By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  and John Martin, CISSP-ISSAP Continued discussion from Security Predictions for 2020 from the (ISC)² Community of Security Professionals (Part 1) Internet of Things (IoT), Industrial Internet of Things (IIoT) and Operating Technology (OT) related to the state of digital certificates The issue is not just self-signed digital certificates or expired certificates. Many of these devices have digital certificates, which need to be managed via a Key Management System and maintained. The fallout, of course, is that without proper controls, these devices can and will be compromised. Currently, the onus is on the consumer to ensure that they know what they are purchasing is actually secure – which is almost an impossible job.  So, the

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP and John Martin, CISSP-ISSAP Cyber-attacks will impact businesses on a larger scale in 2020 and will affect those who are unprepared, whether it is attributed to human error or other disasters. In an effort to combat some of the issues faced by corporations, it is time for CEOs to grasp the mettle and officially buy-in with their security practitioners’ advice. We have all seen various vendors make predictions for Information Security for 2020. These predictions include an increase in targeted Ransomware, threats to the 2020 Elections in the U.S. and other countries, and many conversations on Deep-fakes, attributed to Artificial Intelligence and Machine Learning and the fast pace of technological developments We asked

As demand for cloud computing grows, so does the need to secure it. In a survey of its Technology Executive Council members, CNBC found that cloud and software-defined security are among the C-suite’s top technology strategies for 2020. As reported in this video, cloud computing tops the list, and it’s followed by machine learning, artificial intelligence and software-defined security. The CNBC Technology Executive Council has nearly 150 executives in various industries, 70% of whom participated in the survey. The survey shows that securing cloud environments is a major priority – not only for the C-suite but also for cybersecurity workers. Another study, by the SANS Institute, provides further proof. "The SANS survey showed that rapid movement of corporate services and

Here’s a bit of good news for anyone contemplating a career in cybersecurity: Cybersecurity workers who started their careers in other fields tend to get paid more than career-long cybersecurity professionals, according to new research. As reported by Security Boulevard, a survey conducted by Cynet, which makes breach detection tools, reveals that cybersecurity professionals with equivalent experience earn about the same regardless of whether they have a degree in computer science or a related engineering field. But those who started their careers outside of cybersecurity command higher salaries, a strong indication that employers – in the face of a skills shortage and 0% unemployment in the cybersecurity profession – are willing to open their wallets for recruits from other fields.

One of the most common complaints cybersecurity professionals voice about their employers is that they have to pay for certifications out of their own pockets. It’s not a trivial issue, since workers consider certifications their number one career hurdle, according the (ISC)2 Cybersecurity Workforce Study 2019. Based on study findings, most employers don’t pay their cybersecurity workers’ certification fees. Considerably fewer than half of respondents in the study (37%) say their employers pay for them while 21% say they share the cost with employers. More than one third of respondents (35%) pay for all of their own cybersecurity certification costs. For many, having to pay for certifications themselves is a problem because of the associated costs. It’s the most common