As published in the September/October edition of InfoSecurity Professional Magazine By Deborah Johnson Advice on how to mitigate a sudden job loss due to redundancy, recession or ‘rightsizing’. Diana Contesti was a business continuity planner at a major steel manufacturer in Hamilton, Ontario, when a recession hit the Canadian steel industry in the early 1990s. The economic contraction forced companies to cut jobs. Her employer called it “rightsizing” when leadership announced it would cut approximately 3,000 positions. The layoffs were based on seniority by department, and based on that criterion, Contesti knew she was out. “I was extremely worried. I’m a single mother and all those fears, ‘Oh, my God! How am I going to feed my kid?’ kicked in.” For

Security Congress 2019 was our largest and most in-depth cybersecurity education conference to date. Held over the course of three days in October, the event was jam-packed with more than 180 sessions (covering 18 tracks), over 200 speakers and headline-worthy keynote speakers. There was a 32% increase in overall registration from the previous year and 58% of all attendees were attending (ISC)2 Security Congress for the very first time. Attendees from more than 50 different countries came together to network and learn from their colleagues in the cybersecurity field. In addition to learning about such topics as Cloud Security, Cyber Crime, Governance, Risk and Compliance and other industry-related tracks, attendees heard from keynote speakers: Captain Chesley B. “Sully” Sullenberger, III,

By David Shearer, CISSP, (ISC)² CEO As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly changing, so it seems right that 2019 was no different for our association. We began the year by officially launching our Professional Development Institute (PDI) as part of our mission to deliver even more value to our members. We wrapped up the year strong with our international Security Congress – our largest yet in attendance and number of programs – in Orlando, Florida. We made updates to our exams and further strengthened our certifications and courses with globally-recognized institutions.

By Lee Kim, JD, CISSP, CIPP/US, Director, Privacy and Security, HIMSS The most valuable part of the healthcare system is the patient. Patient safety is paramount in the healthcare sector. With the digitization of healthcare information, the free flow of information comes at a price. We need to be responsible stewards of healthcare information. Patients entrust us with their healthcare information and their lives. Those of us in the healthcare cybersecurity field have the unique task of protecting and securing patient information yet ensuring that the information is available on demand—especially when critical, life threatening situations arise. The Vulnerabilities of Healthcare Information Technology Systems team of the United States Department of Homeland Security/Office of the Director of National Intelligence Analytic

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for SSCP will be reviewed in early 2020. In preparation for the upcoming review, we would like to hear from our SSCP members regarding new and emerging IT cyber security issues that they feel should be addressed but are not covered in the current SSCP Exam Outline. This is your opportunity