The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.   In support of this diversity, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we heard from Mari Aoba and her experiences with CISSP. This installment features Jason Lau, CISO for Crypto.com and an official member and contributor on the Forbes Technology Council. He is also an adjunct professor and industry advisory board member (cybersecurity and data

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for HCISPP is up next for review! In preparation for that upcoming review, we would like to hear from YOU, our HCISPP members. We want to hear from you on the new and emerging cybersecurity issues that should be addressed, but are not covered in the current HCISPP Examination Outline. This

How Much Access is Too Much? Many security practitioners grapple with the problem of their colleagues demanding too much access to network resources. Sometimes, it is not just people who request excessive access, it could be an application that needs more access than necessary to function, or it could be a process that is demanding too much access. In some cases, an entire system or network can be the access challenge. Whatever the case may be, there are many methods at the fingertips of the security practitioner to control access in a way that enables a business to function without the risk of oversharing. The Risks of Excessive Access Unbridled access has been cited in many security incidents. From the

A Fun Science Fact Are you familiar with the often misquoted study about how every cell in the human body is replaced around every seven years? While a complete body makeover doesn’t actually happen, there is truth that many cells are regenerated over time. In some parts of the body this happens faster than others. It would be fascinating if humans could truly change their identity every few years. As an information security professional, you are aware that identity management is a very important part of the security landscape. Like many cells in the human body, identity access management (IAM) has not remained static. It started from some very simple beginnings, has changed and continues to change. Is this just

Why Does This Have to Be So Hard? As a security practitioner, how often have you heard the refrain from your colleagues that one of the security protocols that were so carefully thought-out and expertly implemented are just too difficult to deal with? Perhaps you have sighed when you had to adhere to your own security protocol? As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member after you have crossed into the elite world of information security? It seems that once one becomes aware of all