Name: Shelly Epps, MS, HCISPP Title: Information Security Analyst and Program Lead, Security Outreach & Education Employer: Duke University Health System Location: Durham, NC Education: BS in Biology from Kansas State University, Master’s in Genetic Counseling from University of Pittsburgh Years in IT: 6 Years in cybersecurity: 6 Cybersecurity certifications: HCISPP   How did you wind up in a career in cybersecurity? I stumbled into it! I had been working in healthcare, research, data and employee management and administration for about 20 years when I chose to take a step off of that pathway without a solid backup plan. I was surprised to be invited by our InfoSec team to interview for a job – one that I was largely unqualified

  It may seem obvious: A strong commitment to cybersecurity from an organization’s top management equals better protection. The cybersecurity staff have more confidence and focus on the right things – fighting threats as opposed to worrying about who will leave next for greener pastures. These were among the findings of (ISC)2’s latest study, Building a Resilient Cybersecurity Culture. The study of cybersecurity professionals set out to pinpoint what companies with a good cybersecurity track record do better than others. As you might suspect, a strong cybersecurity culture is key. And it manifests itself in multiple ways: Top management understands the importance of cybersecurity, according to 97% of respondents. 96% say their policies align with their board of directors’ cybersecurity

It has been one year since the Equifax breach was first disclosed to the public. It has been one year and six weeks since Equifax first became aware of the breach. The delay in the public announcement of the breach after executives became aware may have proven just as damaging as the delay in installing a patch for the known vulnerability that led to the breach itself. The repercussions of the failure to communicate the breach is just part of our cover story in the latest issue of (ISC)²’s member magazine, InfoSecurity Professional. The article, “One Year Later” is a retrospective on the lessons learned from the breach that exposed the personal information of as many as 147 million Americans.

by Denise Murtagh-Dunne, Information Security Manager, PWC Ireland From my early childhood, I developed a passion for unravelling the mysteries of how machines worked. My father was a mechanic and, as a child, he would let me help taking car engines apart. This is where I first developed a fascination with getting “under the hood” of machines and understanding their inner mechanics.   At school, I then took a computer module which triggered my interest in computing and I chose to study Computer Programming in college. I survived the period of the dot-com bubble bursting and landed an IT technical support role with a small company where I undertook several Microsoft computing courses. A course on cybersecurity really caught my attention;

There’s no question cybersecurity professionals are busy people, but what takes up their time at work? According to recent (ISC)2 research, the skills they most employ each day are network monitoring, security analysis and security administration, while forensics and penetration analysis rank at the bottom. But if you ask those who are actively looking for a new job, the daily task that comes up most often is user awareness training. Some 38% of respondents who said they’d be starting a job search within six months revealed they conduct user training every day, while 31% do it two to three times a week and 15%, two to three times a month. Among those already actively pursuing a job, 56% said they