By Cynthia Freeney, CSSLP currently holds the dual role of project manager and security officer. Cynthia's current focus in the security realm is ensuring organizational policies, procedures, processes and security controls are in compliance and will withstand an upcoming SOC 2 Type II audit. There is a consensus among many industry thought-leaders, leaders within small, mid, and major-sized organizations, security researchers, and others regarding the importance of delivering secure solutions and products. An organization's ability to consistently and effectively provide secure products and solutions is predicated on its level of risk awareness, commitment to adopting and auditing processes that promote secure software development and allocated budget and resources. A secure software development lifecycle is essential to developing secure products and

Kaleb Worku’s record of academic distinction and relevant experience earned him the 2020 KnowBe4 Black Americans in Cybersecurity scholarship and the following year the CyberCorps® Scholarship for Service. Today, he is a junior in the School of Computer and Cyber Sciences at Augusta University pursuing a Bachelor of Science degree in cybersecurity. He is an undergraduate research assistant investigating medical device cybersecurity under the supervision of Dr. Michael Nowatkowski, CISSP and the captain of his school’s computing programming division of the Association for Computing Machinery. We caught up with Kaleb to discuss how earning this scholarship has impacted his journey and the ways in which he is working to make an impact on the future of cybersecurity. What prompted your

The disclosure of the Log4j zero-day exploit in December 2021 had a serious impact on the cybersecurity industry. The flaw is found in one of the most commonly used pieces of software, thus, it could potentially impact billions of devices. If left unpatched, attackers could seize complete control of the device, which is cause for alarm. In fact, the Federal Trade Commission (FTC) threatened to use “its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” To better understand the implications of Log4j for cybersecurity professionals, (ISC)² conducted an online poll of 269 cybersecurity practitioners examining the Log4j vulnerability and the human impact

Cybersecurity is one of many industries lacking diverse perspectives and backgrounds, which are essential for combating the ever-evolving threat landscape. (ISC)² estimates that the Cybersecurity Workforce Gap as of 2021 stands at 2.72 million professionals globally, but women make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. This imbalance and lack of diversity in the sector was highlighted in the recent report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity. This disparity is also recognized by the U.K.’s National Cyber Security Centre (NCSC), which recently released its 2021 NCSC Diversity Report. Showing that although the U.K. cybersecurity industry is making strides to close the diversity gap,

Registration for the second (ISC)² online proctored CISSP exam pilot program is now open to candidates in the U.S., U.K. and Singapore. Built on results from the association’s first online proctored pilot test in 2021, this pilot program is designed to further assess the viability, and help determine the potential future availability, of online proctoring for (ISC)² certification examinations. The learnings from this pilot program will help us further augment our exam delivery capabilities, ensuring the experience is safe, secure and provides candidates with the best possible opportunity to demonstrate their competence, regardless of the examination delivery method. What’s New With exam security as the primary objective, (ISC)² has established new identity validation and security processes for this second pilot