As the invasion of Ukraine continues alongside a pronounced increase in online disruption aimed at the main sanction-imposing economies, speculation is rampant that a barrage of related cyberattacks on Western allies will at some point result in a mega breach or worse – an incident that may affect critical infrastructure and damage public utilities or vital data stores. To better understand how cybersecurity professionals are assessing the situation, we conducted a poll of (ISC)² members. More than 260 (ISC)²-certified cybersecurity professionals from 41 countries participated, including Ukraine and the Russian Federation. They represent 33 different industries, with the most in financial services, followed by IT services and healthcare. These are their insights. Not surprisingly, cybersecurity professionals all over the world are

To celebrate Women’s History Month in March, four female security leaders met for a wide-ranging panel discussion on how they’ve broken through gender biases to forge their career paths, as well as what’s needed to help young women in the cybersecurity profession succeed. This (ISC)² Think Tank webinar is part of the organization’s multi-year commitment to DEI which includes a new DEI series featuring diverse voices and perspectives within cyber and aimed at helping to build a more inclusive cyber profession. The panel was moderated by Sharon Smith, CISSP, cybersecurity strategy and advisory consultant, and included: Ebony Stevens, (ISC)² Security Engineer Weijia Yan, an InfoSec student at Carnegie Mellon University Megan West, X-Force Cybersecurity Incident Response Consultant at IBM Each

The CISSP-ISSMP exam will be changing on November 15, 2022. This exam is the most recent of the (ISC)² examinations to be updated as part of the Job Task Analysis (JTA) process. All (ISC)² certifications are updated on roughly a triennial basis following the JTA process.   Current certification holders are surveyed on how often they use the knowledge, skills and abilities represented in the exam outline. Subject matter experts update the exam outline, and the exam itself, based on that feedback to ensure the CISSP-ISSMP exam reflects the most pertinent issues facing cybersecurity management professionals. These updates ensure that anyone earning the CISSP-ISSMP at any time has been tested on best practices for establishing, representing and governing cybersecurity programs, and

Flexible work conditions can help decrease the cybersecurity workforce gap by creating more inclusive environments. Practices like work from home and flexible office hours allow companies to widen their recruitment pool. The increase of work from home has been on the move for years, but was escalated in 2020 with the start of the COVID-19 pandemic. Those with transportation challenges, physical limitations, family obligations, or other situations that made the traditional nine-to-five feel previously difficult are now finding themselves able to thrive with more flexible work conditions.  In the latest (ISC)² Workforce Study, respondents were asked “How can cybersecurity diversify?” The second-highest response, 29% suggested providing more flexible working conditions. This response was topped only by providing mentorships and support at

Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format.  The current CISSP CAT exam contains 25 pretest (unscored) items. The addition of 25 more items will bring the total count to 50 pretest items. With these added items, the minimum and maximum number of items candidates will need to respond to during the exam  will increase from 100-150 to 125-175. To allow for these additional items, the maximum exam administration time will increase from three to four hours.   Pretest items enable (ISC)² to continue expanding our item bank to strengthen the integrity and security of the CISSP for all those who earn the certification. The additional