The (ISC)² Government Professional Award recognizes government cybersecurity leaders whose commitment to excellence has helped to improve government information security and advance an in-demand workforce. The recognition is given to individuals whose initiatives have improved the areas of technology, process/policy or workforce and has led to significant developments in the security posture of a department, agency or entire government. We had a chance to learn more about the 2021 (ISC)² Government Professional Award honorees and their contributions to a safer and more secure cyber world. Asia-Pacific Region (ISC)² Government Professional Award Honoree Group Captain Amorn Chomchoey, CISSP is Acting Deputy Secretary General for the National Cyber Security Agency of Thailand. He inspires and leads RTAF personnel from all units of

You could say one of the purposes of the annual (ISC)² Security Congress is to deliver an industry status check. How is the cybersecurity industry doing, what could be better, and what are the biggest challenges it faces? This year’s Congress, which took place virtually from October 18 - 20, addressed a host of pressing topics in the industry, from combatting ransomware to zero trust implementation to protecting critical infrastructure against foreign adversaries. One of the biggest challenges though is to attract more diversity into the cybersecurity workforce to counter the shortage of personnel in the field. It was a theme that (ISC)² CEO Clar Rosso highlighted right at the start of the event in her welcome address. Cybersecurity remains a white

The principles of data protection are the same whether your data is stored in a traditional, on-premises data center or in a cloud environment. What is different is the way that you apply those principles. Moving data to the cloud introduces novel cybersecurity risks, challenges, and the threat surface. This novelty requires a new approach to data security. Cloud security is the protection of data, applications, and infrastructures involved in cloud computing environments. Traditional security controls are not adequate to mitigate and protect against the new threats in cloud environments. Establishing and sustaining a robust and effective cloud security posture presents many benefits to organizations. Understanding the differences between cloud security and traditional security is crucial to finding the right

Protecting critical infrastructure and associated challenges was a recurring theme during (ISC)² Security Congress 2021, which took place virtually from Monday to Wednesday this week. It was the subject of various sessions and came up during a keynote session delivered by Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs said critical infrastructure needs to be hardened against foreign adversaries that might have an interest in disrupting it at some point. CISA and other agencies are working to come up with standards and practices for infrastructure security. And they are looking for input from the cybersecurity industry. One of the main challenges with securing critical infrastructure is the move to connect IT and operational technology (OT),

In one of the most sobering presentations about the current state of security delivered during (ISC)² Security Congress 2021, security expert Lisa Forte said no matter how many protective measures an organization takes, it can never achieve zero risk. Insider threats are always a possibility. Forte, co-founder of Red Goat Cyber Security, used her keynote speech on the third and final day of Security Congress to drive home the point that insider threats have gotten harder to identify. Not only does technology make it easier to steal data, bad actors also can manipulate insiders into becoming unwitting spies. And that’s on top of those insiders who are willing collaborators. To minimize risk, Forte said companies should take a number of measures,