pay top dollar to those who possess the skills they need. With this high-demand, high-paying environment, what could go wrong? Plenty. With the exception of companies that specialize in information security, accurate valuation of the cybersecurity role in many companies is still very challenging, and many managers lack even a basic understanding of what cybersecurity professionals do... Read more →

Posted by on 27 July 2020 at 08:45 AM | | Comments (1)

Tags: CISSP job, cybersecurity hiring, cybersecurity job descriptions, cybersecurity job market, cybersecurity job posting, how to hire for cybersecurity, how to hire information security

| |

24 July 2020

Help Shape the UK Cyber Security Council by becoming a Trustee

Professionalizing the world of cybersecurity education and training is a major focus area for the UK Government, especially in the new realities we find ourselves in. It included plans in its National Cyber Security Strategy in 2016 to develop the cyber security profession, including creating a UK Cyber Security Council to focus on professional development, professional ethics, thought leadership, influence and outreach. Late last year, the Department for Digital, Culture, Media and Sport commissioned the creation of the Council through a consortium of cyber security professional bodies – including (ISC)² –known as the Cyber Security Alliance. (ISC)² has been diligently... Read more →

Posted by on 24 July 2020 at 11:00 AM in Cybersecurity Workforce, Government | | Comments (0)

Tags: cybersecurity advisory, cybersecurity advisory role, cybersecurity career, cybersecurity volunteer, UK cybersecurity council, UK cybersecurity volunteer

| |

23 July 2020

RETHINKING SECURITY PREDICTIONS FOR 2020 FROM THE (ISC)² COMMUNITY OF SECURITY PROFESSIONALS

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe... Read more →

Posted by on 23 July 2020 at 12:02 PM in Network Security, Operations Security, Privacy, Ransomware | | Comments (0)

Tags: CAP, CISSP, CSSLP, cybersecurity, data privacy, DevOps, IIoT, Industrial Internet of Thinks, Internet of Things, IoT, Operating Technology, OT, Privacy, ransomware, SecDevOps, security, SSCP

| |

22 July 2020

Making Your Way Through the Cloud

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. By Anne Saita In 2012, a Fortune 500 oil and gas company joined the early adopters migrating assets and business processes to “the cloud.” Corporate executives’ biggest security concern then was the potential for a rogue administrator from a chosen cloud service provider to pilfer all of its data. “That was the big fear at the time,” explained Jon-Michael C. Brook, CISSP, CCSK, a principal at Guide Holdings who consulted with the company during its initial cloud migration. “They weren’t as worried about errors that they might make; they... Read more →

Posted by on 22 July 2020 at 08:30 AM in Cloud Security | | Comments (0)

Tags: CCSP, CISSP, cloud data, cloud security, cloud security certification, cloud security posture management, cloud service providers, cloud-based apps

| |

17 July 2020

#ISC2CONGRESS 2019: Sessions to Catch Up On, Part 2

As we look forward to (ISC)2 Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Preparing for Cyber War: Learnings from Responding to Disruptive Breaches Charles Carmakal and Jermey Koppen, both from Mandiant, share real world case studies of threat actors and their motivations of money, fame and power. They share the importance of investigating attacks by both internal and external... Read more →

Posted by on 17 July 2020 at 08:15 AM in (ISC)² Events | | Comments (0)

Tags: best practices, breach, CCPA, congress, cybersecurity, GDPR, privacy, security, security congress, threat actors

| |

16 July 2020

Professional Development Institute Adds Lab Course – Free Member Access to 2 CPEs

If you’re looking for ways to fulfill your CPE requirements, it doesn’t get much more convenient than the Professional Development Institute (PDI), a portfolio of timely and relevant continuing education courses that are provided to (ISC)2 members as part of their membership benefits. The latest addition – available now – to the on-demand library of 36 courses is a Lab course titled “Security Analysis with SPARTA,” which is aimed at security practitioners and anyone looking to implement the penetration testing execution standard (PTES) and the tools and processes found within SPARTA and security assessment tools. SPARTA’s design automates many common... Read more →

Posted by on 16 July 2020 at 08:45 AM in Cybersecurity Training | | Comments (0)

Tags: continuing professional education, CPE, cybersecurity course, cybersecurity lab, cybersecurity training, free cybersecurity course, free cybersecurity lab, free cybersecurity training, PDI, professional development institute, security analysis, SPARTA, SPARTA lab

| |

13 July 2020

How To Eliminate Leaky S3 Buckets Without Writing A Line Of Code

By AJ Yawn, CISSP FedEx. Booz Allen Hamilton. Republican National Committee. Dow Jones & Co. Verizon Wireless. Time Warner Cable. WalMart. These eight organizations all have the same thing in common: Leaky S3 buckets that were misconfigured and exposed sensitive customer data. Amazon S3 (or Simple Storage Service) bucket misconfigurations and breaches continue to show up in cybersecurity publications. A disappointing fact considering how newsworthy these breaches have been. Amazon S3 is an object storage service on Amazon Web Services (AWS) that provides customers with infinitely scalable and durable storage for websites, mobile applications, backup and restore, and many other... Read more →

Posted by on 13 July 2020 at 08:55 AM in Cloud Security | | Comments (0)

Tags: amazon cloud, amazon s3, amazon web services, AWS, CASB, Cloud Access Security Broker, cloud cybersecurity, cloud security, cloud security SaaS, S3 buckets, SaaS, simple storage service

| |

09 July 2020

#ISC2Congress 2019: Sessions to Catch Up On

We recently announced that this year’s (ISC)² Security Congress will take place entirely virtually. The decision was made as COVID-19 cases continue to surge around the globe in the interest of safety of attendees, speakers, sponsors and staff. This year’s event will include three days of sessions from top security experts November 16-18. We’ll announce the sessions – including the timing of the programming – soon, but in the meantime, many sessions from the 2019 event are available online completely free. Get a taste of what Security Congress 2020 will have to offer, while getting ahead on your CPEs by... Read more →

Posted by on 09 July 2020 at 08:55 AM in (ISC)² Events | | Comments (0)

Tags: (ISC)² conference, (ISC)² CPE, (ISC)² CPEs, (ISC)² events, (ISC)² security congress, acquisitions, cybersecurity assessments, cybersecurity conference, cybersecurity event, free CPEs, mergers, mergers and acquisitions, MITRE ATT&CK, MITRE framework, online CPEs

| |

30 June 2020

It’s Official: (ISC)2 Security Congress Will Be Virtual This Year

As COVID-19 continues to surge across the globe and corporate travel restrictions put in place, (ISC)² has announced its decision to make its Security Congress for 2020 a virtual conference. The renowned three-day conference, focused on industry discussion and continuing education for security professionals of all levels, will be held online from November 16-18. This decision is in recognition of the fact that many training budgets have been reallocated due to the economic impact of COVID-19. As such, (ISC)² Security Congress 2020 is offering a heavily discounted Early Bird pricing to (ISC)² members and associates of just $295 for an... Read more →

Posted by on 30 June 2020 at 04:10 PM in (ISC)² Events, Cybersecurity Training | | Comments (0)

Tags: (ISC)2 congress, CPEs, cybersecurity conference, online CPEs, online cybersecurity conference, security congress, virtual conference, virtual cybersecurity conference

| |

Next »