(ISC)² Blog

24 January 2020

Open Source & Secure Software Development Are Not Mutually Exclusive

By Dr. Thomas P. Scanlon, CISSP Software Engineering Institute, Carnegie Mellon University Today’s software developers are as much integrators as they are pure coders. There is an abundance of libraries, plug-ins and other third-party software components readily available to speed development. There is no sense in reinventing something when you can just download it, merge it in and move along. Using free and open source software (FOSS) components can save both time and money, so they make for attractive choices. However, including open source software into development projects often makes the cybersecurity professionals in an organization a little uneasy. But,... Read more →

Posted by (ISC)² Management on 24 January 2020 at 09:00 AM in Software Development | Permalink | Comments (0)

Tags: open source software, open source software security, secure software, secure software development, software composition analysis, software cybersecurity, software patching

23 January 2020

Switching from Other Fields to Cybersecurity Is Profitable

Here’s a bit of good news for anyone contemplating a career in cybersecurity: Cybersecurity workers who started their careers in other fields tend to get paid more than career-long cybersecurity professionals, according to new research. As reported by Security Boulevard, a survey conducted by Cynet, which makes breach detection tools, reveals that cybersecurity professionals with equivalent experience earn about the same regardless of whether they have a degree in computer science or a related engineering field. But those who started their careers outside of cybersecurity command higher salaries, a strong indication that employers – in the face of a skills... Read more →

Posted by (ISC)² Management on 23 January 2020 at 08:45 AM in Cybersecurity Workforce | Permalink | Comments (0)

Tags: cybersecurity career, cybersecurity career change, cybersecurity salaries, cybersecurity salary survey, cybersecurity workforce survey, switching careers, switching to cybersecurity

22 January 2020

Most Employers Don’t Pay Full Cost of Certifications

One of the most common complaints cybersecurity professionals voice about their employers is that they have to pay for certifications out of their own pockets. It’s not a trivial issue, since workers consider certifications their number one career hurdle, according the (ISC)2 Cybersecurity Workforce Study 2019. Based on study findings, most employers don’t pay their cybersecurity workers’ certification fees. Considerably fewer than half of respondents in the study (37%) say their employers pay for them while 21% say they share the cost with employers. More than one third of respondents (35%) pay for all of their own cybersecurity certification costs.... Read more →

Posted by (ISC)² Management on 22 January 2020 at 09:00 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce | Permalink | Comments (0)

Tags: career, certification, cybersecurity, training, workforce study

21 January 2020

So You Have Decided to Become Cyber Security Certified, Now What?

By Tony Vizza, CISSP, CCSP, Director for Cyber Security Advocacy - APAC at (ISC)² Toward the end of 2019, I met many aspiring women and men who approached me and said, "Tony, I want to become cyber security certified, how do I do it?" If you are reading this article, it is likely that you have made a conscious decision to do so. Congratulations on taking this step in furthering your career, skills and knowledge. You have made the decision to demonstrate to the wider world your hard-gained experience, knowledge and skills in cybersecurity and to prove to yourself that... Read more →

Posted by (ISC)² Management on 21 January 2020 at 09:35 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce | Permalink | Comments (0)

Tags: associate, certification, CISSP, cybersecurity, membership, training

15 January 2020

New York’s New Data Breach Security Laws Increase Data Privacy and Provide Security Controls Guidance

By Paul Lanois, SSCP, CIPP, CIPT, CIPM and Eric Tierling, CISSP, CIPP/E The landscape of privacy and related legislation in the United States continues to get more interesting. Despite the California Consumer Privacy Act (CCPA) being the talk of the town for privacy and security professionals, New York also put something noteworthy in place, called the “Stop Hacks and Improve Electronic Data Security Act,” or SHIELD Act, in short. Not only is it relatively prescriptive, but it also encompasses cybersecurity obligations that are particularly relevant for security professionals. The SHIELD Act of New York was signed into law in July... Read more →

Posted by (ISC)² Management on 15 January 2020 at 09:34 AM in Government , Privacy | Permalink | Comments (0)

Tags: California Consumer Privacy Act, CCPA, data security regulations, GDPR, New York SHIELD Act, privacy regulations, security regulations

09 January 2020

2019's Top 10 Webcasts

Continuing education allows cybersecurity professionals to stay in tune to the constant changes in the industry. (ISC)² provides webcasts throughout the year on various security-related topics to help keep you informed, as well as provide opportunities to earn CPEs. Based on ratings by cybersecurity professionals, here are our top 10 webcasts from 2019: Ransomware Tools Continue to Increase Ransomware continues to be a widespread problem for organizations. Defending against such attacks are paramount for security teams at businesses small and large. Hear about the latest information concerning many of the leading ransomware threats, as well as updates on the state... Read more →

Posted by (ISC)² Management on 09 January 2020 at 02:11 PM in (ISC)² Events, Cybersecurity Training | Permalink | Comments (0)

Tags: cybersecurity, DETE, DNS, IaaS, ransomware, SaaS, webcast, webinar

06 January 2020

How Culture Makes Us Safer

As published in the September/October 2019 edition of InfoSecurity Professional Magazine By Wesley Simpson, COO There’s an untapped resource hiding in security departments that many of us may consider an intangible or even undefinable asset. When strengthened, it can have a drastic effect on an organization’s security and contribute to its overall value stream. I’m talking about building a strong culture within your cybersecurity team. There are some very tangible practices you can deploy within your team that can have a huge impact on engagement and satisfaction and make your business more secure at the same time. One way to... Read more →

Posted by (ISC)² Management on 06 January 2020 at 08:00 AM in Cybersecurity Training, Cybersecurity Workforce | Permalink | Comments (0)

Tags: certifications, culture, cybersecurity, training

02 January 2020

How To Navigate An Uncertain Job Horizon

As published in the September/October edition of InfoSecurity Professional Magazine By Deborah Johnson Advice on how to mitigate a sudden job loss due to redundancy, recession or ‘rightsizing’. Diana Contesti was a business continuity planner at a major steel manufacturer in Hamilton, Ontario, when a recession hit the Canadian steel industry in the early 1990s. The economic contraction forced companies to cut jobs. Her employer called it “rightsizing” when leadership announced it would cut approximately 3,000 positions. The layoffs were based on seniority by department, and based on that criterion, Contesti knew she was out. “I was extremely worried. I’m... Read more →

Posted by (ISC)² Management on 02 January 2020 at 08:00 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce | Permalink | Comments (0)

Tags: career, cybersecurity

23 December 2019

In Case You Missed It: Recapping Security Congress 2019

Security Congress 2019 was our largest and most in-depth cybersecurity education conference to date. Held over the course of three days in October, the event was jam-packed with more than 180 sessions (covering 18 tracks), over 200 speakers and headline-worthy keynote speakers. There was a 32% increase in overall registration from the previous year and 58% of all attendees were attending (ISC)2 Security Congress for the very first time. Attendees from more than 50 different countries came together to network and learn from their colleagues in the cybersecurity field. In addition to learning about such topics as Cloud Security, Cyber... Read more →

Posted by (ISC)² Management on 23 December 2019 at 08:00 AM in (ISC)² Events, Center for Cyber Safety and Education | Permalink | Comments (0)

Tags: Center for Cyber Safety and Education, congress, congress 2019, cybersecurity, education, Security Congress 2019

20 December 2019

Looking Back – and Looking Forward to 2020

By David Shearer, CISSP, (ISC)² CEO As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly changing, so it seems right that 2019 was no different for our association. We began the year by officially launching our Professional Development Institute (PDI) as part of our mission to deliver even more value to our members. We wrapped up the year strong with our international Security Congress – our largest yet in attendance and number of programs... Read more →

Posted by (ISC)² Management on 20 December 2019 at 09:15 AM | Permalink | Comments (0)

Tags: (ISC)2 membership, (ISC)2 organization, professional development institute