Saturday, 31 August 2019

Getting Started on the California Consumer Privacy Act

ISC2 Tutorials and Materials, ISC2 Guides, ISC2 Learning, ISC2 Certifications

If you have spent any amount of time online recently, then it is extremely likely that you have already heard about the General Data Protection Regulation (the "GDPR"), the European regulation which came into effect on May 25, 2018 and which governs data protection or individuals which have their personal data processed or stored by an organization within the European Economic Area (EEA). Meanwhile, information management professionals are likely to remain very busy in the coming months with the upcoming California Consumer Privacy Act of 2018 (the "CCPA") which can be considered as the most far-reaching data privacy law in the United States so far.

The CCPA is California's new privacy legislation that gives greater privacy rights to Californian residents and creates new obligations on relevant businesses. It shares a number of similarities with GDPR, while maintaining a number of differences with GDPR. There are some overlaps between the two laws and, indeed, the GDPR appears to have been the inspiration behind the CCPA. A large amount of work performed in connection with GDPR preparation provides effective foundations for CCPA compliance, although organizations should also bear in mind the distinctions between both legislations.

The CCPA was passed by the California State Legislature and signed into law by Governor Jerry Brown on June 28, 2018. It enters into effect on January 1, 2020, with enforcement to begin six months after the adoption of the California's Attorney General's regulations, or July 1, 2020, whichever is sooner.

Who does the CCPA apply to?


The CCPA applies to a consumer which can be broadly interpreted to mean any Californian resident. A resident includes any individual who is in the state of California for other than a temporary or transitory purpose, and every individual who is domiciled in the state of California who is outside the state for a temporary or transitory purpose. Given this broad definition, it would seem that a consumer could also potentially include employees, students and other individuals who would be classified as California "residents".

The CCPA applies to any "business" that collects personal information about consumers and does business in the State of California and either:

◈ Earns annual gross revenues in excess of $25,000,000;

◈ Annually buys, receives for the business' commercial purposes, sells or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices; or

◈ Derives 50% or more of its annual revenue from selling consumers' personal information.
Nonprofit businesses, as well as companies that do not meet any of the three above thresholds, are not required to comply with the CCPA.

In practical terms, this means that any company that does business with Californian residents will have to consider the CCPA (or at least determine if they meet one of the above thresholds), even if they operate outside of California and do not have any premises or equipment in California.

What information is covered under the CCPA?


The CCPA applies to personal information which is defined widely as any information that relates to a particular consumer or household. This definition means data which relates to a household such as energy or water consumption could be considered personal information for the purposes of the law. For organizations who have already worked on GDPR compliance, there is no significant difference with the EU's concept of "personal data" under the GDPR since data that can be linked to a household is also likely to be indirectly linked to a natural person and therefore constitute "personal data" under the GDPR.

The CCPA provides a comprehensive list of examples of what constitutes personal information, which is helpful for organizations. Examples expressly cited include:

◈ Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers, as long as such identifiers can be connected with an individual or household.;

◈ Biometric information, which includes any physiological, biological or behavioral characteristics, such as an individual's DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, a faceprint, a voiceprint, keystroke patterns or rhythms, and sleep, health, or exercise data that contain identifying information;

◈ Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement;

◈ Geolocation data;

◈ Audio, electronic, visual, thermal, olfactory, or similar information;

◈ Inferences drawn from any of the information to create a profile about a consumer: including their preferences, characteristics, psychological trends, preferences, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.

Certain data is however excluded from the CCPA, such as personal information made available in federal, state or local government records (which are called "publicly available data"), de-identified or aggregated data as well as information covered by other applicable laws and regulations, such as HIPAA (covering medical and patient health information), the Gramm-Leach-Bliley Act (covering information maintained by financial institutions), the Driver’s Privacy Protection Act (covering motor vehicle and driver’s license information), and the California Financial Information Privacy Act, just to name a few.

What are the potential penalties under the CCPA?


The CCPA allows for fines up to $2,500 per violation (or $7,500 if the violation is deemed intentional, but violations lacking 'intent' will remain subject to the $2,500 maximum fine) but does not place a limit on the total amount of the fine which may be imposed (contrary to GDPR). There is therefore the potential for extremely high penalties, with fines being able to be multiplied by the number of impacted individuals. The current version of the law also provides businesses with a 30-day period to cure their alleged violations after being notified of such violation.

However, in the event of a data breach, the CCPA provides that a consumer may, in such case, bring a civil action to recover damages. The amount of damages which may be imposed is between $100 to $750 per consumer and per incident, or the actual damages suffered by the consumer, whichever is greater. In addition to such financial penalties, the consumer may request an injunctive or declaratory relief.

How granular should my organization's data management be?


CCPA places great emphasis on the documentation that businesses must keep to demonstrate their accountability. In other words, compliance will require organisations to review their current approach to governance and analyse how they actually manage data protection as a corporate issue. In particular, the CCPA requires covered organisations to ensure that effective systems and processes are in place to give effect to the following rights:

1. The right to be informed
2. The right of access
3. The right to deletion
4. The right to data portability
5. The right to opt-out of the sale of the information

Organizations will need, for example, to have a policy in place to determine when certain data is no longer necessary to retain; for how individuals will be able to withdraw their consent; and to deal with user requests when they object to the processing of their data. The good news is that businesses will be able to leverage the privacy notices they have already put in place for GDPR, however they will also have to consider certain CCPA specificities.

For example, both legislations include a right of access giving individuals the possibility to obtain similar information that the organization has on them, however the time frame is not exactly the same (within a month under the GDPR and within 45 days under the CCPA) and the GDPR allows the individual to access more information (e.g. in relation to automated decision-making). In addition, the CCPA only requires disclosure regarding personal information covering the 12 month period from the date of receipt of the request, whereas the GDPR does not have any time limitation (the information to be provided to the consumer under the GDPR could therefore span a period of multiple years, e.g. from the date the consumer started the relationship with the business). Like the GDPR, the right to deletion under the CCPA is not unlimited and the organization may refuse a deletion request on certain grounds, for example if the information is needed to complete the transaction for which it was collected or is needed to provide goods or services requested by the consumer; or if the information is used to detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; or is required to comply with a legal obligation or applicable laws.

In addition, both the GDPR and the CCPA require organizations to disclose if personal data would be sold, however the CCPA goes one step further by requiring businesses to provide a clear and conspicuous link on the business’s Internet homepage titled “Do Not Sell My Personal Information” to facilitate the opt-out by consumers of the sale of personal information. In addition, the CCPA requires the creation of three different lists of categories of personal information that the business has over the preceding 12 months, a) collected, b) sold, or c) disclosed for business purposes (or the fact that it has not done so). The level of detail expected for such lists is still unclear at this stage.

In addition, minors under the age 16 have an opt-in right: a business may not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age (or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age), has opted in to authorize the sale of personal information.

Last but not least, the data portability right under both the GDPR and the CCPA allows consumers to request a copy of their personal information "in a readily useable format that allows the consumer to transmit this information from one entity to another", however the CCPA does not go as far as the GDPR which allows consumers to request the organization to directly send the personal information to another organization.

The above are only some of the differences between GDPR and the CCPA, and have been listed to illustrate how important it is for organizations to carefully consider the different requirements under both GDPR and CCPA.

Can organizations charge fees?


A business cannot discriminate against a consumer who exercises his or her rights under the CCPA. In other words, the CCPA prevents a business from charging a consumer a fee because he or she exercised a right under the CCPA (such as requesting their information to be deleted or opting out from the sale of personal information).

The CCPA contains a non-exhaustive list of discriminatory practices, which includes:

◈ denying goods or services to the consumer,

◈ charging different prices or rates for goods or services (including through the use of discounts, other benefits or penalties),

◈ providing a different level or quality of goods or services to the consumer if the consumer exercises his rights,

◈ simply suggesting that the consumer will receive a different price or rate or a different level or quality.

However, the CCPA does allow a business to charge a different price or provide a different level of service to customers if “that difference is reasonably related to the value provided to the consumer by the consumer’s data.” Accordingly, a business may offer financial incentives, such as the payment of a compensation for the collection of personal information, or offer a different price, rate, level, or quality of goods or services if that price or difference is directly related to the value provided to the consumer by the consumer’s data.

What security measures are required under the CCPA?


The CCPA provides that any consumer whose non-encrypted or non-redacted personal information is "subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures" may file a civil action and recover between $100 to $750 in statutory damages per incident, or actual damages. At this stage, a consumers’ right to litigate only applies to data breaches, not to violations under any other section.

What lies ahead?


Even though the CCPA was signed into law on June 28, 2018 and is set to enter into effect on January 1, 2020, amendment bills are still continuing to make their way through the California Legislature. In addition, California's' Attorney General is also expected to issue regulations over the coming months. As a result, it is possible that some of the information described above may change before the law enters into effect or is enforced.

Summary


While the CCPA is not yet applicable, its enforcement date is rapidly approaching and it is necessary to use the remaining time left to prepare for the new requirements. The scope of the requirements is broad: the CCPA forces a company-wide strategy and review of processes for managing personal data on every level, and it includes various types of online data in its definition of personal. New rights and obligations must be accounted for and every organization will have to work out its own approach to reflect the context and practices of the business. At the very least, a business should be mapping the personal information that it collects and locations where personal information is stored. In this regard, the CCPA is not the only new or updated privacy law to be enacted in the United States: other states, such as Nevada and Utah, have recently updated their privacy laws, and it is expected that more states will follow.

Thursday, 29 August 2019

CCSP and CCSK: Which Cloud Security Credential Is Right For You?

CCSP Certifications, CCSK Certification, ISC2 Tutorials and Materials, ISC2 Security

Two of the industry’s most highly regarded cloud security credentials are the CCSP from (ISC)² and the CCSK from Cloud Security Alliance (CSA). Both offer a comprehensive education on cloud security fundamentals, but there are important differences. Here’s a quick breakdown of each.

CCSP (Certified Cloud Security Professional). The CCSP is for IT and information security leaders seeking to prove their understanding of cybersecurity and securing critical assets in the cloud. It shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud.

Roles that typically require a CCSP include Cloud Computing Analyst, Cloud Administrator, Cloud Architect, Cloud Engineer, Enterprise Architect, Security Administrator, Security Architect and Systems Engineer.

To qualify for the CCSP, you must have a minimum of 5 years cumulative paid work experience in information technology, of which 3 years must be in information security and 1 year in 1 or more of the 6 domains of the CCSP CBK.

CCSK (Certificate of Cloud Security Knowledge). The CCSK is administered by CSA and certifies competency in key cloud security areas.

Roles that typically use the knowledge gained through the CCSK include Cloud Computing Analyst, Cloud Administrator, Cloud Architect, Cloud Engineer, Enterprise Architect, Security Administrator, Security Architect and Systems Engineer.

In contrast to the CCSP, the CCSK has no experience requirements. You earn the certificate by passing the test. The CCSK test asks participants to demonstrate knowledge of three key documents: the CSA Guidance, the CSA Cloud Control Matrix and the ENISA report.

Other Differences


CCSP Certifications, CCSK Certification, ISC2 Tutorials and Materials, ISC2 Security
An important distinction is that the CCSP is a certification and the CCSK is a certificate. A certification recognizes a candidate’s knowledge, skills and abilities typically as framed by a job role. A certificate scope is narrower, and only provides proof of a training course completion.

A certification grants a candidate access to a membership organization, and almost always requires an annual continuing professional education (CPE) commitment to maintain the certification. But a certificate does not often associate one with any membership organization, and the body of knowledge gained does not evolve over time or require CPE.

Takeaway


In many ways, the CCSP and CCSK credentials complement each other. Because the CCSP recognizes the value of CCSK and has a provision that CCSK can be substituted for 1 year of required experience, the CCSK is often viewed as a good start along the path to earning a CCSP later.

Achieving CCSP certification provides the added benefit of membership in (ISC)², the world’s largest nonprofit association of cybersecurity professionals. More than 140,000 members strong and growing, (ISC)² offers its members professional development courses through the Professional Development Institute (PDI); continuing professional education through industry events such as the global Security Congress; technical webinars discussing areas of developing cybersecurity trends; and benefits such as Member Perks, the (ISC)² Community and the bimonthly InfoSecurity Professional magazine.

Tuesday, 27 August 2019

The Collaborative Alliance to Develop New Cybersecurity Council and Professional Recognition as Part of the UK’s National Cybersecurity Strategy

ISC2 Cybersecurity, ISC2 Tutorials and Material, ISC2 Guides, ISC2 Certifications

(ISC)² is a member of The Collaborative Alliance for Cybersecurity, a consortium of organisations that represent a substantial part of the cybersecurity community in the UK. As part of the Alliance, we will be participating in the design and delivery of the new UK Cyber Security Council on behalf of the Department for Digital, Culture, Media & Sport (DCMS). The Alliance, with the Institution of Engineering and Technology (IET) nominated as lead organisation, was selected following a competitive grant competition by DCMS.

The Collaborative Alliance for Cybersecurity brings stakeholders together in the interest of advancing a healthy cybersecurity workforce for the UK, from the development of professional recognition to the collaboration around acknowledged priorities to move this workforce forward. The Alliance was formally established in July 2018 by independent, nonprofit organisations, several of which operate under a Royal Charter granted through the Privy Council, and some of which are able to grant chartered status within their discipline. The Alliance harnesses a broad perspective on professional priorities drawn from its members involvement in academia, advocacy, certification and professional development.

The Alliance members include:

(ISC)²

BCS, The Chartered Institute for IT

Chartered Institute of Information Security (CIISEC)

CIPD

CompTIA

Council of Professors and Heads of Computing (CPHC)

CREST

Chartered Society of Forensic Sciences (CSFS)

Engineering Council

Information Assurance Advisory Council (IAAC)

The Institution of Analysts and Programmers (IAP)

The Institution of Engineering and Technology (IET)

Institute of Measurement and Control (InstMC)

ISACA

Royal Academy of Engineering

Security Institute

techUK

The Worshipful Company of Information Technologists (WCIT)

ISC2 Cybersecurity, ISC2 Tutorials and Material, ISC2 Guides, ISC2 Certifications
The UK Cyber Security Council will work in partnership with the National Cyber Security Centre (NCSC), will be developed with broad representation and will be tasked to support the Government’s National Cyber Security Skills Strategy by providing recognition across the practicing community, while enhancing standards and thought leadership for the future.

“The formation of a UK Cybersecurity Council is an important strategic development that displays the UK’s commitment to professionalise the industry in the UK.  We are excited to be a part of this development and as a Member of the Collaborative Alliance we will ensure that our association members have the opportunity for their voices to be heard in the formation of a UK Cybersecurity Council,” said Deshini Newman, managing director EMEA, (ISC)².

Thursday, 22 August 2019

Most Cyber Workers Plan to See Out Their Careers in the Field

ISC2 Certifications, ISC2 Tutorials and Materials, ISC2 Guides, ISC2 Learning, ISC2 Cybersecurity
Recruiting cybersecurity professionals is a major challenge because of the scarcity of qualified candidates, but at least employers don’t have to worry about them wanting to change professions. Most cybersecurity workers (64%) plan to finish out their careers in cybersecurity, according to (ISC)² research.

Of course, this creates a new challenge for employers – how to retain their cybersecurity staff. With a worldwide shortage of nearly 3 million, there’s always a chance workers will leave for better pay or more attractive working conditions.

To prevent this, employers must put serious effort into retention with measures such as robust training, professional development and open communication. The research shows that cybersecurity professionals want their opinions to be taken seriously when asked for input on cybersecurity matters. Employers that fall short in this respect may be sending their workers into the arms of another organization.

Another effective step aimed at retention involves cybersecurity certifications. Cybersecurity professionals view them as critical to their success, but the costs of taking courses and preparing for tests can be a big challenge.

Experience and Longevity


The finding regarding cybersecurity workers’ intentions to stay in the field came from (ISC)²’s most recent Cybersecurity Workforce Study, which polled 1660 cybersecurity and IT professionals. Professionals planning to remain in cybersecurity for the rest of their careers have worked in IT roles for an average of 11 years and cybersecurity roles for nearly seven years, the study found.

These respondents categorized themselves as cybersecurity professionals at a higher rate (37%) than the overall number of respondents (29%). The study found a link between experience and longevity: Respondents with greater experience in cybersecurity roles and initiatives are more likely to want to remain in the field.

ISC2 Certifications, ISC2 Tutorials and Materials, ISC2 Guides, ISC2 Learning, ISC2 Cybersecurity

The study also found that cybersecurity workers highly value relevant work experience. In fact, they consider relevant work experience as their top driver of success. That success, the findings suggest, plays a determinative role in wanting to remain employed as a cybersecurity professional.

The Role of Education


It should come as no surprise that education plays a big role in cybersecurity careers, considering the ongoing need to sharpen skills and learn new techniques. What is perhaps unexpected is the 71% of respondents who say they were already interested in cybersecurity careers during their education.

Historically, cybersecurity workers have started out in other career tracks, such as IT or communications, eventually making the switch because of the opportunity and earning potential.

Of the study participants who pursued a cybersecurity-focused education, 53% landed the first job of their career in the field. This compares to 35% of all the IT/cybersecurity professionals surveyed, and highlights the importance of cybersecurity certifications to complement a formal education in cybersecurity. These same respondents viewed cybersecurity certifications as the second most important qualification for cybersecurity professionals seeking employment (after relevant cybersecurity work experience).

According to the study, 42% of respondents planning to see out their careers in cybersecurity have a bachelor’s degree and 33% a master’s degree.

Tuesday, 20 August 2019

3 Pro Tips for Moving from IT to Security

IT Security, ISC2 Tutorials and Materials, ISC2 Certifications, ISC2 Online Exam

Already have a background in IT? Here are three tips for moving toward a more security-focused role.

Take a cue from Goldilocks: Go after the industry certification that’s “just right.”


This entails pursuing a credential that helps augment technical skills with security practices. Many choose the SSCP for its balance between the foundational and technical. SSCP allows you to prove a technical understanding without having to seek a more entry-level certification.

Change your perspective to layer security into the work you’re already doing.


Moving from IT to security is a natural evolution. Once you’ve gained the requisite knowledge and put it into practice, it’s just a matter of changing perspective. Whether you work on the networking team or the help desk, your job is to make things work – and make sure they work efficiently.

When jumping into a security role, the mindset has to change from “let's make this work” to “let's make sure this is working safely.” With this approach, the transition becomes infinitely easier.

Expect to be constantly challenged and embrace it.


Technology moves fast, but security has to move faster to keep up. And in this field, you will never stop learning. Embrace it! And don’t wait. Convergence is happening. DevSecOps is happening, and many companies are adopting this type of workflow.

In security, your seat on the team no longer matters. You must have an understanding across disciplines to collaborate effectively and come up with solutions.

Saturday, 17 August 2019

SSCP vs. CISSP Exams: How are they different?

You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation?

SSCP Certifications, CISSP Certifications, ISC2 Online Exam, ISC2 Tutorial and Materials

These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives.

In many ways, the CISSP certification holder would find the SSCP exam more difficult, as it’s focused on technical application. Although considered “entry level,” the SSCP is designed for the technical practitioner. It covers how to incorporate, build, design and apply security to technology.

Alternatively, the CISSP was designed with leaders in mind. It emphasizes how to build a program and apply concepts of security to the business. Also, the frame of reference for each certification is poles apart. SSCP tends to focus on technical application, and CISSP on the business alignment of that application.

SSCP Certifications, CISSP Certifications, ISC2 Online Exam, ISC2 Tutorial and Materials
Another important point to consider is depth and breadth: SSCP has more depth; CISSP has more breadth. (ISC)2 members who hold both credentials say each opens doors and benefits them professionally. Many pursue the SSCP first as they work toward getting managerial experience needed to obtain the CISSP.

To qualify for the SSCP, candidates must have at least a year of cumulative, paid, full-time work experience in one of the seven domains. For the CISSP, candidates must have at least five years of cumulative, paid, full-time work experience in two of the certification’s eight domains.

Domains


SSCP Domains CISSP Domains
Access Controls Security Risk Management
Security Operations and Administration  Asset Security 
Risk Identification, Monitoring and Analysis  Security Architecture and Engineering 
Incident Response and Recovery  Communication and Network Security 
Cryptography  Identity and Access Management 
Network and Communications Security  Security Assessment and Testing 
Systems and Application Security  Security Operations
Software Development Security 

Exam Comparison


Certification SSCP  CISSP 
Number of Items  125  100-150
Maximum Time Allowed  3 hours  3 hours 
Passing Score (out of 100)  700 700 
Available Formats  English, Japanese, Brazilian Portuguese  English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean* 

*Format also available to accommodate visual impairment.

For a deeper dive into each certification, download the latest (ISC)² Ultimate Guides to the SSCP or CISSP. 

For a quick knowledge check, take the (ISC)² Practice Quizzes on CISSP or SSCP.

Wednesday, 14 August 2019

(ISC)² Meeting with Department of Commerce to Discuss Cybersecurity Workforce Issues

Cybersecurity Workforce, ISC2 Certifications, ISC2 Learning, ISC2 Tutorials and Materials
Part of (ISC)²’s role in the cybersecurity industry includes representing its members in legislative matters to ensure that we’re advocating for the profession and providing guidance to government leaders on new policies that may be championed.

On Wednesday, August 14, (ISC)² Director of Cybersecurity Advocacy John McCumber will meet with The U.S. Senate Committee on Commerce, Science and Transportation to discuss the findings of the (ISC)² Cybersecurity Workforce Study and its implications on cybersecurity workforce advancement that the U.S. government might spearhead in collaboration with the private sector.

This type of input session will help to inform the committee during the August Congressional recess so that legislative decisions can be moved forward when Congressional leaders return to Capitol Hill in September.

The meeting follows testimony that (ISC)² provided in May in front of the U.S. House of Representatives Committee on Homeland Security on the topic of diversification of the cybersecurity workforce, in a hearing titled “Growing and Diversifying the Cyber Talent Pipeline.”

(ISC)² will continue to provide such counsel to Congressional and Senate leaders when requested in an ongoing effort to shore up the cybersecurity workforce and encourage participation by the U.S. government in growth initiatives aimed at closing the skills gap.

Tuesday, 13 August 2019

Interview Tips for the Network Technician and Cyber Security Field

ISC2 Study Materials, ISC2 Learning, ISC2 Guides, ISC2 Online Exam

There is a growing demand for those working in cyber security and IT. With more online business than ever before, companies need people to keep their network running smoothly and their information protected.

If you have completed your cyber security and network technician program, and you are applying to jobs, it is important to be prepared for interviews. Check out some of our best interview tips for those in the cyber security field. We hope these tips can help you land your dream job!

Before the Interview


The interview does not start when you arrive at the office to answer questions. It starts as soon as you hear back from the company. To land your dream job, you need to prepare for the interview in advance. Check out some tips on interview prep right here.

◈ Practice Questions in Advance – It is a great idea to practice interview questions before you go into an interview. There are certain questions that you know an interviewer will ask, and it is great to get an idea of what you will say.

ISC2 Study Materials, ISC2 Learning, ISC2 Guides, ISC2 Online Exam
◈ Research the Company – When you schedule an interview with a particular company, you should then do some research on that company specifically. Find out more about what your specific role within the company would be and how that would fit with the company overall. Do what you can to learn about the company culture and values. All of this information will be important because you want to be able to show your interviewer why you would be a good fit in this company.

◈ Review Your Knowledge and Skills – Also, before you go into an interview, you will want to review your skills and knowledge. Some interviews will have some sort of test of your skills to be sure you can handle the requirements of the position.

It is always a great idea to prepare for your interview before you go into it. This will help you give a better impression, but it can also make you more relaxed for the interview because you know that you are prepared.

During the Interview


Now that we have discussed some tips on preparing for an interview, here are some tips to keep in mind for the interview itself.

◈ Arrive Slightly Early – Tardiness is not the first impression you want to make on a potential employer. Be sure you arrive a few minutes early for your interview so that you can show your punctuality and responsibility.

◈ Be Pleasant and Make Eye Contact – It is also important to remember to try to relax and be pleasant during an interview. You want to do your best to connect with your interviewer. The company is not only looking for someone who has the skills for the job, but they are also looking for people that would be fun to work with and a good fit for the company. Try to relax and be yourself while remaining professional.

◈ Show Your Knowledge and Skills – Also, it is crucial that you remember to highlight your skills and abilities. A job interview exists to determine if the candidate can handle the duties and responsibilities of a specific job opening. When asked questions about your experience, be sure to discuss your specific knowledge and experience. This will help the potential employer know that you can handle the work and the responsibilities required of you for the position.

Job interviews can be nerve-wracking, but just remember to be yourself and put your best foot forward. Show the company why you would be a good fit to work there. After the interview, be sure to follow up and thank the interviewer for their time.

Working in network technology and cyber security is a fast-growing field. You can attend a training program that can get you started working in this field in very little time. This type of work can be challenging and rewarding, so it could be a great career option for you. Learn more about starting your career below.

Saturday, 10 August 2019

7 Essential Skills and Characteristics for Working in Cyber Security

Cyber Security, ISC2 Learning, ISC2 Guides, ISC2 Tutorial and Material, ISC2 Certifications

Imagine yourself at the heart of an organization working to protect the online systems and networks from outside attack. Imagine yourself performing test hacks to be sure systems are working at their best and safest. This is the work of a cyber security professional, and it could be the type of work that you do in the future. Learn more about some of the essential skills required for this job below.

Essential Skills and Traits for Cyber Security Work


How do you know if you have what it takes to work in cyber security? We can help you out. Check out some of the essentials skills and characteristics you need to work in this profession right here. Also, if you need to build up some of these skills and abilities, you can attend a cyber security and network technician program.

Technical Knowledge – When working in IT and cyber security, it is essential that you have the technical knowledge and skills to complete your job duties. This technical knowledge will include working on computer networks, installing hardware, installing software, evaluating the security of a network, checking for security breaches, and more.

Cyber Security, ISC2 Learning, ISC2 Guides, ISC2 Tutorial and Material, ISC2 Certifications
Critical Thinking – Critical thinking skills will also be essential for this type of work. As an IT professional, you will have to think to evaluate systems and networks and anticipate changes or updates so that you can stay on the cutting edge of the network and security.

Communication – You will also need strong communication skills to work in this type of position. You will need to be able to communicate with your supervisor so that they are aware of the work you have done. You will also need to be able to communicate with the different people in your company. This is because you may be making upgrades or changes to different networks or systems, and that may have an impact on some of the employees. You need to be able to clearly communicate what you are doing in terms that everyone will understand because not everyone is a tech professional.

Problem-Solving Problem-solving is another essential quality for a cyber security professional. There will be problems that arise with the network or with the security that is in place. You will need to come up with the best solution to these problems and implement it quickly and effectively. If there is a problem with security, it could have a detrimental impact, so you need to have the ability to solve problems quickly.

Organizational Skills – It is also important to be organized when you are working in the IT world. You will not only have to be organized with all the work you do (so that you can be sure you are getting everything done), but you will probably need to coordinate your work with other people and departments. This will take planning and organization to achieve.

Detail-Oriented – When it comes to cyberattacks, the small details can be some of the most important. That is why being detail-oriented can be very important in this line of work. Attacks on a system or problems with a network are often just minor differences from a well-working system. The ability to notice the difference in the details will serve you well.

Team Player – You will also need to be a team player within your department and within your company. Depending on the company you work for, the IT and cyber security department could be just a couple of people, or it could be many people. Regardless of the number, you need to be able to work well in your team and work well with others. You will also need to be a team player within the entire company. There will be many different departments that depend on you to be able to do their jobs successfully. Be sure you can work well with others if you want to go into this profession.

Cyber security work is more important now than ever. There is more demand for this type of work as more businesses are storing important and confidential information on the internet. This type of work is also more essential than ever because hackers are getting smarter about getting into information illegally. As you can see from above, there are a lot of essential skills to working in cyber security, but that is because it is important work. If you want to build your cyber security skills and knowledge, you can do so by attending a network technician and cyber security program.

Thursday, 8 August 2019

Why Certified Cloud Security Professionals are in Higher Demand Than Ever

A new report from Palo Alto Networks’ Unit 42 threat intelligence team titled “Cloudy With a Chance of Entropy” reports that there are at least 34 million vulnerabilities across some of the largest cloud platforms, including Amazon Web Services, Google Compute Engine and Microsoft Azure.

ISC2 Study Materials, ISC2 Tutorial and Materials, ISC2 Certifications, ISC2 Online Exam

Notably, the threats were not found to be the result of cloud providers themselves, but rather the applications customers deploy on cloud infrastructure. As the report states, “cloud service providers maintained their sterling reputation for platform security . . . however, consumers of infrastructure- and platform-as-a-service (IaaS and PaaS) cloud offerings continue to struggle with getting the basics of security right.”

The surging adoption of cloud container systems such as Docker and Kubernetes is leading to many of these issues. The report states that more than 40,000 container systems operate under default, insecure configurations. 65% of all cloud-related incidents between February 2018 and June 2019 were the result of misconfigurations by customers. The advice from Palo Alto is clear. “Security teams need to embrace containers as they are key to enabling DevSecOps. However, teams also need to ensure that the applications and hosts are securely configured and monitored.”

Staying current with cloud security best practices can help organizations avoid unknowingly leaving themselves open to vulnerabilities. This is one of the main reasons (ISC)² recently refreshed the content for and updated the domains within its CCSP cloud security certification. Proactively realigning the exam enables (ISC)² to affirm candidates’ deep knowledge of cloud security architecture, design, operations and service orchestration. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing cloud security professional.

A recent (ISC)² webinar brought together several of the speakers who’ll be presenting at the upcoming (ISC)² Security Congress 2019 in the Cloud Security track to preview their sessions, get an idea of what will be covered and discuss the state of cloud security today. Watch the “2019 Security Congress Preview – Cloud Security” Security Briefings webinar on demand today.

As a reminder, Early Bird registration is available through August 15 for the conference, which takes place in Orlando, FL from October 28 – 30. By popular demand, one of the 18 tracks available at the conference will focus on Cloud Security and the challenges practitioners face when dealing with all things cloud related. In addition to this track, there will also be pre-conference training available, which includes a CCSP Cloud Security Crash Course, and the third annual CSA Summit,

For the latest findings on the state of cloud security, you can also check out Cybersecurity Insiders’ “2019 Cloud Security Report,” sponsored by (ISC)².

ISC2 Study Materials, ISC2 Tutorial and Materials, ISC2 Certifications, ISC2 Online Exam

Saturday, 3 August 2019

Writing Cybersecurity Articles – Getting Through the Tough Times

We’ve all been there, staring at the blank page or the blank screen, frustrated that the words aren’t flowing anymore, if they ever were. For the fortunate, this feeling can be fleeting, quickly replaced by a geyser of ideas and sentences that flow onto the page. For the rest of us, the momentary blockage can take a more serious turn, resulting in days or weeks of “challenged writing” in which you have no choice but to plow through the slow drip-drip of words and ideas. In extreme cases, one might even begin to think that they are experiencing writer’s block, followed by the realization that the thud sound you just heard is that of your morale sinking to new lows.

Cybersecurity, ISC2 Certifications, ISC2 Tutorial and Material, ISC2 Exam

Writing ebbs and flows. When it flows, the writer enjoys the high of being “in the zone” with all the energy and clarity that comes with it. But what options do we have when writing doesn’t flow, but instead feels like a chore, an exercise in frustration and despair? Even the best and most prolific writers have at some point experienced the downswing of their writing pendulum. One of the key differences between the writing pros and the rest of us is that the pros have learned tricks to help them overcome the times of relative drought.

There’s no magic recipe for those struggling with their writing, but this article outlines a list of options and suggestions to consider and experiment with.


Cybersecurity, ISC2 Certifications, ISC2 Tutorial and Material, ISC2 Exam

Motivation — The Key to Refilling Your Writing Aqueduct


The Romans built aqueducts to ensure that their cities had access to a continuous source of freshwater. Aqueducts such as the Pont du Gard (in Southern France near Nimes) pictured here could span dozens of miles to bring life-supporting water to far away cities.

How healthy is your own “writing aqueduct?” Does it tap into your creative source, your desire to improve the state of security and privacy in these challenging, interconnected times? What drives you to write? When was the last time you reflected whether your motivation for writing is internally driven, externally driven, or somewhere in between? Motivation is a strong force, one that you can tap into to refill your writing aqueduct, to rekindle that writing flame, as words and ideas want to be shared. Focusing on the value that you bring to your reader can help you once again open the flow of words to reach your audience downstream.

Start With Why


Another way to review your level of motivation is to ask yourself why. Why are you writing? It’s also important to know who are you writing for, and what message you want to share with, but it all begins with why. Side note: Start With Why is also the title of a book worth reading if you’re open to exploring how other fields (like marketing and psychology) can influence what we do in cybersecurity. It wasn’t written with security in mind so you will have to connect the dots yourself, but that’s part of the fun.

Revisiting Your Writing Environment


In a previous article on setting up your writing process, I briefly covered the importance of setting up your writing environment for success, in terms of places where you do your best writing and times of the day that work well for you. But as with other creative endeavors, what previously worked well for us at a given place and time might no longer be effective for our writing process. The magic desk is no longer magic. That magic time of day is just “meh.”

If the regular time and place are no longer conducive to your writing process, it’s time to experiment with a new location or a new time of day. Look for a place that inspires you, where you find yourself thinking deeply. While the shower might come to mind, unless you have an ample supply of waterproof ink and paper, you’ll need to find a more suitable spot.. Similarly, experiment with how well your writing flows at different times of the day. Look for times when you are feeling less stressed, with a reasonable amount of noise and disruptions. Why reasonable? Because we all have different tolerance levels for distractions, although I’m quite sure that most of us would find it very challenging to write while the dog is barking or while your kids are playing video games and talking through their every move.

Revert to “Old School” Tools


Don’t discount the utility of “old school” tools, i.e. pen and paper. You might be a gifted writer who can work directly on a laptop and crank out page after page — or rather screen after screen — of paragraphs. But if you’re reading this, chances are that your writing might not be as profuse as it once was. If the screen no longer inspires you — at least not the way it used to — then it’s time to try going back and generating ideas, outlines, and even portions of paragraphs on paper. Yes, you’ll need to spend some extra time to transfer your chicken scratch into bits and bytes, but that will give you an opportunity for another round of revision, thus continuing the positive feeling of flow of words and ideas — as opposed to waiting for the words to flow.

Another tool that one of my friends suggested is a whiteboard. Part writing and part drawing, the whiteboard might just be what you need to visually connect your left and right hemispheres to reboot the flow of ideas and eventually the flow of words.

Easing Back into Writing … Based on Existing Work


In my previous article, I mentioned two avenues to practicing and developing your writing. I called the two approaches “your words, your ideas” and “your words, their ideas.” The former is often more challenging as the writer must oversee both the creation and ordering of ideas, but also their expression into words. The latter can be part of a let’s-get-back-to-writing approach to rekindle your knack for writing without the extra burden of having to also generate original ideas. This form of writing — creating a summary or analyzing an existing body of work — lends itself well to sentence-level focused writing. Eventually you’ll have written out all the sentences that you felt were necessary to convey meaning, and you can then move on to your revision process to blend those sentences into coherent paragraphs.

The Thirsty Writing Approach


No this isn’t a new drinking game, but it’s the name I gave to a tactic I read about in a Harvard Business Review article: “It’s easier to keep going with a task after you’ve overcome the initial hump of starting it in the first place.” Our brains don’t let go of unfinished work, so use that to your advantage. Start the writing process, then stop. Let your “thirsty” brain keep thinking about that piece of writing while you go about your day but keep watch for moments when you feel a “pull” to get back to the writing. When the pull is strong enough and you know you have enough free time — and the right setup/tools — to engage in the writing process, go for it. I’ve used this approach many times with great success, by starting to write portions of an article, then stopping mid-way. Sometimes I would write two or three paragraphs in a row, while at other times I would just write snippets of sentences representing different paragraphs instead.

Give Up, Then Come Back


If all else fails, and assuming you’re able to do so, give up. Take some time off from your writing. Do other things. Then, when the time is right — in composing this sentence, I initially wrote “when the time is write” — come back to the writing process refreshed. But remember to reflect on your motivation, to review your writing environment, and to double-check that you have the right writing tools nearby.

Writing is a process, and like any process, it can be improved. If you’re frustrated with your current writing process, explore the options mentioned in this article, but most importantly remember to give yourself a break — and the space to reconnect with your writing.

Thursday, 1 August 2019

Why You Should Consider A Security Certification (and why now is the time)

Let’s face it: Opportunity goes to the well-prepared. And living in dangerous and dynamic times, each of us needs to be so much better prepared to face tomorrow than we were today.

ISC2 Study Materials, ISC2 Guides, ISC2 Learning, ISC2 Online Exam, ISC2 Certifications

We’re all at risk. Everything we value, everyone we hold dear are held hostage to the badly misinformed decisions of the well-intended; are targets of opportunities to those with malice at heart. Those people, the “bad guys,” the black hats, are already outspending most legitimate businesses and organizations when it comes to investing in their knowledge, skills and abilities to attack.

The right certification, earned at the right time in your journey, is part of being prepared.

Ninety-nine percent of the headline-grabbing data breaches, the ransom attacks, the intrusions into information systems have been blamed on management making the wrong decisions. Managers and leaders in every organization desperately need people who can marry the technologies of IT security to the business needs for dependability, safety, reliability, confidentiality, and privacy for their information and information systems. They need us.

I keep hearing recruiters and industry groups saying that the North American market has over a million jobs begging for people who can collaborate with end users and their managers to keep the lifeblood of their companies and organizations secure.

Getting certified – in any domain – can and should be mind-expanding. It’s the opportunity to see things in different ways, while at the same time benchmarking what you know, what you can do with that knowledge, and how you think.

Explore how (ISC)2 credentials can prepare you to inspire a safe and secure cyber world – and enhance your career!

Read More: ISC2 Certifications