We asked CISSPs and CSSPs around the world, “If you could say anything to your CEO about hiring for the cloud, what would it be?” Respondents said one of the biggest challenges facing cloud specialists and senior executives in the C-suite is the difference in what each side holds as priority. While senior executives are as passionate as cloud experts about protecting their organization and ensuring security and growth for the long-term — their interests are built around issues of fiscal responsibility. At the same time, cloud specialists seek to explore the people, processes and tools that will help ensure their organization’s protection, security and growth — and that requires a financial investment. From the perspectives of cybersecurity experts, what

The decision to authorize (or not) an information system to operate within an organization is the result of an on-going project that needs to be dealt effectively to be successful and prevent your business from being exposed to unwanted threats. As NIST highlights, authorization to operate (ATO) is a “management decision to explicitly accept the risks” from operating an information system. An authorizing officer needs not only have executive buy-in to fulfill their project, but they need to possess the foundational knowledge required to avoid project scope creep. An (ISC)² Certified Authorization Professional (CAP) is the practitioner who can exercise sound security risk management in pursuit of information system authorization to support an organization’s operations in accordance with legal and

When asked how CISOs could better address the impact of the cybersecurity skills shortage, the most popular suggestion was to increase the overall commitment to training, according to The Life and Times of Cybersecurity Professionals report from Enterprise Strategy Group and the Information Systems Security Association. In fact, security professionals must continue developing their professional skills or put their organizations at a competitive disadvantage, according to 91 percent of respondents. But with so many training and certification options out there, which most effectively demonstrates the broad knowledge and skills required to secure cloud environments? Let’s compare three leading cybersecurity certifications: (ISC)² Certified Cloud Security Professional (CCSP) vs. Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) Data Center.

Richard “Rich” W. Owen, Jr., CISSP has over 50 years of experience in the field of information protection. He is a past International President of the Information Systems Security Association, Distinguished Fellow, member of the Honor Roll and a member of the Information Security Hall of Fame. He is also a Fellow of the Ponemon Institute and the CEO of Johnny Security Seed, LLC.  Rich worked alongside Harold “Hal” F. Tipton on several endeavors, including the creation of (ISC)² and the first CISSP exam as one of the early pioneers of the information security industry. Rich created numerous quality security programs and advised others on developing and improving their programs. He built the information security program for Mission Operations at Johnson Space Center,

Megan “Meg” West, CISSP, is an Incident Response Consultant for IBM’s X-Force Incident Response Team. Prior to joining IBM, she worked as the Global Cybersecurity Incident Response Manager for another F100 company. She currently holds the CISSP and Security+ certifications as well as a Master of Science degree in cybersecurity. She has spoken at several international cybersecurity conferences including (ISC)² Security Congress and SAP Sapphire Now. Megan spends her free time mentoring college students as they enter the cybersecurity field. She also enjoys creating free cybersecurity content on various social media platforms such as YouTube and Twitter. Register now to hear Megan speak at Security Congress.   What does receiving the (ISC)² CEO Award mean to you? Achieving this (ISC)²