Inside (ISC)²: Updates on Exams and Certifications
Clar Rosso, CEO of (ISC)2 shares the latest insights on what’s happening at our association. Join us for this quarterly update where we cover the latest developments at (ISC)2, ranging from certification to member benefits, continuing education and events, to major milestones and achievements.
Joining Clar this quarter is Dr. Casey Marks, chief product officer and VP of (ISC)2, to discuss the latest in Exams and certifications.
RecordedMar 23 202161 mins
Your place is confirmed, we'll send you email reminders
Charles Allen, CIPP/E, InfoSec Consulting Manager, OneTrust GRC; Brandon Dunlap, Moderator
Do you spend countless hours assessing businesses risk, stuck in spreadsheets, sift through emails to find the most up-to-date information? After gathering all the necessary information from your line of business, you still need to review, validate, analyze, and assigned a risk score. All of this must be done before actionable insights can be drawn or mitigation efforts can take place. There is a significant gap in how risk is assessed and rate at which your business operates today. As your program evolves, the need to simplify the risk assessment process becomes unavoidable. But a common reality is that as your business continues to develop, risk assessment practices and resources have largely remained the same. It’s not as simple as getting a risk management tool; it’s about finding the right technology to adapt your processes in line with your current risk landscape and business objectives. On July 8, 2021 at 1:00 pm BST. OneTrust GRC and (ISC)2 will review risk assessment best practices businesses should consider based on leading industry standards from ISO 31000, NIST CSF, and the latest DOJ Corporate Compliance Guidance. We will also share how to:
· Familiarize yourself with proven best practices and new perspectives on risk assessments
· Identify opportunities to collect risk insights in context through an automated questionnaire process
· Streamline risk identification with automation rules tied to your risk methodology
Bob Hansmann, Sr. Product Marketing Manager - Security, Infoblox; Brandon Dunlap, Moderator
Cybercriminals must become masters of evasion if they are to be successful. Many threats, such as APT’s, are designed to remain hidden for weeks or longer as they slowly monitor their victim, compromising select information in a way that is also intended to go unnoticed. Others, like ransomware, may only need to hide their malicious intentions long enough to infect and begin encryption processes. And even when these attacks trip some defensive sensor, it can take analysts days to investigate and launch an effective incident response, often too late to prevent significant damage. Join Infoblox and (ISC)2 on June 22, 2021 at 1:00 p.m. BST as we assess evasion methodologies and the value of DNS, with some unique EMEA callouts, to counter them across the kill chain including:
• Why does DNS visibility expose threat activity other solutions miss?
• How can DNS visibility be used to make other solutions more effective?
• What role does DNS play in investigation and response?
Karl Lankford, VP, Solution Engineering, EMEIA, Beyond Trust; Brandon Dunlap, Moderator
As businesses constantly evolve and grow, so does an organization's attack surface. The pace and velocity of technology transformation in enterprises has created a difficult environment for security teams to defend against complex threats. Join Beyond Trust and (ISC)2 on June 15, 2021 at 1:00 p.m. BST for a webinar where will examine how Privileged Access Management (PAM) can support the security team as an enabler to digital transformation, while providing one of the most effective ways to stop lateral movement by threat actors.
Key topics to be covered include:
· What Is Digital Transformation and why should we care about it?
· Why automation isn’t just for the business
· How to mitigate identity risk with Privilege Access Management
Sam Humphries, Exabeam; Jessica Cholerton, Exabeam; Brandon Dunlap, Moderator
If the idea of automating breach response fills you with a sense of uneasiness, you’re definitely not alone. But the flipside of doing everything manually isn’t ideal either…and can actually bring more risk to a situation, especially during a major incident. On June 10, 2021 at 1:00 p.m. BST, Join Sam and Jess (aka The Real Housewives of Automation) of Exabeam and (ISC)2 for a session where we will explain where, how and when automation can help you investigate and respond quickly, accurately, and without creating a LinkedIn profile updating moment. We’ll also examine:
· End to end automated vs manual response – a look into a real breach through two different lenses
· The machines are our friends – how automation will help your team thrive
· Raging alongside the machines – how to get the right balance
· Investigation and response automation – where to start and how to finish
Helen Patton, Advisory CISO, Duo Security at Cisco; Brandon Dunlap, Moderator
What is the value of trust for a company, and what role does a security leader play in order to enable it? On June 8, 2021, at 1:00 p.m. BST, Duo Security Advisory CISO Helen Patton and (ISC)2 will discuss the factors that make a company trustworthy, and how a security team builds trust within an organization. We will review the Cisco Security Outcomes Study and consider the trust-based activities that enable positive security outcomes. Attendees will be provided with actionable suggestions for improving security and trust in their organization.
Scott Bridgen, Head of GRC, OneTrust GRC; Brandon Dunlap, Moderator
Every organization is working to reduce the delay between issuing a risk assessment, receiving a response, gaining risk insight, and making a risk-based decision. Risk insights quickly lose value as time elapses from the initial assessment request. Businesses should leverage the digital workstreams to collect information as updates occur using data discovery tools to find, document, and classify in real-time. Join OneTrust GRC and (ISC)2 on June 3, 2021 at 1:00 pm BST as we explore how to quickly connect enterprise data through automated data discovery and translate the data into meaningful risk insights. We’ll also examine how to:
· Identify data across business applications for the latest risk insights.
· Automatically categorize information to deliver meaningful insights across risk, compliance, and your executive teams
· Explore a new way to quantify risk using risk formulas to aggregate and standardize risk using real-time data points
Zeki Turedi, CTO for Europe, Middle East & Africa, Crowdstrike; Brandon Dunlap (Moderator)
In a year when a global pandemic significantly changed how and where we work, the CrowdStrike 2021 Global Threat Report has never been more highly anticipated. This year, the report exposes how cyber adversaries have exploited the situation, accelerating attacks and introducing increasingly damaging tactics, techniques and procedures. On April 13, 2021 at 1:00Pm BST, CrowdStrike Technology Strategist, Zeki Turedi and (ISC)2 will examine the notable threats, events and trends in the report, including pragmatic recommendations to help you better defend against cyberattacks in 2021 and beyond. We'll also examine:
· How the COVID-19 pandemic has changed cybersecurity
· How "big game hunters" are targeting the healthcare sector
· Significant nation-state-based targeted attacks and operations observed from China, Iran, DPRK, Russia and others
· The CrowdStrike eCrime Index and how it measures the strength of the cybercriminal market over time
This year, Cisco hosted the first global, virtual Cisco Live 2021 event. Customers from all around the world converged virtually to experience the latest technology innovations, network with peers and colleagues, and find out what Cisco has in store for 2021. We will cover the latest hot topics within cybersecurity including how companies are protecting their workforce remotely; what the future of work looks like and how companies are shifting towards a cloud security which including trends that we have seen emerging with SD-WAN and SASE. Join Cisco and (ISC)2 on May 27, 2021 at 1:00 p.m. BST as we discuss the key takeaways on Cloud Security arrived at during the Cisco Live 2021 event.
Ell Marquez, Linux and Security Advocate, Intezer Labs; Brandon Dunlap, Moderator
Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable foe isn’t an opposing army. It may very well be a single malicious actor, or a state-sponsored group of hackers. Without a trace of their tools left on the disk, attackers are storing the code in memory–resulting in infamous Fileless Malware. If successful, the best case scenario outcome is a tarnished reputation; the worst, significant (and potentially irreparable) damage to a brand and its business. Join Intezer Labs and (ISC)2 on May 25, 2021 at 1:00 pm BST for a discussion on how attacks like these can cripple an organization without its security team ever knowing it.
Nuno Almeida, Consulting Engineer, EMEA, BitSight; Brandon Dunlap, Moderator
Communicating Cybersecurity for non-technical users is a common challenge across organizations, who commonly perceive cybersecurity as a needed expense and cost center. Leveraging a Risk Based approach, such as the one provided by Security Ratings, allows you to better understand and communicate risks coming from gaps in your Security Program, prioritize and justify investments to the business, bridging the gap to technical stakeholders acting upon the cybersecurity issues and incidents. Join BitSight and (ISC)2 on May 20, 2021 at 1:00 p.m. BST as we look at how Security Ratings can provide an unbiased metric to your external security performance, while complementing your operational tools with both an operational view, and a strategic perspective to prioritize your greatest risks, measure performance, and communicate to stakeholders.
As organizations continue to struggle to find trained cybersecurity professionals to build out their teams, recruiters and hiring managers may need to adjust the tactics they use to proactively identify internal and external candidates. Developing bench strength by targeting candidates who have transferable skills can lead to long term depth and stability on security teams. Understanding who to look for and managing their expectations of what cybersecurity roles entail is critical to success. Join Clar Rosso, CEO of (ISC)2 on May 18, 2021 at 1:00 p.m, Eastern/10:00 a.m. Pacific as she provides an overview of the 2021 (ISC)2 Cybersecurity Career Pursuers Study, which surveyed both experienced cybersecurity professionals as well as jobseekers considering a career in the field. The study examines such topics as which tasks and experiences make a cybersecurity professional successful, the value of mentorship, at what point in their careers pursuers seem likely to seek a cybersecurity path, what attracts people to the profession and which qualities rank as strong indicators of future success for team members.
The MITRE Engenuity ATT&CK Framework has become an integral part of IT security. Every year, MITRE Engenuity tests the most important Endpoint Detection & Response (EDR) manufacturers and checks how well they perform in a real attack scenario (the ATT&CK Evaluations). Every year the results are eagerly awaited as they are an important decision-making tool for companies when determining their security strategy. On May 18, 2021 at 1:00 p.m. BST, SentinelOne and (ISC)2 will provide detailed insight into the criteria used for the evaluation, the latest results and how they should be interpreted. We’ll also examine:
· Why the ATT&CK evaluation is relevant for your company
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic; Brandon Dunlap, Moderator
With up to 80% of cyber security breaches due to compromised credentials, more organisations than ever are prioritising privileged access security. This is reflected by Gartner as they have ranked Privileged Access Management (PAM) as the #1 security project for organisations for two years in a row. With the added challenge of cloud applications and services accelerating, organisations across the globe must understand and manage the challenges posed by privileged access from remote employees, third parties, and contractors. Join Thycotic chief security scientist and author Joseph Carson and (ISC)2 on May 13, 2021 at 1:00PM BST as he examines the key differences between Password Managers and Privileged Access Management and explaining why Password Managers are not enough to protect your privileged access. But we won’t stop there, Joseph will then guide you through the practical approach on how to define and implement privileged access cloud security best practices. We’ll also look at:
· The importance of protecting privileges not just user passwords
· Why Password Managers are not sufficient to protect your privileged accounts
· Key difference between Password Managers and Privileged Access Management
· Best practices for securing cloud privileged access
· Proven approach to implementing secure privileged access for remote workers and third parties
Steve Piper, Co-Founder & CEO, CyberEdge Group; Brandon Dunlap, Moderator
Did you know that 86% of organizations experienced a successful attack in 2021? Up from 81% the prior year, the largest year-over-year increase in six years. CyberEdge’s 2021 Cyberthreat Defense Report (CDR) has become the de facto standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure. Now in its eighth year, the 2021 CDR assesses the views of 1,200 IT security professionals representing 17 countries and 19 industries. It’s the most geographically comprehensive view of IT security perceptions in our industry. Join (ISC)2 (a sponsor of this year’s study) and CyberEdge on May 11, 2021 at 1:00 pm ET/10 am PT for highlights of the results and get key insights including:
- The chronic shortage of IT security skilled staff is still prevalent; hiring gaps exist across all major IT security roles
- Lack of skilled personnel is the #2 obstacle to effective defense against cyberthreats
- The fastest and most economical solution is to train existing IT members to fill security positions
- IT security professionals see personal and organization-wide benefits of cybersecurity certifications, especially for cloud security, software security, security administration, and management
- And more!
Zachary Tudor, CISSP, (ISC)² Board of Directors Chairperson and Clar Rosso, CEO, (ISC)²
(ISC)² Board of Directors Chairperson, Zachary Tudor, CISSP and CEO Clar Rosso update members on accomplishments in Q2 of 2021 including a significant increase in professional development opportunities, record numbers of exam offerings, and sharing new research findings to help fill the cybersecurity profession pipeline. Tune in to hear what the organization has planned for the rest of 2021, including an update on this year’s (ISC)² Security Congress event.
Chris Frost, Technical Solutions Architect, Cloud Security, Cisco; Brandon Dunlap, Moderator
The global pandemic has accelerated the move of edge security controls to a cloud-delivered model. But it hasn’t changed the need for effective threat detection and reliable, fast secure access. The best way for security teams to meet these new challenges head-on is through a secure access service edge (SASE) service. Join Cisco and (ISC)2 on May 6, 2021 at 1:00PM BST as we explore the following:
• Networking and security solutions that are designed to work together
• Efficient and effective cloud-delivered security
• Vendor consolidation and ease of deployment
• Management that will scale with the needs of your business.
Ollie Sheridan, Principal Sales Engineer, Security, (EMEA) Gigamon; Brandon Dunlap, Moderator
DoH (DNS over HTTPS) is a means of further encrypting web traffic and another step towards an encrypted safer Internet, or so it would seem. Many browser vendors are offering a means to tunnel your DNS traffic over HTTPS (TLS), combined with other technologies (such as Encrypted SNI) it presents a challenge to any organisation attempting to maintain a strong security posture in the constant battle against Malware and Data Exfiltration. Join Gigamon and (ISC)2 on April 29, 2021 at 1:00PM BST when we will discuss the rise of DoH, what problem it's trying to solve along with the associated problems it inadvertently creates. We'll also look into how it can be implemented and monitored, examining strategies to mitigate any risks this new approach presents us with. We’ll also examine the motivations behind those offering a 'free service' to users on the Internet and how this encrypted traffic is only as private as the trust you put into to the provider in question.
Michael Byrnes, Director, Solutions Engineering, MEIA; Brandon Dunlap, Moderator
Today, many organizations rely on multiple cloud services with their end users regularly consuming dozens, or even hundreds, of different SaaS applications. This great cloud migration has successfully enabled the increase in remote working and is accelerating digital transformation initiatives. But, more clouds also means more challenges. In addition to the fundamental cloud security issues, there’s the additional complexity and interoperability issues arising from siloed identity stores, native toolsets, and conflicting shared responsibility models between cloud providers, creating an expanded attack surface that organisations need to address. On April 27, 2021 at 1:00PM BST, Beyond Trust and (ISC)2 will look at why the identity challenge is the most important security problem for organisations to solve and is best accomplished by standardizing the management and security controls across the entire IT ecosystem. Join this session to learn:
· The most pressing cloud security risks
· Where native toolsets leave gaps in security that you must address
· How to implement 7 cloud security best practices with privileged access management (PAM) to vastly decrease your likelihood and scope of a cloud-related breach
Natasha Karelina, (ISC)² Customer Service Manager, EMEA
Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarised
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session
Senad Aruc: Lead Technical Solutions Architect at Advanced Threats, Cisco; Brandon Dunlap, Moderator
Criminal operations who operate advanced botnets have their own rules and secrets they don’t want reveled. They like to infect, hack and control victims without getting caught by law enforcements. Endpoint security is not enough to prevent zero-day malware attacks, so the research we do at Cisco has always been focused on the command and control centers. Having this aim, we managed to expose more than 20 unique C&C/Botnet servers dirty secrets in past years. These research articles are published in various cyber security magazines in Europe and Asia and have also been presented at cybersecurity conferences. Join Cisco and (ISC)2 on April 15, 2021 at 1:00PM BST as we reveal the busted famous botnets from inside and outside, with all the original source code, files, and logic behind those criminals. By revealing these busted C&C servers we will see and learn how serious they take this illegal business and have a chance to peek inside them. A list of the busted botnets we will reveal in this presentation includes:
(ISC)² Security Briefings EMEA offers members in Europe, the Middle East and Africa a chance to learn about the latest trends, tools and best practices in cyber, information, software and infrastructure security while earning CPEs