We all have unconscious bias. In fact, our ability to use pattern recognition and informed judgement can be a benefit in many professions, especially cybersecurity. However, unconscious biases in areas of hiring, mentoring, promoting or developing staff could hamper efforts to build the cybersecurity workforce and to diversify the individuals who make up this group. (ISC)² has partnered with Cyversity, an organization whose mission is to achieve consistent representation of women and underrepresented minorities in the cybersecurity profession, to offer a series of free webinars addressing unconscious bias. The first webinar in this series – Understanding Unconscious Bias – will take place on June 29 at 1:00 p.m. ET on the (ISC)² Security Briefings webinar channel. Registration is open now

Security teams should stop treating users as the weakest link in security and, instead, turn them into allies in building a strong security culture. This was the message from Shelly Epps, HCISPP, Director of Security Program Management at Duke Health, who delivered a presentation this week at the (ISC)² SECURE North America virtual event. “If you are relying upon users for your security, you’ve effectively already failed,” she said. Instead, organizations need to develop comprehensive, multidimensional programs that keep users engaged. Traditionally, Epps said, organizations have built security programs around compliance obligations and PowerPoint-based lists. Programs tended to be punitive, turning the cybersecurity staff into the bad guys, when a rewards-based approach is better. Developing the right culture requires empowering

If you’ve ever wondered about the relationship between privacy and apples, privacy expert J. Trevor Hughes explained the connection during a session at the (ISC)² SECURE North America one-day virtual event. “Privacy is a fundamental human truth,” he said. “It has existed since the dawn of time.” In fact, he said, privacy concerns started after Adam and Eve committed the crime that got them expelled from the Garden of Eden. They ate an apple they weren’t supposed to. Since then, privacy perceptions and concerns have evolved as new threats in the form of new technologies – flexible film, the telephone and the smartphone – have emerged. Technology, he says, mediates privacy. Along the way, we’ve had to adjust and find

Ready. Set. Vegas and Beyond! We are looking forward to our first-ever hybrid (ISC)² Security Congress on October 10-12. This year’s event will have something for everyone, whether you decide to attend in person at Caesars Palace in Las Vegas or virtually. More than 100 breakout sessions will cover all of the hot and trending topics in today’s cybersecurity climate including, but not limited to, incident response, Zero Trust, AI, IoT, cloud security, building and maintaining resilient cybersecurity teams and much more. View the Security Congress agenda now, including some of our most anticipated sessions:   Are Deepfakes Really a Security Threat? - Thomas P. Scanlon  So You Want to be an Expert Witness - Hoyt L. Kesterson, II  Mentalism, Magic

Duncan Jones, Head of Cybersecurity for Cambridge Quantum, recently spoke with Fierce Electronics about quantum cybersecurity and where it’s headed. In the interview, Duncan referred to quantum as “a boogeyman for cyber,” but said “it’s also going to help us as well.”   With rapidly advancing technology, as many as 80% of cyber pros believe that quantum computers will become powerful enough over the next few years to break current encryption methods. For organizations looking to prepare for the threat of quantum and figure out the best path forward, Duncan will be presenting on how to protect your organization against threats to encryption – before “Q-Day” arrives.   In his upcoming (ISC)² SECURE Webinar, The Threat and Promise of Quantum