U.S. Presidential Order Aims to Bolster Federal Cybersecurity

An Executive Order signed by United States President Donald Trump aims to grow the government’s cybersecurity capability, improve integration of the cybersecurity workforce between federal departments, and strengthen the skills of individual cybersecurity practitioners. The order, titled Executive Order on America’s Cybersecurity Workforce and signed by the president on May 2, creates measures to help federal agencies retrain workers interested in cybersecurity and requires agencies to adopt the National Initiative for Cybersecurity Education (NICE) Framework in government contracts. It includes an incentive component, creating an annual competition with cash rewards of at least $25,000 “to identify, challenge, and reward the…

CSSLP Spotlight: John Kent

Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be…

(ISC)² Secure Summit EMEA in Review

On April 16, at the World Forum in The Hague, The Netherlands, (ISC)2 COO Wesley Simpson provided closing remarks to summarize some of the key sessions from the two-day Secure Summit EMEA event as it was wrapping up. To give you a window into the kinds of topics addressed during the Summit, what follows is an excerpt from his address. [Edited for length] Now, to close out the 2019 (ISC)² Secure Summit EMEA, let’s take a few minutes to look back at what we can take away from this year’s event. I’ve had a chance to speak with many of…

Heavy Industrial Companies Grapple with Cybersecurity Problems

Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are…

The Time Is Now to Build on Women’s Cybersecurity Gains

By Deshini Newman, Managing Director, EMEA, (ISC)² There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging. Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world’s first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace…

Building a Strong Culture of Security – from the Professional Development Institute

(ISC)²’s Professional Development Institute (PDI) launched earlier this year and aims to provide valuable, accessible education and training to cybersecurity professionals. One of the PDI courses currently available is Building a Strong Culture of Security. Like all PDI courses, it is free for (ISC)² members and associates, and available for purchase at $400 for the general public. Technology alone cannot protect an organization. It takes knowledgeable and aware team members to each do their part in ensuring critical assets are protected, and that goes beyond the security team. This self-paced, interactive course is intended for use by security professionals as…

Your Key to Professional Growth: Invest in Your Group B CPE Activities

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America It’s easy to feel stressed, or conversely feel stuck in a rut, when it comes to the topic of professional development. We all know “we should/must do it” but aren’t exactly sure on how to go about it. And compared to security domain specific knowledge, skills, and abilities (group A CPE credits for holders of (ISC)² credentials), it’s easy to delay thinking and planning your activities regarding those strange group B CPE credits. Here’s to changing that reality, and in the process your mindset about their place…

(ISC)² in 2019 – Events and Exhibits Not to Miss

With more than 140,000 members around the world, (ISC)² has, quite literally, a lot of ground to cover to get face to face with our members. There are a number of opportunities to meet with the team coming up this year, starting just next week at Secure Summit EMEA in The Hague. Secure Summit EMEA will take place April 15-16 and is themed Enrich. Enable. Excel. The two-day event will feature the best minds in cybersecurity from across Europe, the Middle East and Africa. Keynote speakers include Felicity Aston, Dr. Dennis Broeders, Joseph Carson, Dr. Jessica Barker and Lorna Trayan….

Female Cybersecurity Workers Are Younger and Looking to Lead

The cybersecurity profession remains primarily a man’s world. But for how long? (ISC)² research reveals women are making fast gains in the industry, and as a group, they are setting their sights on leadership roles. Overall, female representation in the cybersecurity workforce has increased to about one quarter (24%), more than double the 11% estimate from 2016, according to (ISC)2’s Women in Cybersecurity report. The report is based on findings in the (ISC)² Cybersecurity Workforce Study 2018, and it uses different research methodology from the earlier study. For instance, it includes women who spend at least 25% of their work…

New Cybersecurity Reports Point to Increased Need for Retraining and Vulnerability Management

By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry. Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation. In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle…