When doing their work, cybersecurity professionals often come across situations that put their skills to the test. And sometimes those tests have far less to do with technology or business than with questions of ethics. When cyber professionals discover vulnerabilities while performing penetration tests or some other security-related work, is it OK to disclose those vulnerabilities publicly? What happens if system owners are made aware of issues but decide to ignore them? And at which point, while testing systems containing private information, do cyber professionals reach a line they should not cross? These questions were part of a lively panel discussion today at the (ISC)2 Security Congress 2019, taking place in Orlando this week. The session, “Ethics Dilemmas Information Security

The spotlight was on safety at the kickoff this morning of (ISC)² Security Congress 2019, taking place this week in Orlando. First, (ISC)² CEO David Shearer talked about the role that association members have in protecting society through their cybersecurity work. Then, Capt. Chesley Burnett "Sully" Sullenberger, the pilot of flight 1549, which landed on the Hudson River in January 2009, related the events of that day and how he and his co-pilot, Jeff Skiles, safely landed their U.S. Airways Airbus with everyone aboard surviving the event. Shearer spent much of his kickoff address on the importance of abstracting what cybersecurity professionals do from the very users they are protecting. “Our customers’ users simply want to be able to do

(ISC)²’s biggest and best Security Congress yet – with three days of more than 175 sessions and 200 speakers – kicks off in less than three months! Act now - Early Bird registration is still open and workshops and pre-conference trainings are filling up. This year’s conference will be held at the Walt Disney World Swan and Dolphin Resort and will feature workshops, career resources, awards, an escape room and so much more. Our Center for Cyber Safety and Education will once again host its annual volunteer orientation and other special programming.   Find out what Center Day at (ISC)² Security Congress has in store this year.

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure.    Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with getting the basics of security right.” The surging adoption of cloud container systems such as Docker and Kubernetes is

You’ve been curious. You’ve waited patiently. And now you’ll know exactly which sessions you can look forward to at our ninth annual Security Congress in Orlando! The full agenda for this conference is now online for you to browse and you won’t want to miss this year’s event. Security Congress will advance a global perspective and vision as our premier conference for thousands of cybersecurity professionals from all over the world. With 18 tracks, 175 sessions and more than 200 speakers, this will be the biggest program ever. Featured sessions include: A panel discussion on Diversity, Equity and Inclusion: How to Create a Winning Security Company Culture moderated by Jennifer Steffens, CEO of IOActive. Panelists include Ericka Chickowski, Executive Editor of