(ISC)² Events

Security Congress Final Thoughts: Being There for Others (Part 2)

Human Spirit Admiral William H. McRaven (retired) was one of the speakers at (ISC)2 Security Congress who received a standing ovation. Another was Eric Wahl, an artist and best-selling author, who delivered the lunch hour keynote on the second day. He mesmerized the audience by painting portraits of Michael Jordan, John Lennon and Albert Einstein to heart-pounding music in a matter of minutes. He urged attendees to let the human spirit drive them even as they increasingly rely on digital tools, data, analytics and automation to do their job of protecting people and organizations. Wahl talked about the importance of…

Security Congress Final Thoughts: Being There for Others (Part 1)

Sometimes you need a boatload of people to help you through. It’s a lesson Admiral William H. McRaven (retired) learned after a parachute accident that left him bedridden for months. The accident happened while he was participating in a Naval Special Warfare exercise involving a 1,000-foot free-fall jump. McRaven, who served as the ninth commander of the U.S. Special Operations command from August 2011 to August 2014, got both legs tangled in his parachute because another parachutist was underneath him and opened his chute into McRaven’s falling body. When McRaven opened his own chute, his legs became tangled and the…

Security Congress: Securing a Rapidly Changing Environment

The cyber ecosystem is changing faster than ever, creating new attack surfaces and increasing the challenge of defending against new and evolving threats. The fast-changing landscape requires new ways of thinking and approaches to protect environments that spread across on-premise and cloud infrastructures and connect IT with OT (operational technology) systems. Just accepting that the expansion of the ecosystem – and the growing presence of technology in our lives – will increase risk isn’t good enough. This is a point (ISC)2 CEO David Shearer made clear at the kickoff of the organization’s Security Congress 2019 this week in Orlando. We…

Security Congress Day 2: From PAM to Cyber Insurance to Finding a Voice

While cybersecurity spending is expected to hit $124 billion this year, only a small portion of it will go toward identity management. Yet, a disproportionate number of breaches occur because of flaws in access management and dangerous practices such as the sharing of passwords, according to Tariq Shaikh, CISSP, Senior Security Advisor for CVS Health. Identity management spending accounts for 5% to 10% of total cybersecurity spend. When it comes to privileged access management (PAM), Shaikh said the portion is even smaller — 1%. It’s time to change that, he argued during a session on PAM at the (ISC)2 Security…

Security Expert: AI Not Ready for Cybersecurity

While artificial intelligence (AI) has gotten a lot of attention in recent years as a possible solution for cybersecurity issues, Winn Schwartau argues there’s a long way to go before we can trust AI and its siblings, machine learning (ML) and deep learning (DL), to deliver the results we need. During a presentation on the ethical bias of AI-based systems at the (ISC)2 Security Congress 2019, Schwartau said significant problems with AI need to be overcome before we can fully trust it with something as important as cybersecurity. Schwartau, a top expert on security and privacy, is the Chief Visionary…

Privacy Regulations: More Work for Cyber Professionals

Whenever new data privacy and cybersecurity laws go into effect, they create more work and responsibilities for cyber professionals. This reality hasn’t gone unnoticed by attorney Scott Giordano, who reminded cybersecurity professionals during a session about the California Consumer Privacy Act (CCPA) that the law will create new duties for them. Giordano, Vice President of Data Protection at Spirion, went over details of the law, which takes effect on Jan. 1, 2020, and how organizations should prepare for it. His was one of a series of presentations at the 2019 (ISC)² Security Congress, taking place in Orlando this week, about…

Cybersecurity Ethics: How Far Is Too Far?

When doing their work, cybersecurity professionals often come across situations that put their skills to the test. And sometimes those tests have far less to do with technology or business than with questions of ethics. When cyber professionals discover vulnerabilities while performing penetration tests or some other security-related work, is it OK to disclose those vulnerabilities publicly? What happens if system owners are made aware of issues but decide to ignore them? And at which point, while testing systems containing private information, do cyber professionals reach a line they should not cross? These questions were part of a lively panel…

Security Congress Kickoff: Creating a Safe World

The spotlight was on safety at the kickoff this morning of (ISC)² Security Congress 2019, taking place this week in Orlando. First, (ISC)² CEO David Shearer talked about the role that association members have in protecting society through their cybersecurity work. Then, Capt. Chesley Burnett “Sully” Sullenberger, the pilot of flight 1549, which landed on the Hudson River in January 2009, related the events of that day and how he and his co-pilot, Jeff Skiles, safely landed their U.S. Airways Airbus with everyone aboard surviving the event. Shearer spent much of his kickoff address on the importance of abstracting what…

Center Day at Congress

(ISC)²’s biggest and best Security Congress yet – with three days of more than 175 sessions and 200 speakers – kicks off in less than three months! Act now – Early Bird registration is still open and workshops and pre-conference trainings are filling up. This year’s conference will be held at the Walt Disney World Swan and Dolphin Resort and will feature workshops, career resources, awards, an escape room and so much more. Our Center for Cyber Safety and Education will once again host its annual volunteer orientation and other special programming. Find out what Center Day at (ISC)² Security…

Why Certified Cloud Security Professionals are in Higher Demand Than Ever

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure. Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with…