“Information security analyst” tops the U.S. News & World Report 2022 Best Jobs list. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance. Having a cybersecurity position at the top of the list is exciting for a young industry that has struggled with perception problems. It highlights the importance of cybersecurity at a time when cyber threats have become one of the top concerns for all types of organizations, both in the private and public sectors, and regardless of size. “Information security analysts are increasingly critical as organizations work to protect against data breaches and cyber attacks,” says Antonio Barbera, consumer advice

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations.  A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. A JTA Study Workshop for CSSLP has tentatively been scheduled in early February 2022.  In preparation for the upcoming study, we would like to hear from our CSSLP members in good standing. Please comment on the new and emerging secure software lifecycle development issues that you feel should be addressed in the CSSLP exam. This

Many people are talking about the future-of-work, but how can that even be calculated when the primary element – workers – appears to be in short supply? There has been much focus and discussion on the work-from-home and hybrid models of work, concepts that appeal to a surprisingly large contingent of the population, but they pose significant challenges to security specialists, both in the practical terms of maintaining security and Zero Trust with a distributed workforce, but also in terms of their own work choices: is it actually possible to be a CSSP or even a CISO from home? This past summer, we posted a white paper entitled Cloud Adoption and the Skills Shortage in which we looked specifically at

A U.S. Cyber Command (USCYBERCOM) task force has conducted “its first offensive cyber effect operation against real-life cyber threats.” Details of the operation have not been published, but the military says offensive cyberspace operations are “intended to project power by the application of force in or through cyberspace.” News of the operation, conducted by USCYBERCOM’s Cyber National Mission Force (CNMF) from February to August 2021, came in a news release from the Maryland Air National Guard’s 175th Cyber Operations Group, which took part in the mission. “USCYBERCOM’s CNMF plans, directs and synchronizes full-spectrum cyberspace operations to deter, disrupt and, if necessary, defeat adversary cyber actors to defend the U.S.,” said U.S. Air Force Maj. Corley Bradford, director of operations for

As we expand our events in 2022, we look forward to offering increased opportunities for education and networking among cybersecurity professionals within their regions. To ensure that each event makes a significant impact with relevant content, (ISC)² is seeking interested volunteers to join event planning committees.    Committee members will assist in developing an event that is educational and meaningful for their fellow (ISC)² members and cybersecurity professionals around the world. They will use their expertise to lead the development of localized content, as well as provide insight and guidance into their respective regions. Members will work closely with (ISC)² staff and act as ambassadors for their events.     Event Planning Committee activities are eligible for CPE credits and involve