Sunday, 24 February 2019

Forget the Next Big Thing; What You Need Is Skilled Staff

ISC2 Certification, ISC2 Guides, ISC2 Learning, ISC2 Tutorial and Material
One of the most prestigious voices in the IT industry recently made an interesting proclamation: “The next big thing is dead.” So starts CompTIA’s IT Outlook 2019, which finds the next big thing is no longer about some new jaw-dropping technology advancement but rather a combination of various technologies, people and processes.

If you’re expecting to be bowled over by a new technology trend any time soon, think again. Producing the desired business outcomes now means getting your human resources to expertly fuse together already-available technology building blocks and tools. And that’s what will fuel IT market growth of about 4% in 2019, CompTIA says.

So what is the relevance to cybersecurity in all this? Strategic thinking and the application of available skills inside an organization are key to solving cybersecurity challenges. Sure, technology will always matter but it’s how you combine it with people and processes that will make the difference.

Organizations ignore cybersecurity at their own peril as they undergo digital transformation to produce business outcomes such as improving operational agility and enhancing customer experience. “There may not be a next big thing, but there is one very big thing that is as old as IT itself. Cybersecurity continues to rise in importance as business and daily life are increasingly digitized,” the CompTIA report states.

ISC2 Certification, ISC2 Guides, ISC2 Learning, ISC2 Tutorial and Material

Innovation without security isn’t really possible – or at least not advisable. And that’s why you need a well-trained cybersecurity staff with updated security skills. (ISC)2 offers a free professional development course called ‘DevSecOps – Integrating Security into DevOps’ as part of its PDI portfolio to help its members learn more about integrating security into software solutions from the outset.

It will be interesting to see what this ‘the next big thing is dead’ mantra means for security practitioners if IT departments become less focused on new technology trends and more on integration and building out existing platforms.

Do you agree that this is the case, or do you see a new technology trend lurking on the horizon?

Friday, 22 February 2019

CISSP IS HOT, HOT, HOT, SAYS CNBC

If you already have or are pursuing your CISSP from (ISC)², make sure you have your oven mitts at the ready. That’s because, as reported by CNBC, the new Upwork Skills Index includes the Certified Information Systems Security Professional as one of the 20 hottest job “skills” in the entire U.S. labor market. You read that right. Not just in security. Not just in IT. The entire labor market.

CISSP Tutorial and Material, CISSP Study Materials, CISSP Certifications, CISSP Learning

Upwork is a platform for freelancers, so they keep a close eye on the types of skills employers are looking for and update their list quarterly to provide real-time validation of current trends in the labor market and tech industry for their users.

The most recent Index reveals that 17 of the top 20 hottest skills are technical, including proficiencies in such areas as Hadoop, Genetic algorithms and App store optimization. Along with OAuth, attaining and maintaining the CISSP is one of just two cybersecurity skills on the list, demonstrating the popularity and impact of the world’s premiere cybersecurity certification.

This ranking makes sense when you consider recent (ISC)² research that found that the CISSP was also the most sought after cybersecurity certification in the world in 2018. It’s just another reminder of the value of this certification in the cybersecurity profession.

New, Nontraditional Education Options are Proliferating 


CNBC also pointed to five key trends in the job market right now. One of which is a rise in nontraditional education options. The article states that “as companies realize how critical reskilling is for their workforces, they're turning to workers who are adept in employee training and Learning Management Solution (LMS) consulting to help create programs that encourage cultures of continuous learning. Growth in this area suggests an emerging trend where more people are getting training on the job.”

(ISC)² is ahead of this trend with the launch last week of its Professional Development Institute (PDI), which offers a portfolio of free cybersecurity courses to members and associates to aid them in continuous online learning even beyond certification. According to (ISC)² CEO David Shearer, PDI takes into account the fact that “cybersecurity is not a nine-to-five profession, and one of the biggest challenges facing our members is that it can be difficult for them to find time and opportunities to continue to enhance their skills while also dealing with a dynamic threat environment.” The Institute’s course material is guided by member experts and the topics themselves are driven by member suggestions.

What are some of the pressing cybersecurity trends you’d like to learn more about as you work to strengthen your skills?

Wednesday, 20 February 2019

The Top 10 EMEA Webcasts of the Last 12 Months

Today’s IT security landscape is tough terrain to navigate at the best of times. Cybersecurity professionals need all the guidance, insight and education they can get to help them stay on top of arguably the most challenging points where business and technology collide. As always, (ISC)2 is your partner on this journey, providing resources such as our series of webcasts to keep you up-to-date on the latest trends, issues, tactics and threats in cybersecurity. Want to know where to start?

Here are the top 10 EMEA webcasts from the last year:

EMEA Webcasts, ISC2 Certification, ISC2 Guides, ISC2 Tutorial and Material
Machine Learning in Infosec: Debunking Buzz and Demystifying Use Cases

Demystify what machine learning is as well as what it can and cannot do in InfoSec, walk through three of the most common use cases of where these technologies can be implemented and explore the latest innovations in ML & AI, and where this will take cybersecurity professionals next.

TLS Decryption: Critical to Detecting Threats

As the volume of encrypted traffic continues to grow, organisations become even more vulnerable to encrypted attacks, threats and exploits that go undetected. Learn how to create a centralised “decryption zone” to decrypt traffic once and give security tools newfound visibility into encrypted traffic.

Enriching Your Security Product Stack with The Power of IPAM and DNS

Today’s enterprise network has a vast number of network and security devices – all generating their own incidents, but they don’t always share information. Find out how integration of different network and security tools can provide better visibility across your entire network and remove silos, improve agility and automate IT workflows and enable faster remediation to threats.

GDPR Compliance - Don't Let Your SIEM Be Your Downfall

Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. This webinar features detailed analysis on how you should treat your SIEM solution and log data under the GDPR. It also explores the risk of processing and storing log data in the context of GDPR, explains your obligations and the precautions you can take, as well as examining use cases for network and information security logs.

As Attackers Evolve, So Must Machines: Advancing Machine Learning Beyond the Hype

A frank assessment of the strengths and weaknesses of static analysis, decompilation, detonation, in-context analysis, artificial intelligence and other emerging approaches, all grounded in real-world examples and specific algorithmic details.

EMEA Webcasts, ISC2 Certification, ISC2 Guides, ISC2 Tutorial and Material
The War Against Ransomware: Can You Afford the Downtime? Ransomware

Understand the history of Ransomware and the need to know strategies to protect your organisation against such attacks. In particular, explore how business continuity and disaster recovery can save your organisation when disaster strikes. Participants are also treated to an inside view of a real ransomware infection with all the statistics and facts to go with it.

Is Your SOC SOARing or Snoring? Force Multiply Your Security Analysts by Ten

Teams that use Security Orchestration, Automation & Response (SOAR) platforms are seeing improvements in scale, consistency, and are responding to security alerts at machine speed.

Find out what SOAR is and how it can help you achieve, along with what responses look like in comparison when using a SOAR solution. You will also hear three top tips on getting started to ensure successful automation and orchestration in your organisation.

Using Modern Authentication Methods with Legacy Assets

There are a large proportion of business-critical legacy applications that are unable to accept modern forms of authentication. Nonetheless, they remain essential to business workflow. Refactoring legacy applications is costly and sometimes virtually impossible. Yet these applications are accessing highly valuable data across networks and they are a data breach ready to happen. This webinar explores the available options and strategies for supporting and protecting these essential systems with more modern and robust authentication technologies.

PAM: The Critical Missing Piece in Your Security Strategy

With this webinar, you will learn why organisations should make PAM their top 2019 investment, why quickly controlling and automating key PAM capabilities is critical to your organisation’s success and how to prepare the business case for your PAM project and to get Executive Leadership buy-in.

Five Security Stories of 2018: What Our Customers Have Taught Us

2018 was the year of GDPR, but a look back over the last 12 months reveals that those in cybersecurity went through a year of numerous trends, investments and modernisation. Using trends and lessons learned from Splunk’s own customers throughout 2018, this webinar features insights into the SOC activities at the Bank of England, a look at security life inside Siemens, how Telia developed the skillsets it needed for its SOC to succeed. The webinar also takes a look at the factory-floor industrial internet of things security considerations at car maker Volkswagen.

All our webinars are available for playback after the live event, so you will never miss an opportunity and can always go back for a second look. There’s always something new to discover that will keep you ahead of the challenges facing your business.

Monday, 18 February 2019

Announcing the (ISC)² Professional Development Institute

Today is an exciting day for (ISC)² members as your membership just got a whole lot more powerful. We are happy to announce the launch of the (ISC)² Professional Development Institute, known simply as PDI. PDI will be your go-to resource for timely and relevant continuing educational opportunities to keep your skills sharp and curiosity piqued. Best of all, these courses will all be available to members at no cost.

ISC2 Study Materials, ISC2 Tutorial and Materials, ISC2 Certifications

With three courses already available — Building a Strong Culture of Security, DevSecOps: Integrating Security into DevOps, and GDPR for Security Professionals: A Framework for Success — we are thrilled to share that there are plans for as many as 30 new courses in 2019 alone.

We understand that cybersecurity is a lifelong journey and that getting certified is just one step along your path. Staying at the top of your game is an ongoing challenge and doing so while managing a full-time job with high pressure and long hours will never be easy. But we hope that offering these free, online, on-demand courses will at least make it easier for you to access courses that are relevant to your profession and built for you to grow.

Your feedback is important to us, so PDI courses will be built with member input and we will refresh the catalogue based on what you want from us.

Ready to get started? PDI courses have already been preloaded for members in the learning center, so sign in to your member account at isc2.org to begin. Click on “My Courses” in the upper right corner of the page and scroll until you see the courses that are available. New courses will be added here as soon as they are available to take.

Not a member? All PDI courses will be available for purchase at learn.isc2.org so that anyone can learn to better secure their critical assets and grow as a cybersecurity professional.

We know that your hard work day in and day out is what helps keep data secure and people safe and (ISC)² membership represents the best security expertise on the planet. We want to thank you for being a member and hope that PDI will help keep your ability to inspire a safe and secure cyber world at its best.

Sunday, 17 February 2019

Cybersecurity Pros Are Not Feeling the Love… Again

Stop us if you heard this one before: Cybersecurity professionals are responsible for protecting their organization’s users and data from the dangers of cyber threats, but they feel underappreciated.

Cybersecurity, ISC2 Tutorial and Material, ISC2 Learning, ISC2 Guides, ISC2 Learning

Two-thirds (67%) believe “IT security is viewed either as merely reactive to business needs or a cost rather than an asset to the organization,” says a survey of cybersecurity professionals and CISOs by Thycotic, a privileged access management (PAM) vendor. The survey found that a majority of cybersecurity professionals in the United Kingdom and Germany say executives and co-workers see them as more of a burden than a business benefit – a notion that restricts them in their work.

“Traditional attitudes about cybersecurity appear to remain entrenched, with boards seeing IT security as reactive vs. proactive, a cost rather than an asset, a policeman rather than an enabler, and a team that says ‘No’ rather than ‘How,’” Thycotic says in a report of the survey’s findings.

This perception has deleterious effects by restricting IT security, according to 60% of respondents. It places a burden on CISOs and cybersecurity professionals to “manage up” by defining their roles to company leadership along the lines of business risk management. And this requires doing a better job of explaining the impact of cybersecurity on the business in terms business leaders understand, the report argues.

This helps explain why only half of companies give their CISOs a seat on their executive boards. Even more troubling, 36% don’t even view the CISO as a key member of the corporate management team. The existence of a CISO, especially one that reports up to the CEO or Board of Directors, is key to a strong cybersecurity culture. (In fairness, a strong majority of respondents to the Thycotic study (88%) agreed that executives listen to CISOs and value their input.

The Thycotic study encourages CISOs and cybersecurity leaders to “promote the positive effects and value of cybersecurity to every employee, citing examples and reinforcing the rewards of cyber hygiene at every opportunity.” CISOs, the report argues, must be a force for change and, as such, get their leadership teams to see cybersecurity professionals as business enablers, not merely enforcers.

Easier said than done? Our own research shows us how. Watch the video on Building a Resilient Cybersecurity Culture.

Friday, 1 February 2019

Planning to Take an (ISC)² Certification Exam? Get Your Free Certification Prep Kit

(ISC)² Certification Exam, ISC2 Study Materials, ISC2 Tutorial and Materials
Cheers to you on your decision to pursue an (ISC)² credential in 2019! You’re about to embark on a challenging and highly rewarding journey. Make sure you get the most out of it with the new (ISC)2 Certification Prep Kit.

Preparing for the exam is no small task… Your path to success starts with the right study plan, and the Certification Prep Kit will help you map a course that fits your schedule and learning style. Dive right in for everything you’ll need to move ahead with confidence.

Inside this free resource, you’ll find…

◈ Fast Facts on (ISC)2 Training and Study Tools

◈ Training Myths Debunked

◈ Official Courseware Previews

◈ Justification for Certification and Training

◈ The Best Study Options for Your Goals

◈ Insider Tips, Strategies and Insights

(ISC)² Certification Exam, ISC2 Study Materials, ISC2 Tutorial and Materials

From textbooks and study guides to interactive flash cards and study apps, (ISC)² offers a variety of industry-leading study tools to round out your knowledge. Get your Certification Prep Kit and quickly discover which options work for you!

Remember: (ISC)² is here to help you learn, grow and thrive in the New Year – and throughout your career.