As you know, cybersecurity is a constantly changing field. In order to maintain the accuracy, relevance and excellence of (ISC)² exams, we regularly conduct Job Task Analysis (JTA) studies to review and update exam outlines. JTAs are a methodical process used to determine tasks that are performed in the field by credential holders, as well as the knowledge and skills required to execute those tasks successfully. This review process is continual for all (ISC)² certifications, resulting in regular updates to exams and exam outlines. Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023. As we prepare for this workshop, we would like

As organizations, applications, and users alike continue their journey toward the cloud, the demand for cybersecurity professionals with experience in cloud security increases. The knowledge and skills gap are the biggest concerns for all cloud-first organizations. According to the 2022 Cloud Security Report, lack of qualified staff is ranked as the biggest operational security headache trying to protect cloud workloads, while lack of qualified staff and knowledge was also echoed as the most challenging aspect of cloud compliance. Vendor certifications offer technical expertise The tech giants like Amazon, Google, and Microsoft, have listened to these concerns and invested an enormous amount to develop and promote their vendor certification programs for a good reason – the shared responsibility model of cloud

Chinese actors attack North America, Cuba ransomware and vendors start their predictions for 2023…. Here are the latest threats and advisories for the week of December 9, 2022. Threat Advisories and Alerts CISA Sounds the Alarm on Cuba Ransomware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about Cuba ransomware. Although the ransomware references the Republic of Cuba, there is no indication that the threat actors have any connection to the country. Five critical U.S. infrastructure sectors continue to be the target of attacks: Healthcare and Public Health, Government Facilities, Financial Services, Critical Manufacturing and Information Technology. Thus far, Cuba ransomware actors have extorted $60 million in ransom

By Dustin Perkins, CISSP, Senior Governance, Risk and Compliance Consultant for the US Region of CyberCX. Cybersecurity has proven a growing interest and concern among both the private and public sectors and, for those contracted to do business with the U.S. Department of Defense, this is increasingly important with the protection of potentially sensitive information by those in the private sector. On the heels of Federal Information Security Management Act (FISMA), every government agency is hyper focused on developing a hardened level of cyber hygiene by which to mitigate as much risk as possible. The Department of Defense is fulfilling this requirement in the creation of the Cybersecurity Maturity Model Certification (CMMC). The CMMC was created as an assessment framework

Organizations around the world are being targeted – often from an unseen enemy. Cyberthreats are a plague on systems and data, and combatting them is costly and time-consuming. In order to defend against bad actors, organizations need the talent and skills on staff to detect and mitigate cyberthreats. This has led to massive opportunity in the field of cybersecurity. Research shows the global workforce needs a staggering influx of 2.7 million cybersecurity professionals to meet demand.1 Cybersecurity is a strong career choice for many reasons. It offers opportunities globally and in all industries. There are more than 50 career paths to choose from and it’s widely seen as a field that’s future-proof. For those looking to get their foot in