The Language of Profit and Loss Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability. Why is this important? This is important because the language of business is based on profits and loss, and that component is key to your progress. How can you describe the need for a new security initiative that makes the point to the people

People looking to get into the cybersecurity field generally demonstrate a solid understanding of the threats facing organizations, according to new research from (ISC)². Yet, they don’t necessarily have the correct expectations of what they will be doing should they land a cybersecurity job. In a profession that covers a wide spectrum of tasks and responsibilities, including security operations, risk assessment and user training, coming up with a clear definition of the role is difficult for outsiders, the study suggests. Nevertheless, job pursuers are aware of the various threats cybersecurity teams have to address, including malware, ransomware and phishing. The Cybersecurity Career Pursuers Study, which polled both current cybersecurity professionals and jobseekers, indicates that jobseekers need a clearer idea of

The annual (ISC)² Cybersecurity Workforce Survey needs your experience and opinions to help shape the conversation.   As we find ourselves more than one year into a global pandemic, we want to accurately reflect the current state of the industry. How has your career been impacted? How has your organization changed? How has your work evolved? We need to hear from cybersecurity professionals, (ISC)² members and non-members, representing all regions globally.   Like last year’s survey results, these results will be used by organizations, governments and the media to foster conversations regarding strategies to improve the recruiting and filling of positions needed to secure organizations around the world.   If you’re an (ISC)² member, check your email for an invitation to participate in the survey. If you have not already taken the survey, please share your insight into the cybersecurity profession. Click here to participate. 

Should you adopt the default security configuration from your Cloud Service Provider to avoid a misconfiguration incident? If you do, proceed with caution. Some default settings may not be required in your environment and would serve the organization better if they were disabled. As part of a complete cloud security strategy, all settings must be checked against an established hardening standard. CSPs deliver a platform and the tools to manage it. Yet ultimately, it isn’t the responsibility of the CSP to secure your environment. It’s yours. READ THE ARTICLE  

Commonly used cybersecurity terms such as “blacklisting” and “whitelisting” may be discontinued if the National Institute of Standards and Technologies (NIST) efforts are successful. The agency wants to eliminate terms with problematic connotations from speech and written documents and replace them with neutral, more precise wording. “Using inclusive language can help people from diverse backgrounds feel more welcome and encourages precise, high quality work,” the agency explains in recently issued guidance document on the matter, NISTIR 8366. The purpose of the effort is threefold: Develop documentary standards Use inclusive language in verbal communication during meetings and negotiations Create documentation on “realization and dissemination of physical standards” The use of bias-free language, NIST says, allows everyone to feel included in discussions,