The chief information security officer role hasn’t always gotten the respect it deserves. Research over the years has shown companies often treat their CISO primarily as a scapegoat for security incidents. But that may be changing – at least it is in organizations with a strong cybersecurity culture. New research by (ISC)2 shows the overwhelming majority of companies that properly staff their cybersecurity teams employ a CISO. The Building a Resilient Cybersecurity Culture study revealed that 86% of organizations that consider themselves adequately staffed with cybersecurity talent have a CISO. This is a substantially higher percentage than the 49% of companies overall with a CISO, according to other research. Cybersecurity Knowledge The finding points to the likelihood that a CISO

Name: Ana Ferreira Title: Doctor Employer: Center for Health Technology and Services Research (CINTESIS), Faculty of Medicine, University of PortoLocation: Porto, PortugalEducation: BSc in Computer Science, MSc in Information Security, PhD in Computer ScienceYears in IT: 20Years in cybersecurity and/or privacy: 16Cybersecurity certifications: CISSP, HCISPP    How did you decide upon a career in healthcare security and/or privacy? After I graduated in 1998, I went to work for a healthcare education institution as a researcher and IT specialist. After a few years, I realized that security and privacy, especially in the domain of healthcare, were crucial for the quality and protection of patient data. I decided to make a change and enter into information security and received a Master’s degree in

Name: Shinji Abe Title: DirectorEmployer: NTT Security (Japan) KKDegree: Bachelor of Science, Master of Science in Quantum Physics Years in IT: 11Years in cybersecurity: 7Cybersecurity certifications: CISSP   How did you decide upon a career in cybersecurity? I started my career as a system engineer. I became involved in information security after some systems managed that I was managing received vulnerability assessments. That was when I realized the importance of cybersecurity. I moved to the security analysis team to focus on security works in 2011.    Why did you get your CISSP®? In the beginning of my cybersecurity career, I learned cybersecurity through self-study. However, I wanted to understand in a comprehensive and systematic fashion and to prove my skills.

(ISC)² is committed to enriching our professional development course offerings to members. That’s why we’re excited to announce a free course is now available – GDPR for Security Professionals: A Framework for Success. The course is online and self-paced to work with your busy schedule. We know the GDPR deadline has come and gone, but that doesn’t mean that the work is over. Many companies are not yet compliant, and maintaining compliancy is challenging to say the least. This GDPR course is designed to help you contribute to the strategy, direction and implementation of the EU’s General Data Protection Regulation within your organization. If you’re an (ISC)² member, the immersive course has already been added to your account in our

One of the main questions (ISC)2 sought to answer with a new study, Building a Resilient Cybersecurity Culture, was what makes a good cybersecurity team, especially in an industry that suffers from a shortage in its current workforce. How do organizations go about building and strengthening the team? It’s clear from the study’s findings that management’s attitude toward the team – and toward cybersecurity as a whole – is related to the team’s success, confidence and ability to do their job without worrying about lack of budget or support from the top. Going in, we already knew the respondents in the poll had confidence in their team – that’s why they were chosen for the research. So it was no