Organizational culture typically takes shape as a result of decisions and actions by top management, who are responsible for setting vision, values and practices. When leadership doesn’t understand something, it shows in how the organization handles that particular area. When it comes to IT security, research by (ISC)2 reveals a tepid commitment to investing in a strong security stance, both in the areas of technology and human resources. Too often, cybersecurity teams are short-staffed, lack the resources they need to handle a cyberattack, or aren’t given the responsibility to fill a more proactive role in protecting company data and networks. About half of participants in (ISC)2’s 2017 Global Information Security Workforce Study, consisting of IT professionals in charge of security

Name: Jasmin LandryTitle: IT Security AnalystEmployer: SecureOpsLocation: Montreal, Canada Years in IT: 4Years in information security: 3Cybersecurity certifications: SSCP, OSCP, CEH, eJPT, CCNA: Security, MCSA   How did you decide upon a career in cybersecurity? It all started when I was a teenager. I enjoyed video games and I was curious about how they were created, so I decided to pursue education in programming. I quickly switched path though, after my first networking class. The teacher introduced us to Wireshark and I was just so amazed at what it could do, and what I was able to see with it. After taking more and more classes related to networking and security, my interest in information security continued to grow.  

By David Shearer, CISSP, CEO (ISC)²  I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have a great deal of work to do at the operational levels of most organizations that stems from a fair of amount

Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security Workforce Study (GISWS) reveals the ability to defend against cyber attacks has declined over the past year. These are unsettling findings

By David Shearer, CISSP, CEO (ISC)²  Let's face it, there's still a fair amount of fear when it comes to the cloud, and I know firsthand people in Texas and Florida recently experienced some devastating weather that tests individuals' and organizations' resiliency. Natural disasters like Hurricane Harvey, Irma and others around the world can serve as a reminder that cybersecurity, IT/ICT and OT for that matter, need to work in complementary ways to ensure not only cybersecurity resiliency but business and mission fulfillment resiliency (i.e. Continuity of Operations). I break these areas out, because I frequently hear them discussed in stovepipe ways. That vertical versus horizontal view simply does not serve the endgame for the organizations we serve. I'm old enough