As published in the May/June 2020 edition of InfoSecurity Professional Magazine. BY JASON McDOWELL, CISSP Companies from all industries are looking for qualified cybersecurity professionals to fill the skills gap in their current workforce. Demand is high, and many companies are willing to pay top dollar to those who possess the skills they need. With this high-demand, high-paying environment, what could go wrong? Plenty. With the exception of companies that specialize in information security, accurate valuation of the cybersecurity role in many companies is still very challenging, and many managers lack even a basic understanding of what cybersecurity professionals do within the organization. Add in the urgency to meet industry-specified cybersecurity requirements, and things can quickly lead to corporate desperation and poor

Professionalizing the world of cybersecurity education and training is a major focus area for the UK Government, especially in the new realities we find ourselves in. It included plans in its National Cyber Security Strategy in 2016 to develop the cyber security profession, including creating a UK Cyber Security Council to focus on professional development, professional ethics, thought leadership, influence and outreach. Late last year, the Department for Digital, Culture, Media and Sport commissioned the creation of the Council through a consortium of cyber security professional bodies – including (ISC)² –known as the Cyber Security Alliance. (ISC)² has been diligently working alongside other Alliance volunteers to build the UK Cyber Security Council. It is set to commence operations in April 2021.

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP In February 2020, we put together our thoughts on Security Predictions for the upcoming year in a two-part series (Part 1, Part 2). Little did we know that COVID-19 would happen and change the way that folks work in our organizations, nor we as security practitioners work. In our original blog, we suggested that the following issues would be of concern to the industry: Data Privacy changes Lack of secure coding practices 5G and WiFi-6 Phasing out passwords Lack of perimeters Backups and their role with ransomware We believe that we got several predictions right. However, due to COVID-19, we have moved a few to 2021 or beyond, increased

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. By Anne Saita In 2012, a Fortune 500 oil and gas company joined the early adopters migrating assets and business processes to “the cloud.” Corporate executives’ biggest security concern then was the potential for a rogue administrator from a chosen cloud service provider to pilfer all of its data. “That was the big fear at the time,” explained Jon-Michael C. Brook, CISSP, CCSK, a principal at Guide Holdings who consulted with the company during its initial cloud migration. “They weren’t as worried about errors that they might make; they were more worried about the trusted insider within the cloud service provider.” Those concerns haven’t gone away, but eight years later a

As we look forward to (ISC)2 Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Preparing for Cyber War: Learnings from Responding to Disruptive Breaches Charles Carmakal and Jermey Koppen, both from Mandiant, share real world case studies of threat actors and their motivations of money, fame and power. They share the importance of investigating attacks by both internal and external extortionists and how to properly deal with demands from aggressive attackers. A significant rise of aggressive attacks within the last