Blog

Name: Mr. Toh Tai AnnTitle: Principal Trainer and ConsultantEmployer: Solution of Solutions LLPLocation: SingaporeDegree: Bachelor of Electrical Engineering (Hons) University of Western AustraliaYears in IT: 31 yearsYears in cybersecurity: 10 yearsCybersecurity certifications: Certified Information System Security Professional (CISSP)Certified Cloud Security Professional (CCSP)The Open Group Architecture Framework (TOGAF)   How did you decide upon a career in cybersecurity? I have been an Information Technology professional for more than 25 years and in the Information Technology sector for 30+ years. In these 30+ years I have seen the transformation of IT from a mainframe/minicomputer centric data centre setup to a very disparate, distributed and complex environment. The centralised mainframe/minicomputer setup had many advantages from the security perspective. Physical security was extremely tight and

Name: Jasmin LandryTitle: IT Security AnalystEmployer: SecureOpsLocation: Montreal, Canada Years in IT: 4Years in information security: 3Cybersecurity certifications: SSCP, OSCP, CEH, eJPT, CCNA: Security, MCSA   How did you decide upon a career in cybersecurity? It all started when I was a teenager. I enjoyed video games and I was curious about how they were created, so I decided to pursue education in programming. I quickly switched path though, after my first networking class. The teacher introduced us to Wireshark and I was just so amazed at what it could do, and what I was able to see with it. After taking more and more classes related to networking and security, my interest in information security continued to grow.  

It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if the device data falls into the wrong hands? Any infosec pro will tell you: Only install applications from a trusted

By David Shearer, CISSP, CEO (ISC)²  I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have a great deal of work to do at the operational levels of most organizations that stems from a fair of amount

Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security Workforce Study (GISWS) reveals the ability to defend against cyber attacks has declined over the past year. These are unsettling findings

By David Shearer, CISSP, CEO (ISC)²  Let's face it, there's still a fair amount of fear when it comes to the cloud, and I know firsthand people in Texas and Florida recently experienced some devastating weather that tests individuals' and organizations' resiliency. Natural disasters like Hurricane Harvey, Irma and others around the world can serve as a reminder that cybersecurity, IT/ICT and OT for that matter, need to work in complementary ways to ensure not only cybersecurity resiliency but business and mission fulfillment resiliency (i.e. Continuity of Operations). I break these areas out, because I frequently hear them discussed in stovepipe ways. That vertical versus horizontal view simply does not serve the endgame for the organizations we serve. I'm old enough