Technology and cybersecurity cannot be thought of as the responsibility of a siloed IT department – it is the lifeblood of the organization. In day-to-day operations, as well as during moments of crisis, a company’s different functional areas must be able to collaborate and must know who to turn to for leadership. System authorization has been employed in government for over 20 years, and it is becoming recognized outside government for the promise it holds as a practical approach for identifying and documenting business requirements for security, for ensuring that cost-effective controls are functioning appropriately, and for ensuring that weaknesses in protective controls are managed effectively.   Based on NIST standards, system authorization formalizes the decision-making process, placing clear directives and

The 2021 (ISC)² Cybersecurity Workforce Study revealed that the global cybersecurity workforce gap is 2.72 million. This is the number of jobs within the industry that are necessary to fill to defend critical assets. With so many cybersecurity organizations looking to fill positions, you may think to yourself, “Is cybersecurity a good industry to enter?” or “What are the pathways to cybersecurity?” and “Where would I find a cybersecurity job?” Cybersecurity Workers are Satisfied and Well-Compensated This year’s Cybersecurity Workforce Study showed that 77% of cybersecurity professionals are satisfied or extremely satisfied in their current role compared to only 49% of overall American workers, according to a recent study from Zippia. Cybersecurity professionals are passionate about keeping information secure and

Virtual Shadowing Not Only Works – It’s the Way of the Future When cloud security specialists are onboarded, a period of adjustment and learning is required, regardless of their level of education and certification. No one knows the intricacies of their new employer until they’ve been there a while. But what happens when their new workplace has adopted a virtual or hybrid model, where shadowing entirely in person is impossible? The (ISC)² white paper, Cloud Adoption and the Skills Shortage, looks specifically at why a shortage of qualified specialists is proving to be one of the largest impediments to cloud adoption. One contributor to the gap in expertise on staff cited in the research is a lack of mentoring. Certified Cloud

If you were called into one of your executive’s offices and asked to explain the difference between Diffie-Hellman key exchange and RSA in non-technical terms, could you do it?  As a security professional, that is probably not a problem. Even without too much effort, or math, you could easily help a non-technical person so that they would have a reasonable understanding of why these mathematical functions create the ability to securely conduct business on the internet. Now, if that same executive asked you to describe which one is recommended in the General Data Protection Regulation (GDPR), or the California Consumer Privacy Act (CCPA), would you recognize that it is a trick question, as neither of those prescribe a specific type

The data protection and privacy landscape is evolving and almost every country has now a privacy law or regulation that dictates how businesses should safeguard sensitive, personal data. Although these laws share many similarities with the EU GDPR, businesses migrating their employee or customers data to the cloud should consider the specific requirements of these laws before collecting, storing, and processing electronic data in the cloud. In addition to the privacy and security requirements, businesses should understand that although cloud security and privacy are distinct concepts, data privacy complements and strengthens existing data security in the cloud. With data locality and sovereignty and privacy-by-design being top concerns, as the Schrems II rule indicates, Certified Cloud Security Professionals (CCSP) should leverage