Commonly used cybersecurity terms such as “blacklisting” and “whitelisting” may be discontinued if the National Institute of Standards and Technologies (NIST) efforts are successful. The agency wants to eliminate terms with problematic connotations from speech and written documents and replace them with neutral, more precise wording. “Using inclusive language can help people from diverse backgrounds feel more welcome and encourages precise, high quality work,” the agency explains in recently issued guidance document on the matter, NISTIR 8366. The purpose of the effort is threefold: Develop documentary standards Use inclusive language in verbal communication during meetings and negotiations Create documentation on “realization and dissemination of physical standards” The use of bias-free language, NIST says, allows everyone to feel included in discussions,

An interesting take-away from the (ISC)2 Cybersecurity Career Pursuers Study is what cybersecurity professionals told us were the most important technical skills for those looking for their first cybersecurity job. When current jobholders were asked to rate the most important technical skills for aspiring cybersecurity professionals, there was little differentiation among the 20 technical concepts they were asked to rate.   Cyber Security Technical Skill or Concept Rating (1 – 5) Cloud Security 4.46 Malware Analysis 4.44 Data Analysis 4.42 Threat Assessment 4.42 Intrusion Detection 4.42 Risk Assessment/Management 4.37 Encryption 4.37 Secure Software Development 4.37 Networking 4.34 Database 4.32 Penetration Testing 4.27 Backup and Storage 4.26 Coding/Programming 4.26 Access Management 4.22 Alert and Event Management 4.22 Hardware 4.21 Compliance 4.19 Forensics

The Power of Positive Thinking Remember the early days of software programming? There were stories about the solitary programmer, toiling late into the night, (and into the next days and nights), working until the creation was complete. These images were corroborated by people such as Shawn Fanning, the creator of Napster, and Mark Zuckerberg, the creator of Facebook. They had more than a mission; they had a vision, and unceasing motivation. Software development has come a long way from those “lone wolf” days. The alumni of those early days have gone on to greater tasks. While the motivation to create a great software product has not waned, it has become more formalized and legitimized. Motivation became married to discipline. Within

(ISC)² Webinars are an opportunity to take part in active, educational and engaging sessions delivering up-to-date knowledge from cybersecurity experts. Experienced and vetted professionals lead discussions on industry-relevant topics with four to five live global webcasts per week in addition to recorded content. All webinar subjects are designed with your continuing education in mind, ensuring that sessions are informative and relevant. Each session delivers a discussion of topical items that practitioners face in the field, free of marketing pitches or product-centric discussion. With 13 years of developing content, the (ISC)² team can assure that attendees will receive vendor-neutral content and that they can appreciate and use. Continuing education and the ability to hear from, and ask questions of, subject matter experts

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.   In support of this diversity, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we heard from Mari Aoba and her experiences with CISSP. This installment features Jason Lau, CISO for Crypto.com and an official member and contributor on the Forbes Technology Council. He is also an adjunct professor and industry advisory board member (cybersecurity and data