As published in the September/October 2020 edition of InfoSecurity Professional Magazine By Anita J. Bateman, CISSP We are all plagued by technical debt in the form of legacy systems that can no longer be patched but must be kept up and running. Critical business processes, legacy data retention, lack of system knowledge or “pet” projects might keep us from retiring these difficult-to-maintain systems. From the very first operating system updates on the original IBM 360 to the latest Windows 10 updates today, we still struggle with this common challenge to fully patch and maintain our technical systems. Might there be a different way to approach this perennial issue? Might we invoke some of the philosophies, principals and methodologies of organizational experts when

Dear (ISC)² Members and Associates:I hope you, your families and your colleagues are well. Back in August, (ISC)² Board of Directors Chairperson Dr. Kevin Charest, CISSP, shared the news with you that I was selected as our association’s new CEO. I am honored by this opportunity. I stand in admiration of the enormity of the responsibility each of you have every day to secure organizations around the world, and I am excited about what we will accomplish together. I have spent the majority of my career helping professional associations deliver on their value-promise to members. I look forward to working with the Board, the (ISC)² team and all of you to write the next chapter in the history of this

Last month, (ISC)² held its annual election for new members to join its Board of Directors. Four candidates won and have accepted seats on the board effective January 1, 2021. The new board members will be: Eiji Kuwana, CISSP (Japan) Samara Moore, CISSP (United States) Jill Slay, CISSP (Australia) Lisa Young, CISSP (United States) The 13-member board is comprised of (ISC)² members – all volunteers – who provide strategy, governance and oversight for the organization, grant certifications to qualifying candidates and enforce adherence to the (ISC)² Code of Ethics. The newly elected board members will join the ranks of other top cyber, information, software and infrastructure security professionals from around the world representing academia, private organizations and government agencies. Thank

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. BY JASON McDOWELL, CISSP Companies from all industries are looking for qualified cybersecurity professionals to fill the skills gap in their current workforce. Demand is high, and many companies are willing to pay top dollar to those who possess the skills they need. With this high-demand, high-paying environment, what could go wrong? Plenty. With the exception of companies that specialize in information security, accurate valuation of the cybersecurity role in many companies is still very challenging, and many managers lack even a basic understanding of what cybersecurity professionals do within the organization. Add in the urgency to meet industry-specified cybersecurity requirements, and things can quickly lead to corporate desperation and poor

By Scott Dickinson, CISSP, CCSP First a disclaimer. This is not designed to be a piece discussing the political beliefs or whether the right or wrong decisions were made at the appropriate time during the COVID-19 crisis. This COVID-19 event is happening to us, but what can we do about it? We can document our activities and use it as an actual exercise for BCP/COOP/DR. I will be using some examples from colleagues, as well as some of my personal experiences mixed in, so please don't assume I am speaking for any one organization. During this time of COVID-19 social distancing and working from home, many individuals, businesses and organizations are struggling with the sudden imposition of remote work and