Blog

Dear (ISC)² Members, Associates and Candidates:  I hope this message finds you well. As 2022 comes to an end, I am grateful for the opportunity to reflect on the past year and all we have achieved together.   Launching an entry-level certification – the first new (ISC)² certification in more than five years – was a feat unto itself. More importantly, though, it demonstrates our commitment to creating new pathways into cybersecurity for many career-hopefuls. We are happy to already have welcomed more than 5,500 new Certified in Cybersecurity (CC) holders into our membership ranks.   Enabling anyone passionate about a cybersecurity career to learn and grow with us was the driving force behind (ISC)² Candidate. Since its launch in September, more than

By Aaron Weathersby, CISSP. Aaron is the Chief Information Officer for Charles R. Drew University of Medicine and Science and holds a Doctor of Science in Cyber Security from Marymount University. He is an Information Technology professional with over 18 years of experience focused on cybersecurity issues. Abstract: A policy brief on the May 2021 White House Executive Order 14028 requiring the improvement of the nation’s cybersecurity through the lens of Cyber Threat Intelligence. A summative read geared towards federal agencies and government contractors who must implement the order. In this brief an exploration of the current state of cybersecurity and the impetus of this order is provided. A brief summary of key policy points is detailed along with recommendations

UK cybersecurity leaders recently gathered for a Chatham House members event panel in London to discuss the heightened need for a skilled workforce, the effects the COVID-19 pandemic had on the global cyber workforce and developing skills for the next generation of cyber professionals. (ISC)2 CEO Clar Rosso was joined by CEO of the UK Cyber Council Simon Hepburn, and Parliamentary Private Secretary, Cabinet Office Ruth Edwards MP, as well as First Attaché to the UK, Cybersecurity and Infrastructure Security Agency (CISA) Julie Johnson as they sat down to address issues and potential solutions to the global workforce gap. Clar was first to address how the pandemic changed the cyber workforce. and she inferred that the pandemic intensified the workforce

The SSCP certification is held by more than 7,000 professionals around the world. Known for its technical rigor, the members who hold this qualification are typically working in areas like IT administration, networks security, security operations or incident response. The exam was last refreshed in November 2021 which that means it is time for us to begin the process again. We announced last week that the CISSP will be starting the revision process in January and so will the SSCP. We need to hear from you, the certification holders. As we prepare for a Job Task Analysis (JTA) Study Workshop in January (tentatively scheduled for January 23-25), we are asking all SSCP-holders to review the current SSCP exam outline (now

The rise of new ransomware gangs, cyberattacks on Uber and California’s Department of Finance make headlines this week. Here are the latest threats and advisories for the week of December 16, 2022. Threat Advisories and Alerts U.K. Government Sets New Standards for App Security The U.K. government has requested that app store developers and operators voluntarily follow a code of practice to protect consumers from malicious apps and actors. The code consists of eight principles, including requests to keep apps up-to-date, implement a vulnerability disclosure process, provide clear feedback to developers and more. The guidance comes at a time when news of malicious apps regularly appears in the headlines. Source: https://www.gov.uk/government/consultations/app-security-and-privacy-interventions/outcome/government-response-to-the-call-for-views-on-app-security-and-privacy-interventions#section-2-code-of-practice-principles  APT5 Threat Group Actively Exploits Citrix Vulnerability Citrix has

The success of our membership-driven organization is closely linked to the effort that each certification holder puts into the organization. At (ISC)², we are fortunate to have a highly engaged membership that actively contributes to our success through volunteer opportunities. Our volunteers take on myriad tasks, from helping to organize events to speaking at conferences to developing certification exams. Another important way that members volunteer their time is by contributing informative blogs on timely cybersecurity topics that expand our knowledge base and help peers gain new insights into the cybersecurity field. (ISC)² members contribute blogs in two ways. One is through member-written blogs, in which authors cover a topic of their choosing with relevance to the membership. The second is