Security Without Regulatory Muscle As a security practitioner, you may have worked in an industry that was not affected by any regulatory authority. There was a time when security was not driven by governmental power. In many cases, this is why security did not exist in smaller organizations. The ideology that a company was “not an attractive target” to cybercrime was a cozy pillow upon which many C-Level executives rested their heads. Over the last twenty years, this has changed. In fact, not only has security been codified in law, but privacy has become an even stronger legal tool to stimulate security in most organizations. In some of the early security and privacy regulations, there were exceptions based on the

The Language of Profit and Loss Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability. Why is this important? This is important because the language of business is based on profits and loss, and that component is key to your progress. How can you describe the need for a new security initiative that makes the point to the people

People looking to get into the cybersecurity field generally demonstrate a solid understanding of the threats facing organizations, according to new research from (ISC)². Yet, they don’t necessarily have the correct expectations of what they will be doing should they land a cybersecurity job. In a profession that covers a wide spectrum of tasks and responsibilities, including security operations, risk assessment and user training, coming up with a clear definition of the role is difficult for outsiders, the study suggests. Nevertheless, job pursuers are aware of the various threats cybersecurity teams have to address, including malware, ransomware and phishing. The Cybersecurity Career Pursuers Study, which polled both current cybersecurity professionals and jobseekers, indicates that jobseekers need a clearer idea of

The annual (ISC)² Cybersecurity Workforce Survey needs your experience and opinions to help shape the conversation.   As we find ourselves more than one year into a global pandemic, we want to accurately reflect the current state of the industry. How has your career been impacted? How has your organization changed? How has your work evolved? We need to hear from cybersecurity professionals, (ISC)² members and non-members, representing all regions globally.   Like last year’s survey results, these results will be used by organizations, governments and the media to foster conversations regarding strategies to improve the recruiting and filling of positions needed to secure organizations around the world.   If you’re an (ISC)² member, check your email for an invitation to participate in the survey. If you have not already taken the survey, please share your insight into the cybersecurity profession. Click here to participate. 

Should you adopt the default security configuration from your Cloud Service Provider to avoid a misconfiguration incident? If you do, proceed with caution. Some default settings may not be required in your environment and would serve the organization better if they were disabled. As part of a complete cloud security strategy, all settings must be checked against an established hardening standard. CSPs deliver a platform and the tools to manage it. Yet ultimately, it isn’t the responsibility of the CSP to secure your environment. It’s yours. READ THE ARTICLE