Infosecurity Europe is unquestionably the biggest and most significant cybersecurity conference and event on the European calendar, a mainstay that is enjoyed by the entire industry and that serves as an important opportunity for members to meet each other and engage with the (ISC)² team on our stand. Like so many key industry events, Infosecurity Europe has been operating as a virtual event for the last two years due to the pandemic but made a triumphant return to physical being this year along with a move to a brand new venue. 2022 saw the show move from London’s Olympia Exhibition Center to ExCel in East London, a larger and more modern facility capable of accommodating the growing show and expanding

We all have unconscious bias. In fact, our ability to use pattern recognition and informed judgement can be a benefit in many professions, especially cybersecurity. However, unconscious biases in areas of hiring, mentoring, promoting or developing staff could hamper efforts to build the cybersecurity workforce and to diversify the individuals who make up this group. (ISC)² has partnered with Cyversity, an organization whose mission is to achieve consistent representation of women and underrepresented minorities in the cybersecurity profession, to offer a series of free webinars addressing unconscious bias. The first webinar in this series – Understanding Unconscious Bias – will take place on June 29 at 1:00 p.m. ET on the (ISC)² Security Briefings webinar channel. Registration is open now

Security teams should stop treating users as the weakest link in security and, instead, turn them into allies in building a strong security culture. This was the message from Shelly Epps, HCISPP, Director of Security Program Management at Duke Health, who delivered a presentation this week at the (ISC)² SECURE North America virtual event. “If you are relying upon users for your security, you’ve effectively already failed,” she said. Instead, organizations need to develop comprehensive, multidimensional programs that keep users engaged. Traditionally, Epps said, organizations have built security programs around compliance obligations and PowerPoint-based lists. Programs tended to be punitive, turning the cybersecurity staff into the bad guys, when a rewards-based approach is better. Developing the right culture requires empowering

Last week (ISC)² released the (ISC)² Cybersecurity Hiring Managers Guide: Best Practices for Hiring and Developing Junior Talent built on the latest research to help organizations grow their teams and retain top talent. The report highlighted the top technical skills, non-technical skills and personality attributes hiring managers seek and how organizations can benefit from unique recruiting and professional development strategies. In a recent volunteer survey, we asked members with hiring experience what trends they are seeing in the industry. Many mentioned technological shifts expedited by the pandemic including remote work, virtual interviews and hybrid work environments. They also noted a shift in requirement of degrees and certifications for entry-level staff and more emphasis on diversity of backgrounds and experiences. Filip

Facing an acute shortage of qualified cybersecurity professionals, hiring managers are recruiting entry- and junior-level practitioners to their teams. The latest (ISC)² research captured in our Cybersecurity Hiring Managers Guide reveals this practice enables organizations to build stronger and more resilient cybersecurity teams. The findings come from a poll of 1,250 hiring cybersecurity managers who hire entry- and junior-level practitioners for small, mid-size and large organizations in the United States, Canada, United Kingdom and India. The cybersecurity skills gap currently stands at 2.7 million worldwide, forcing hiring managers to deprioritize experience when choosing candidates who show promise. Managers are less insistent on finding technical skills and, instead, have honed their focus on non-technical skills such as ability to work in a team