By David Shearer, CISSP, CEO (ISC)²  I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have a great deal of work to do at the operational levels of most organizations that stems from a fair of amount

Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security Workforce Study (GISWS) reveals the ability to defend against cyber attacks has declined over the past year. These are unsettling findings

For years, many in the United States have viewed the traditional four year degree as the only path to a successful career. In late July, a new bill was introduced on the Hill that recognizes the need to change that mindset -- the New Collar Jobs Act. What exactly is a “new collar” job? According to IBM, the original advocate for building new collar career skills, new collar jobs are “roles in some of the technology industry’s fastest growing fields — from cybersecurity to digital design — that require technical training or some postsecondary education but not necessarily a four-year degree.” With the projected workforce shortage of 1.8 million by the year 2020, it is encouraging to see a growing

Name: Tom MusgraveTitle: Security EngineerEmployer: Warner Bros.Location: Burbank, California, U.S.A. Degree: BA HonsYears in IT: 17Years in cybersecurity: 16Cybersecurity certifications: CISSP, CCSP, GCIH, CCNA, CCNP Security   How did you decide upon a career in cybersecurity? After leaving university, and a false start selling parrots for Harrods in Knightsbridge, I needed a change in direction. I joined a web design company as a junior IT engineer and reveled in the role. I then joined the new Cisco TAC support center in Milton Keynes. I was fortuitously recruited to the security team and thoroughly enjoyed troubleshooting all manner of VPN, Firewall and general networking problems. I love solving problems and implementing the security layer over already difficult network layer was a great challenge. I had no qualms in making cybersecurity

(ISC)² webcasts are a great source for insight into all areas of security. From the Internet of Things to malware and compliance, the topics vary. Here are the top 10 (ISC)² webcasts for 2017 so far as ranked by cybersecurity professionals:   Part 1: Future of SIEM - Why Static Correlation Fails Insider Threat Detection Hackers stealing credentials and operating in your corporate network…disgruntled employees collecting customer lists and design materials for a competitor...malware sending identity information back to random domains…these common threats have been with us for years and are only getting worse. Most organizations have invested large amounts in security intelligence, yet these solutions have fallen short. Simply put, security intelligence and management, in the form of legacy