We all have unconscious bias. In fact, our ability to use pattern recognition and informed judgement can be a benefit in many professions, especially cybersecurity. However, unconscious biases in areas of hiring, mentoring, promoting or developing staff could hamper efforts to build the cybersecurity workforce and to diversify the individuals who make up this group. (ISC)² has partnered with Cyversity, an organization whose mission is to achieve consistent representation of women and underrepresented minorities in the cybersecurity profession, to offer a series of free webinars addressing unconscious bias. The first webinar in this series – Understanding Unconscious Bias – will take place on June 29 at 1:00 p.m. ET on the (ISC)² Security Briefings webinar channel. Registration is open now

Security teams should stop treating users as the weakest link in security and, instead, turn them into allies in building a strong security culture. This was the message from Shelly Epps, HCISPP, Director of Security Program Management at Duke Health, who delivered a presentation this week at the (ISC)² SECURE North America virtual event. “If you are relying upon users for your security, you’ve effectively already failed,” she said. Instead, organizations need to develop comprehensive, multidimensional programs that keep users engaged. Traditionally, Epps said, organizations have built security programs around compliance obligations and PowerPoint-based lists. Programs tended to be punitive, turning the cybersecurity staff into the bad guys, when a rewards-based approach is better. Developing the right culture requires empowering

Last week (ISC)² released the (ISC)² Cybersecurity Hiring Managers Guide: Best Practices for Hiring and Developing Junior Talent built on the latest research to help organizations grow their teams and retain top talent. The report highlighted the top technical skills, non-technical skills and personality attributes hiring managers seek and how organizations can benefit from unique recruiting and professional development strategies. In a recent volunteer survey, we asked members with hiring experience what trends they are seeing in the industry. Many mentioned technological shifts expedited by the pandemic including remote work, virtual interviews and hybrid work environments. They also noted a shift in requirement of degrees and certifications for entry-level staff and more emphasis on diversity of backgrounds and experiences. Filip

If you’ve ever wondered about the relationship between privacy and apples, privacy expert J. Trevor Hughes explained the connection during a session at the (ISC)² SECURE North America one-day virtual event. “Privacy is a fundamental human truth,” he said. “It has existed since the dawn of time.” In fact, he said, privacy concerns started after Adam and Eve committed the crime that got them expelled from the Garden of Eden. They ate an apple they weren’t supposed to. Since then, privacy perceptions and concerns have evolved as new threats in the form of new technologies – flexible film, the telephone and the smartphone – have emerged. Technology, he says, mediates privacy. Along the way, we’ve had to adjust and find

Facing an acute shortage of qualified cybersecurity professionals, hiring managers are recruiting entry- and junior-level practitioners to their teams. The latest (ISC)² research captured in our Cybersecurity Hiring Managers Guide reveals this practice enables organizations to build stronger and more resilient cybersecurity teams. The findings come from a poll of 1,250 hiring cybersecurity managers who hire entry- and junior-level practitioners for small, mid-size and large organizations in the United States, Canada, United Kingdom and India. The cybersecurity skills gap currently stands at 2.7 million worldwide, forcing hiring managers to deprioritize experience when choosing candidates who show promise. Managers are less insistent on finding technical skills and, instead, have honed their focus on non-technical skills such as ability to work in a team