Name: Thien Phan (ISC)² Exams Passed: CISSP and CCSPTitle: Cybersecurity, Privacy and IT Risk AssociateEmployer: PricewaterhouseCoopers (PwC)Location: New York City, NY, U.S.A.Education: MBA degree and Bachelor’s Degree in Management Information Systems (MIS) from Binghamton UniversityYears in IT: 1 yearYears in cybersecurity: 1 yearCybersecurity certifications: Security+, CCNA Cyber Ops   How did you decide upon a career in cybersecurity? It was back in my third year of college when I interned for a multimedia company as a database administrator. I did not know much about how different technologies worked together. I was introduced to the concept of networking and how a database system can provide output to the front-end web server. I learned about the SQL injection and became fascinated with the

(ISC)²’s theme for 2018 is Enrich. Enable. Excel. In an effort to enable our members to be the best in their field, we have partnered with A Cloud Guru to offer a one-month free membership to A Cloud Guru. This benefit allows members exclusive access to cloud security education from A Cloud Guru, which delivers an array of cloud security courses to enable cybersecurity professionals to better defend their data in the cloud. Cloud security was identified as the number one skill security professionals needed to acquire or strengthen to advance their career, according our 2017 Global Information Security Workforce Study. A Cloud Guru offers cloud-based training courses for all experience levels, and allows you to sort the courses by

By Kwinton Scarbrough, CISSP In the midst of the business and technology merge, organizations of all industries have started their journey into the cognitive era of cybersecurity. In this era, it is essential for a business to have an IT security strategy to govern how the organization will protect itself from internal and external cyber threats. However, what commonly fails to align to IT security strategy is the organization’s overall security culture. IT security strategy can only be effective if there is a strong security culture embedded into the very fabric of the company’s operations. Today, I will cover the two core components for building a robust security culture, to maximize the effectiveness of the IT security strategy. An organization’s

By Wesley Simpson, COO, (ISC)² Some have called the skills gap in IT and cybersecurity a national security crisis. Yet, it’s one that most everyone in the industry doesn’t know how to solve. Many look to automation and other technologies as a solution to the problem. Others foster relationships that will fill the pipeline and attract new talent. But there is no ONE solution. Instead, organizations need to both build and buy the talent they need. The growing gap between skills needed and qualified candidates is not a problem that technology alone can solve, but it is one that is made more complex by burnout and attrition. Companies need to be thinking about the strategies they can put in place

By John McCumber, Director of Cybersecurity Advocacy, (ISC)² North America Region I am thoroughly stoked to announce The Lexicon Project has finally come to fruition. The first thousand copies are being printed as I type this. It has taken several months, and the support of our full team here at (ISC)², but it has happened. I also want to acknowledge the critical advice from our North American Advisory Council (NAAC) for their input to the lexicon. But, why would we take this on as one of the first projects for the new Cybersecurity Advocate’s role? The third week of my tenure as your humble Advocate was spent walking the halls of Capitol Hill and meeting with legislators, committee members, and the