The U.S. Department of Justice (DOJ) announced last week it will not bring charges under federal hacking laws against security researchers and ethical hackers who act in good faith. This decision stems from a landmark 2021 ruling where the Supreme Court ruled in favor of a police officer who was charged with accepting a kickback for accessing the database as a serving police officer, and another for violating the Computer Fraud and Abuse Act (CFAA). The CFAA, became law in 1986 and is widely criticized as outdated. The federal law dictates what constitutes computer hacking, specifically “unauthorized” access to a computer system, at the federal level. The language within the law regarding good-faith researchers and ethical hackers is vague and leaves

In the second portion of this blog series, we are sharing member stories from those with four to six years of experience in cybersecurity. We asked members about their entry into cyber from their first positions to today and what advice they have for newcomers. Do you have advice for incoming cyber professionals? Weigh in on the (ISC)² Community conversation “How to start a career in cybersecurity?” Brian Bresnahan, CISSP, Senior Security Analyst | United States Prior to migrating to a security role, I programmed voice and video systems for 15+ years. I also had extensive data center experience with generators, UPS, cabling, electrical design, network redundancy, fiber rings (SONET) and call routing for call centers. In my first cybersecurity

On March 9, 2022, the SEC released new proposed rules relating to cybersecurity risk management, incident reporting, and disclosure for investment advisers and funds. The proposed rules would require advisers and funds to adopt and implement policies and procedures that are designed to address cybersecurity risks. Advisers and funds would be required to review and assess the design and effectiveness of their cybersecurity policies and procedures; and prepare a report describing the review, explaining the results, documenting any incident that has occurred since the last report, and discussing any material changes to the policies and procedures since the last report. The proposed amendments would require current reporting of material cybersecurity incidents by adding a new item to Form 8-K which is

We recently asked our members who volunteer to engage with the (ISC)² blog about their entry into cyber and what advice they have for those interested in joining the field. These stories help us see a few unique career trajectories and how they are navigating entry and gaining experience in the cybersecurity industry. In part one of this blog, we are sharing members with three years or less of experience in cybersecurity. Do you have advice for incoming cyber professionals? Weigh in on the (ISC)² Community conversation “How to start a career in cybersecurity?” Rishipal Yadav, Senior Cybersecurity Specialist | India I found my first position at a college placement fair. I began working as a software engineer building a

We are excited to announce that more than 1,000 cybersecurity career hopefuls have taken their first step toward launching their careers by taking the (ISC)² entry-level cybersecurity certification pilot exam. Once they earn the certification, they will demonstrate to employers they have the foundational knowledge, skills and abilities to succeed in entry- and junior-level roles. Since the program’s inception earlier this year, more than 1,000 people around the world have taken the exam and many have registered for the (ISC)² entry-level cybersecurity certification course with their exam still to come. With the global cybersecurity workforce needing to grow by 65% to effectively defend organizations’ critical assets, this program will help address the workforce gap by launching thousands of new cybersecurity