(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its certification examinations. A JTA is the methodical process used to determine tasks that are performed by certification holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for ISSMP will be reviewed soon. In preparation for the upcoming review, we would like to hear from our ISSMP members who are participating in this forum/community to comment on the new and emerging cybersecurity issues that should be addressed but are not covered in the current ISSMP Examination Outline. This

Today’s cybersecurity skills shortage is threatening safe cloud adoption – and cloud security is the No. 1 area most impacted by the shortfall. To help fill the gaps, more professionals are expanding their cloud expertise. Join two cybersecurity specialists as they share their journeys to a mastery of cloud security and how it benefited their careers. READ THEIR STORIES IN THE ARTICLE

Are you looking for a space to connect with your peers in the cybersecurity industry? (ISC)² Community connects you to a global network of cybersecurity professionals through an interactive and engaging platform. Community offers members and non-members an opportunity to share insights on the latest cybersecurity trends, ask questions, share knowledge, or voice opinions.  Community welcomes all levels of experience to weighing in on the current topics and trending conversations through public discussion or private chats. Users can subscribe to popular threads based on interests such as cloud security, privacy, tech talk, career, and more.   Community Groups encourage engagement through all stages of your career. For those just beginning, study groups for each certification allow candidates to discuss and meet for exam tips and practice items. Upon

Tricky Business Software development is a tricky business. When you think of all that can go wrong, the possibilities can be overwhelming. From coding errors, to borrowed libraries, to myriad other causes, the need for testing is fundamental to the development process. Testing can uncover many of the errors or oversights that can occur. Failure to effectively test prior to release can be very costly. Fortunately, the software security lifecycle includes testing methodologies to prevent many of these errors. As a security professional, understanding testing techniques is an extremely important job responsibility. If you are on the technical side of information security, you may be conducting the tests yourself. One way that an employer can ensure that they have a

Faced with significant obstacles to build their cybersecurity teams, organizations increasingly are looking within to find transferrable talent for cybersecurity roles. It’s a practice strongly endorsed by (ISC)² in the recently published Cybersecurity Career Hiring Study and the Cybersecurity Workforce Study. The problem is that a substantial number of organizations aren’t up to the task of developing in-house talent for cybersecurity. Nearly half (45%) of companies in a recent study say they are not capable of doing it. And the problem doesn’t end there. The study, conducted by IT recruiting firm Hays US, also found that only 39% of respondents believe their organizations “have the ability to retain cyber staff.” So the problem is twofold: Building a strategy and infrastructure