The COVID-19 pandemic delivered a serious blow to the global economy, but plenty of job opportunities remain in the cybersecurity field, according to Kris Rides, CEO of cybersecurity staffing company Tiro Security. There were cybersecurity layoffs, Rides said, but in much smaller numbers than in industries such as travel and entertainment, which have taken the brunt of the pandemic’s economic impact. Cybersecurity “is one area where companies couldn’t really afford to lay off people,” Rides said, during a virtual presentation as part of the (ISC)2 2020 Security Congress taking place this week. Kris Rides, CEO of Tiro Security The pandemic’s impact on cybersecurity jobs appears to have been temporary, according to Rides. “There were less jobs available, but that was

The Internal and External Struggles of Ethics and the CISSP Credential As Old As Mythology All students of information security have heard of the Caesar cipher and the Spartan Scytale. These early encryption methods demonstrate the craftiness of the human mind. Encryption has evolved and become more sophisticated.  Encryption has been instrumental in the advancement of society. Can you think of another ancient mental construct of humanity that has remained static, yet is no less important to the functioning of society?  Let’s consider the topic of ethics. The concept of ethics has existed since ancient times, and the subject is still applicable today, in all areas of life, and is codified as a requirement in many professions, such as the

Cybersecurity expert Joseph Carson, CISSP, learned a valuable lesson after conducting a penetration test at a power station that took him four months of preparation: How you communicate your findings to an organization’s leadership makes all the difference in how they decide to act on the information. During a virtual presentation as part of the (ISC)2 2020 Security Congress, Carson, who serves as Thycotic’s chief security scientist and advisory CISO, said he was shocked when the power utility’s board essentially shrugged off his findings. After all, he thought the findings were pretty damning. Get this: After spending a morning inside the power station disguised as a photographer on a commercial shoot, he found a printed list of all usernames, passwords

Graham Cluley Despite the substantial increase in remote working since the start of the COVID-19 pandemic, security breaches have stayed about the same for the vast majority of people and businesses, according to security expert Graham Cluley, an award-winning blogger who provided the Tuesday keynote speech at this year’s virtual (ISC)2 Security Congress. Only one in 10 businesses say they have experienced a dramatic increase in attacks, Cluley said, before quickly adding that attacks don’t always result in breaches. As a matter of fact, research shows breaches increased by only one percentage point over the past 12 months, to 16% from 15% in the previous 12-month period, Cluley said. “Let’s not be too glum,” Cluley said. While he struck a

When does technology become too easy to use? And when does simplicity start working against you? These were among the many the questions tackled by a group of panelists during a 2020 (ISC)² Security Congress virtual session called “Easily Deployed and Sold Short.” At issue was whether easy-to-use user interfaces on complex security tools make it more difficult for cybersecurity team leaders to figure out what skills their team members have mastered. Timothy Robnett, vCISO at Wavefront Consulting, made no bones about it: “A simple UX makes it harder to promote somebody,” he said. Simplicity of use, he said, doesn’t erase the need for critical thinkers who tackle hard questions and know how to dig into a problem. But it