• We often hear that cybersecurity certifications have a global reach. When we spoke with Vanessa Leite we learned how true that actually is. Vanessa holds several certifications, including vendor-specific ones, along with the CISSP and CCSP credentials from (ISC)². She exemplifies the idea of “stepping out of one’s comfort zone”. Vanessa’s joy of sharing her knowledge, as well as her thirst for continual learning, are deeply motivating. Q: What job do you do today, Vanessa?A: I am a principal cyber strategy and consulting with a Global Cyber Security company. What that means, is basically it is an executive-level role, with focus on the delivering complex cyber security projects. A large part of my job has to do with cloud security.

    Jan 17,
  • Cybercriminals attack schools, the FCC looks to change data breach rules and artificial intelligence alters the cybersecurity landscape. Here are the latest threats and advisories for the week of January 13, 2023. Threat Advisories and Alerts How Businesses Can Securely Use MSP Services Managed Service Providers (MSPs) offer a popular and effective way for businesses to outsource their IT. While an MSP’s service can bring productivity gains and cost savings, they can also pose an added security risk. After all, an MSP customer will typically provide the MSP with administrative access to their data, increasing their attack surface. To stay protected when hiring an MSP, the U.K. National Cyber Security Centre (NCSC) has advised that organizations should only allow enough

    Jan 13,
  • By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP In recent years, we have seen the threat landscape become increasingly complex as threat actors use sophisticated techniques to exploit vulnerabilities of weak passwords, missing patches and antiquated software, thus gaining access to corporate networks. With attacks rising within industrial control systems (ICS), operating technologies (OT) and the internet of things (IoT), we are seeing the development of new terminologies emerge (e.g., patch lag or security resilience), and the list goes on. In 2023, we can expect to see the following: Staffing shortages because of the increased need to thwart cyberattacks and, as a result, burnout will continue to plague the industry. An increase in attacks, including ransomware, bot attacks, expanded attacks on

    Jan 11,
  • As practitioners know all too well, it is paramount to remain up to date with the changing landscape of cybersecurity. We regularly conduct Job Task Analysis (JTA) studies to review exam content and outlines to ensure the accuracy, relevance and excellence of all (ISC)² exams.   The Certified in Governance, Risk and Compliance (CGRC), formerly known as the Certified Authorization Professional (CAP) exam, was last refreshed in 2021. The certification is undergoing a name change to more accurately reflect the knowledge, skills and abilities required to earn and maintain this certification. As part of our regular updates to exams, it is now time to refresh the (ISC)² CGRC exam to better align with best governance, risk and compliance professional practices.   We

    Jan 09,
  • The LockBit ransomware gang apologizes, Google settles privacy lawsuits and cybercriminals impersonate brands and the U.K. government. Here are the latest threats and advisories for the week of January 6, 2023. Threat Advisories and Alerts Cybercriminals Impersonate Brands with Search Ads And Fake Sites The U.S. Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are directing internet browsers to malicious sites via search ads. How does the scam work? Bad actors build a fake website that impersonates a legitimate brand and then advertises it to appear at the top of search results. Once browsers click the ad, the malicious site prompts them to enter login credentials, financial information or download ransomware that’s disguised as a program. Source:

    Jan 06,