The gig economy has grown rapidly in recent years and now includes more than one third of U.S. workers who describe themselves as consultants, freelancers or self-employed. It isn’t surprising then that 31% of organizations say that consultants and contractors are the top source they tap into for cybersecurity talent, according to the (ISC)² 2020 Cybersecurity Workforce Study. In fact, this group is the second-most popular talent source overall, just after new university graduates. The largest number of consultants (40%) work with small and mid-sized businesses (SMB), which could include small sole-proprietary businesses (think a self-employed CISSP starting his or her own business), as well as those advising multiple clients while working for a small solution provider organization. 23% work

The Many Advisory Roles of a CISSP A Long and Prosperous Career Throughout your cybersecurity career, you will spend a lot of time in the world of identify, protect, detect, respond, and recover. Sometimes, the skills required for the job can range from the mundane, such as running a phishing campaign, to some nail-biting, all-nighters of remediation (after someone ignored your carefully crafted phishing campaign and clicked on a malicious link). Your skills were not easily acquired. Perhaps you derived these skills from tinkering with machinery, dumpster-diving, and everything in between. Information security research has transitioned to more sophisticated tools and methods. The entire security profession has been elevated to new levels that require more than just technical know-how. In

By Allan Caton, CISSP, CISM, CCSP, CISMP  Most companies are migrating from an environment of legacy, on-premise systems to the cloud which will result in a hybrid environment. Market forces are driving the push toward usable, mobile technology and the always-on, always-available, ubiquity of web-based applications. This shift will include both customers and all types of enterprise users – including employees, contractors, vendors, partners, etc.  This shift to a decentralized, identity-centric operating model brings with it the absolute requirement to consider the security of the user identities, devices and data which comprise the enterprise estate. The future of identity management, authentication, data management and network access demand a fresh look at how security protects corporate assets.  The days when a simple password was sufficient to protect access

Have you ever baked something, only to see it fail due to the lack of a key ingredient? For instance, a cake will not rise if you add baking powder after you realize it was forgotten in the original ingredient list. The same is true for many failed endeavors. The addition of a critical component after the project is completed does little to improve the original plan. In many cases, it introduces unintended complexity that sets off a cascading series of problems. As a security professional, you probably can name a list of software that was released too early, requiring so many revisions to correct the problems that the original intent was dwarfed by the patches. According to one source,

In a year that presented so many challenges – a global pandemic, social unrest and an economic downturn – one success is worth noting: When cybersecurity professionals were called upon to secure remote environments in a hurry, they stepped up. As many companies were forced to shift to a work-from-home model because of COVID-19 for most or all employees, cybersecurity teams went to work on securing both these newly created remote environments and existing corporate networks. Data from (ISC)²’s 2020 Cybersecurity Workforce Study shows respondents believe those efforts were largely successful. Even though 30% of cybersecurity professionals had a deadline of one day or less to transition staff to remote work and secure their environments, 92% of study respondents say