In cybersecurity, threat actors are relentless. To keep systems safe, we need a process of controls to oversee the entire chronology of a potential attack scenario – protection before an attack happens, effective mitigation and correction during an attack, and recovery afterwards. The tools of defense are vital, but not enough. Organizations need to decide how to deploy these tools, how much to spend, how to train people, and how to ensure they maintain compliance with industry standards and governance/risk (GRC) requirements. Security controls must be organized and described in a way that non-IT people – employees and executives alike – understand and embrace, even if they do not fully grasp all the technical terms, and this is where specialized

The global cybersecurity skills gap narrowed over the past year, from 3.1 million to 2.7 million people, and job satisfaction got a substantial boost, according to the newly-published 2021 (ISC)2 Cybersecurity Workforce Study. The narrower skills gap reflects an increase in people joining the field, the study found. “For 2021, our study estimates there are 4.19 million cybersecurity professionals worldwide, which is an increase of more than 700,000 compared to last year.” However, the gap in Asia-Pacific (APAC) was reduced by 500,000 this year, overshadowing the increased deficits in all other regions where the gap has actually increased. Roughly one-third of the survey respondents indicated that a shortage in cybersecurity team members has led to real world impacts, including misconfigured

Different personality types, different approaches to life, and different styles of learning; these qualities are what make us all unique, helping us to add our perspective to make the world a better place. However, when trying to pass a rigorous exam, these distinctive qualities can seem like a hindrance, causing some to doubt their abilities to succeed. Fortunately, the people at (ISC)² recognize and celebrate that not all people have the same approach. (ISC)² has taken great measures to create study materials to meet a variety of learning styles, and needs, giving each candidate an equal chance of success. Whether you are the “lone wolf” type, or the social learner, or perhaps a combination of both, there are official study materials

The (ISC)² Government Professional Award recognizes government cybersecurity leaders whose commitment to excellence has helped to improve government information security and advance an in-demand workforce. The recognition is given to individuals whose initiatives have improved the areas of technology, process/policy or workforce and has led to significant developments in the security posture of a department, agency or entire government. We had a chance to learn more about the 2021 (ISC)² Government Professional Award honorees and their contributions to a safer and more secure cyber world. Asia-Pacific Region (ISC)² Government Professional Award Honoree Group Captain Amorn Chomchoey, CISSP is Acting Deputy Secretary General for the National Cyber Security Agency of Thailand. He inspires and leads RTAF personnel from all units of

You could say one of the purposes of the annual (ISC)² Security Congress is to deliver an industry status check. How is the cybersecurity industry doing, what could be better, and what are the biggest challenges it faces? This year’s Congress, which took place virtually from October 18 - 20, addressed a host of pressing topics in the industry, from combatting ransomware to zero trust implementation to protecting critical infrastructure against foreign adversaries. One of the biggest challenges though is to attract more diversity into the cybersecurity workforce to counter the shortage of personnel in the field. It was a theme that (ISC)² CEO Clar Rosso highlighted right at the start of the event in her welcome address. Cybersecurity remains a white