Month: August 2019

Getting Started on the California Consumer Privacy Act

by Paul Lanois, SSCP, CIPP, CIPT, CIPM, Member of the (ISC)² Advisory Council of North America Privacy Working Group If you have spent any amount of time online recently, then it is extremely likely that you have already heard about the General Data Protection Regulation (the “GDPR”), the European regulation which came into effect on May 25, 2018 and which governs data protection or individuals which have their personal data processed or stored by an organization within the European Economic Area (EEA). Meanwhile, information management professionals are likely to remain very busy in the coming months with the upcoming California…

VMware Acquisitions Highlight the Importance of DevSecOps

In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start. Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the virtualization giant a stronger foothold in digital transformation and cybersecurity. One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together,…

CCSP and CCSK: Which Cloud Security Credential Is Right For You?

Two of the industry’s most highly regarded cloud security credentials are the CCSP from (ISC)² and the CCSK from Cloud Security Alliance (CSA). Both offer a comprehensive education on cloud security fundamentals, but there are important differences. Here’s a quick breakdown of each. CCSP (Certified Cloud Security Professional). The CCSP is for IT and information security leaders seeking to prove their understanding of cybersecurity and securing critical assets in the cloud. It shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud. Roles that typically require a CCSP include…

IT Professionals: Use the Security Skills Shortage to Your Advantage

A cybersecurity skills shortage is expected to result in 3.5 million unfilled positions by 2021. Research from ESG finds 51% of organizations believe they have a “problematic shortage” of cybersecurity skills – an increase of 7% year-over-year. Clearly, the skills gap is a serious problem, impacting an organization’s ability to keep up with software vulnerabilities, harden devices, respond to security issues quickly and strategically manage security in an ever-evolving threat landscape. With the odds stacked against them, businesses must find new ways to recruit and retain skilled security employees and proactively address the lack of talent to fill critical roles….

The Collaborative Alliance to Develop New Cybersecurity Council and Professional Recognition as part of the UK’s National Cybersecurity Strategy

(ISC)² is a member of The Collaborative Alliance for Cybersecurity, a consortium of organisations that represent a substantial part of the cybersecurity community in the UK. As part of the Alliance, we will be participating in the design and delivery of the new UK Cyber Security Council on behalf of the Department for Digital, Culture, Media & Sport (DCMS). The Alliance, with the Institution of Engineering and Technology (IET) nominated as lead organisation, was selected following a competitive grant competition by DCMS. The Collaborative Alliance for Cybersecurity brings stakeholders together in the interest of advancing a healthy cybersecurity workforce for…

(ISC)² is Now an Approved Professional Organisation for Tax Relief in the UK

There are few certainties in life, with taxes being very much at the top of the list. However, for (ISC)2 members in the UK, we have some good news for you on that front. From now on, members in the UK will be able to claim tax relief on their annual maintenance fee (AMF) in most cases. We have been granted Approved Professional Organisations and Learned Societies status by HM Revenue & Customs (HMRC), the UK’s tax, payments and customs authority. This status recognises (ISC)2 among a select number of essential professional societies and bodies operating in the UK that…

Salaries for Cybersecurity Chiefs Soar

As the cybersecurity skills shortage intensifies, cyber professionals have become the target of stiff competition among recruiters and employers. Compensation and benefits packages are becoming increasingly generous, essentially giving jobseekers the chance to write their own ticket. Compensation packages have exceeded $6 million at some large technology companies, according to a recent Bloomberg article. Such packages typically involve mostly stock but even so, they prove that it definitely pays to be in the cybersecurity field. Even the direct charges of top security officers are commanding salaries in the $1 million range, according to Bloomberg. The reasons for these bloated pay…

Most Cyber Workers Plan to See Out Their Careers in the Field

Recruiting cybersecurity professionals is a major challenge because of the scarcity of qualified candidates, but at least employers don’t have to worry about them wanting to change professions. Most cybersecurity workers (64%) plan to finish out their careers in cybersecurity, according to (ISC)² research. Of course, this creates a new challenge for employers – how to retain their cybersecurity staff. With a worldwide shortage of nearly 3 million, there’s always a chance workers will leave for better pay or more attractive working conditions. To prevent this, employers must put serious effort into retention with measures such as robust training, professional…

3 Pro Tips for Moving from IT to Security

Already have a background in IT? Here are three tips for moving toward a more security-focused role. Take a cue from Goldilocks: Go after the industry certification that’s “just right.” This entails pursuing a credential that helps augment technical skills with security practices. Many choose the SSCP for its balance between the foundational and technical. SSCP allows you to prove a technical understanding without having to seek a more entry-level certification. Change your perspective to layer security into the work you’re already doing. Moving from IT to security is a natural evolution. Once you’ve gained the requisite knowledge and put…

Center Day at Congress

(ISC)²’s biggest and best Security Congress yet – with three days of more than 175 sessions and 200 speakers – kicks off in less than three months! Act now – Early Bird registration is still open and workshops and pre-conference trainings are filling up. This year’s conference will be held at the Walt Disney World Swan and Dolphin Resort and will feature workshops, career resources, awards, an escape room and so much more. Our Center for Cyber Safety and Education will once again host its annual volunteer orientation and other special programming. Find out what Center Day at (ISC)² Security…