Save 40% on CISSP or CCSP training until November 30

Achieving the globally respected (ISC)² CISSP or CCSP certifications can catapult your career, leading to more credibility, better opportunities and increased earning potential.

To help you stay committed to your certification, through November 30, (ISC)² is offering a 40% discount off Official CISSP and CCSP Online Instructor-Led Trainings when you bundle with an exam voucher. Training seats are limited, so secure your spot today!

OPIS

Online instructor-led training and exam bundle

Your bundle includes:

  • Direct access to an (ISC)² Authorized Instructor
  • Exam voucher (valid for 12 months)
  • Official (ISC)² Student Training Guide (electronic, 1-year access)
  • Interactive flash cards
  • Post-course assessment
  • Continued access to course content for 6 months

Official (ISC)² online instructor-led training

Perfect for distance learning, this hands-on training format offers the structure of real-time class in a virtual setting, with the option to access course recordings. And since it’s Official (ISC)² Training you will be learning the most relevant, up-to-date content developed by (ISC)², creator of the CISSP and CCSP Common Body of Knowledge (CBK).

View training schedule and don’t miss iut! Offer ends November 30, 2020.

As attackers evolve their tactics, continuous cybersecurity education is a must

As the Information Age slowly gives way to the Fourth Industrial Revolution, and the rise of IoT and IIoT, on-demand availability of computer system resources, big data and analytics, and cyber attacks aimed at business environments impact on our everyday lives, there’s an increasing need for knowledgeable cybersecurity professionals and, unfortunately, an increasing cybersecurity workforce skills gap.

continuous cybersecurity education

The cybersecurity skills gap is huge

A year ago, (ISC)² estimated that the global cybersecurity workforce numbered 2.8 million professionals, when there’s an actual need for 4.07 million.

According to a recent global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG), there has been no significant progress towards a solution to this problem in the last four years.

“What’s needed is a holistic approach of continuous cybersecurity education, where each stakeholder needs to play a role versus operating in silos,” ISSA and ESG stated.

Those starting their career in cybersecurity need many years to develop real cybersecurity proficiency, the respondents agreed. They need cybersecurity certifications and hands-on experience (i.e., jobs) and, ideally, a career plan and guidance.

Continuous cybersecurity training and education are key

Aside from the core cybersecurity talent pool, new job recruits are new graduates from universities, consultants/contractors, employees at other departments within an organization, security/hardware vendors and career changers.

One thing they all have in common is the need for constant additional training, as technology advances and changes and attackers evolve their tactics, techniques and procedures.

Though most IT and security professionals use their own free time to improve their cyber skills, they must learn on the job and get effective support from their employers for their continued career development.

Times are tough – there’s no doubt of that – but organizations must continue to invest in their employee’s career and skills development if they want to retain their current cybersecurity talent, develop it, and attract new, capable employees.

“The pandemic has shown us just how critical cybersecurity is to the successful operation of our respective economies and our individual lifestyles,” noted Deshini Newman, Managing Director EMEA, (ISC)².

Certifications show employers that cybersecurity professionals have the knowledge and skills required for the job, but also indicate that they are invested in keeping pace with a myriad of evolving issues.

“Maintaining a cybersecurity certification, combined with professional membership is evidence that professionals are constantly improving and developing new skills to add value to the profession and taking ownership for their careers. This new knowledge and understanding can be shared throughout an organisation to support security best practice, as well as ensuring cyber safety in our homes and communities,” she pointed out.

In the era of AI, standards are falling behind

According to a recent study, only a minority of software developers are actually working in a software development company. This means that nowadays literally every company builds software in some form or another.

standards development

As a professional in the field of information security, it is your task to protect information, assets, and technologies. Obviously, the software built by or for your company that is collecting, transporting, storing, processing, and finally acting upon your company’s data, is of high interest. Secure development practices should be enforced early on and security must be tested during the software’s entire lifetime.

Within the (ISC)² common body of knowledge for CISSPs, software development security is listed as an individual domain. Several standards and practices covering security in the Software Development Lifecycle (SDLC) are available: ISO/IEC 27024:2011, ISO/IEC TR 15504, or NIST SP800-64 Revision 2, to name some.

All of the above ask for continuous assessment and control of artifacts on the source-code level, especially regarding coding standards and Common Weakness Enumerations (CWE), but only briefly mention static application security testing (SAST) as a possible way to address these issues. In the search for possible concrete tools, NIST provides SP 500-268 v1.1 “Source Code Security Analysis Tool Function Specification Version 1.1”.

In May 2019, NIST withdrew the aforementioned SP800-64 Rev2. NIST SP 500-268 was published over nine years ago. This seems to be symptomatic for an underlying issue we see: the standards cannot keep up with the rapid pace of development and change in the field.

A good example is the dawn of the development language Rust, which addresses a major source of security issues presented by the classically used language C++ – namely memory management. Major players in the field such as Microsoft and Google saw great advantages and announced that they would focus future developments towards Rust. While the standards mention development languages superior to others, neither the mechanisms used by Rust nor Rust itself is mentioned.

In the field of Static Code Analysis, the information in NIST SP 500-268 is not wrong, but the paper simply does not mention advances in the field.

Let us briefly discuss two aspects: First, the wide use of open source software gave us insight into a vast quantity of source code changes and the reasoning behind them (security, performance, style). On top of that, we have seen increasing capacities of CPU power to process this data, accompanied by algorithmic improvements. Nowadays, we have a large lake of training data available. To use our company as an example, in order to train our underlying model for C++ alone, we are scanning changes in over 200,000 open source projects with millions of files containing rich history.

Secondly, in the past decade, we’ve witnessed tremendous advances in machine learning. We see tools like GPT-3 and their applications in source code being discussed widely. Classically, static source code analysis was the domain of Symbolic AI—facts and rules applied to source code. The realm of source code is perfectly suited for this approach since software source code has a well-defined syntax and grammar. The downside is that these rules were developed by engineers, which limits the pace in which rules can be generated. The idea would be to automate the rule construction by using machine learning.

Recently, we see research in the field of machine learning being applied to source code. Again, let us use our company as an example: By using the vast amount of changes in open source, our system looks out for patterns connected to security. It presents possible rules to an engineer together with found cases in the training set—both known and fixed, as well as unknown.

Also, the system supports parameters in the rules. Possible values for these parameters are collected by the system automatically. As a practical example, taint analysis follows incoming data to its use inside of the application to make sure the data is sanitized before usage. The system automatically learns possible sources, sanitization, and sink functions.

Back to the NIST Special Papers: With the withdrawal of SP 800-64 Rev 2, users were pointed to NIST SP 800-160 Vol 1 for the time being until a new, updated white paper is published. This was at the end of May 2019. The nature of these papers is to only describe high-level best practices, list some examples, and stay rather vague in concrete implementation. Yet, the documents are the basis for reviews and audits. Given the importance of the field, it seems as if a major component is missing. It is also time to think about processes that would help us to keep up with the pace of technology.

Save on CCSP self-paced exam prep when bundled with exam voucher

Now’s your time to become recognized as a globally respected cloud expert and catapult your career with the (ISC)² Certified Cloud Security Certification (CCSP).

Save on CCSP self-paced exam prep

To help you confidently prepare for the exam, (ISC)² is offering a limited time discount on CCSP Self-Paced Training when bundled with your exam. Get both for just $1,094 – a savings of more than $250! Offer ends October 30.

Official (ISC)² Online Self-Paced Training is a great solution if you want complete autonomy to learn on your own schedule, in your own space using official (ISC)² pre-recorded videos and courseware.

Your training and exam bundle will include:

  • 180-day access to course content
  • Official (ISC)² Student Training Guide (electronic, 1-year access)
  • More than 100 prerecorded videos
  • Interactive flash cards
  • Case studies and real-world scenarios
  • Knowledge checks after each domain plus post-course assessment questions
  • Exam voucher (valid for 12 months)

There’s no need to wait for the New Year… Get a head start today!

Why developing cybersecurity education is key for a more secure future

Cybersecurity threats are growing every day, be they are aimed at consumers, businesses or governments. The pandemic has shown us just how critical cybersecurity is to the successful operation of our respective economies and our individual lifestyles.

developing cybersecurity education

The rapid digital transformation it has forced upon us has seen us rely almost totally on the internet, ecommerce and digital communications to do everything from shopping to working and learning. It has brought into stark focus the threats we all face and the importance of cybersecurity skills at every level of society.

European Cybersecurity Month is a timely reminder that we must not become complacent and must redouble our efforts to stay safe online and bolster the cybersecurity skills base in society. This is imperative not only to manage the challenges we face today, but to ensure we can rise to the next wave of unknown, sophisticated cybersecurity threats that await us tomorrow.

Developing cybersecurity education at all levels, encouraging more of our students to embrace STEM subjects at an early age, educating consumers and the elderly on how to spot and avoid scams are critical to managing the challenge we face. The urgency and need to build our professional cybersecurity workforce is paramount to a safe and secure cyber world.

With a global skills gap of over four million, the cybersecurity professional base must grow substantially now in the UK and across mainland Europe to meet the challenge facing organisations, at the same time as we lay the groundwork to welcome the next generation into cybersecurity careers. That means a stronger focus on adult education, professional workplace training and industry-recognised certification.

At this key moment in the evolution of digital business and the changes in the way society functions day-to-day, certification plays an essential role in providing trust and confidence on knowledge and skills. Employers, government, law enforcement – whatever the function, these organisations need assurance that cybersecurity professionals have the skills, expertise and situational fluency needed to deal with current and future needs.

Certifications provide cybersecurity professionals with this important verification and validation of their training and education, ensuring organisations can be confident that current and future employees holding a given certification have an assured and consistent skillset wherever in the world they are.

The digital skills focus of European Cybersecurity Month is a reminder that there is a myriad of evolving issues that cybersecurity professionals need to be proficient in including data protection, privacy and cyber hygiene to name just a few.

However, certifications are much more than a recognised and trusted mark of achievement. They are a gateway to ensuring continuous learning and development. Maintaining a cybersecurity certification, combined with professional membership is evidence that professionals are constantly improving and developing new skills to add value to the profession and taking ownership for their careers. This new knowledge and understanding can be shared throughout an organisation to support security best practice, as well as ensuring cyber safety in our homes and communities.

Ultimately, we must remember that cybersecurity skills, education and best practice is not just a European issue, and neither is it a political issue. Rather, it is a global challenge that impacts every corner of society. Cybersecurity mindfulness needs to be woven into the DNA of everything we do, and it starts with everything we learn.

Finish the year strong with special pricing on CISSP training thru Oct. 30

Go for CISSP certification now to achieve more in 2021 as a globally recognized cybersecurity leader. Whether you’re motivated by career advancement, higher pay or inspiring a safe and secure cyber world, the CISSP is a clear professional game-changer.

Passing the CISSP exam is a huge accomplishment, and (ISC)² can help you prepare with confidence. Now thru October 30, (ISC)² is offering a discount on Official CISSP Self-Paced Training when you bundle with an exam voucher.
Get both for just U.S. $1,260 – a savings of nearly U.S. $300!

special pricing on CISSP training

Official (ISC)² Online Self-Paced Training is a great solution if you want complete autonomy to learn on your own schedule, in your own space using official (ISC)² pre-recorded videos and courseware.

Your training and exam bundle will include:

  • 180-day access to course content
  • Official (ISC)² Student Training Guide (electronic, 1-year access)
  • More than 300 prerecorded videos
  • Interactive flash cards
  • Case studies and real-world scenarios
  • Knowledge checks after each domain plus post-course assessment questions
  • Exam voucher (valid for 12 months)

There’s no need to wait for the New Year… Get a head start today!

Whitepapers: Stronger cybersecurity starts with CISSP

Emerging technologies have created amazing new organizational capabilities. But they also bring new complexities, interconnections and vulnerability points. The need for strong cybersecurity is strong. Your defenses need to be stronger.

The Role of (ISC)²

(ISC)² is the world’s largest nonprofit membership association of certified cybersecurity professionals. More than 150,000 members strong, we help train, certify and educate the front lines – the professionals organizations count on to protect their critical assets and mitigate cyber risks.

CISSP – The World’s Premier Cybersecurity Certification

You may know (ISC)² for our CISSP credential – five letters that inspire confidence for businesses around the globe. Like all (ISC)² certifications, the CISSP is accredited and vendor-neutral. It stands out as the premier credential for information security leaders, identifying those who possess the advanced skills required to design, implement and manage a best-in-class cybersecurity program.

Our latest white papers examine the expanding threat landscape and how cybersecurity can drive business growth with the right experts in place. Download the resource that speaks to you as a professional or team leader ready to secure the future.

CISSP CISSP

Views and misconceptions of cybersecurity as a career path

Attitudes toward cybersecurity roles are now overwhelmingly positive, although most people still don’t view the field as a career fit for themselves, even as 29% of respondents say they are considering a career change, an (ISC)² study reveals.

cybersecurity career path

The findings indicate a shift in popular opinion about cybersecurity professionals, who have traditionally been viewed through a negative lens as roadblocks to business efficiency.

In fact, 71% of the survey’s respondents, all of whom do not work in the industry, say they consider cybersecurity professionals to be smart and technically skilled, while 51% also described them as “the good guys fighting cybercrime.” 69% of respondents replied that cybersecurity seems like a good career path, just not one they see themselves pursuing.

Obstacles to attracting additional information security workers

The cybersecurity industry is made up of 2.8 million skilled professionals, but research indicates that there is a global shortage of 4.07 million, which requires a massive recruitment effort of new entrants to the field who may not have considered the career before. The study reveals that the obstacles to attracting these additional workers may be two-fold.

First, 77% of respondents said cybersecurity was never offered as part of their formal educational curriculum at any point, making it difficult for most people to gain a solid understanding of what roles in the industry actually entail and how to pursue the career.

The second factor that may be limiting interest is a pervasive belief that such roles would require very advanced skills development that would require time and resources to achieve.

“What these results show us is that while it’s becoming even more highly-respected, the cybersecurity profession is still misunderstood by many, and that’s counterproductive to encouraging more people to pursue this rewarding career,” said Wesley Simpson, COO of (ISC)².

“The reality of the situation, and what we need to do a better job of publicizing, is that a truly effective cybersecurity workforce requires a broad range of professionals who bring different skillsets to their teams.

“While technical skills are vital for many roles, we also need individuals with varied backgrounds in areas including communications, risk management, legal, regulatory compliance, process development and more, to bring a well-rounded perspective to cyber defense.”

cybersecurity career path

Cybersecurity as a career path: Key findings

  • Conducted during a time of record unemployment amidst the COVID-19 pandemic, the study found that job stability is now the most valued characteristic in a career (61% of respondents), followed by ones that offer a “flexible work environment” (57%) and only then, “earning potential” (56%).
  • In the absence of formal cybersecurity education, perceptions about the industry and the professionals in it are formed primarily through portrayals in TV shows and movies (37% of respondents) or by news coverage of security incidents (31%).
  • 61% of respondents said they believe they would either need to go back to school (26%), earn a certification (22%) or teach themselves new skills (13%) in order to pursue a career in cybersecurity. 32% of respondents said they believe too much technical knowledge or training would be required.
  • Generation Z (Zoomers) were the least likely demographic group to cast cybersecurity professionals in a positive light. Just 58% view cybersecurity professionals as smart and technically skilled, as opposed to 78% of Baby Boomers. And only 34% of Zoomers consider them the “good guys, fighting cybercrime,” as opposed to 60% of Boomers.

Aiming for a career in cybersecurity? Now is the time to pick up new skills

The COVID-19 pandemic took most of us by surprise. Widespread shelter-in-place mandates changed how we work (and whether we can work), play, rest, shop, communicate and learn.

career cybersecurity

It changed things for businesses as well. Some were not ready to meet the challenge and closed up shop, many others were forced to hastily start or speed up their company’s existing digital transformation efforts and prepare for the majority of their workforce to be working from home – something that seemed impossible (or simply very, very unlikely) just months before.

Time for change

In times of upheaval, it becomes easier to imagine and enact change. Unfortunately, the speed at which all these changes happened has meant that cybersecurity has become less important than productivity (meaning: even less important than it was before).

But this downgrade won’t and can’t last long. With cyber attackers increasingly taking advantage of the many new attack surfaces – unsecured devices, databases, cloud assets, remote access and other accounts – organizations are now furiously trying to close as many security holes as soon as possible.

Employed cybersecurity professionals have been having a tough time during the last few months, trying to keep company assets and networks out of the hands of attackers while having to suddenly support more remote workers that ever before.

The required security measures are known and advice for achieving remote work security is easy to get, but implementing it all takes time and effort. Even before the advent of COVID-19, organizations had trouble filling all the cybersecurity positions they opened – and their needs have surely intensified in the last few months.

Gunning for a career in cybersecurity

Cybersecurity professionals and other technology professionals are using eLearning and online trainings to pick up new skills, but as the demand for cybersecurity personnel increases and the availability of paid positions widens (when in many other economic sectors is dwindling), many tech-savvy individuals are wondering: “Do I have what it takes to enter and thrive in the cybersecurity arena?”

A recent Skillsoft report says that networking and operating systems, security and programming training are in the highest demand among technology and developer professionals, and that security certification prep courses are up by 58 percent YoY.

While people already working in IT definitely have a leg up on other aspiring candidates since every role within IT has a cybersecurity aspect, certifications such as the (ISC)² Systems Security Certified Practitioner (SSCP) can help with cybersecurity knowledge acquisition and demonstrate the person’s suitability for entering the cybersecurity field.

But even recent college graduates without a deep technical background and military veterans can have a bright future in cybersecurity – if they know how to go about breaking into the field. The tools are there for those who want to use them.

(ISC)² 2020 Security Congress to feature nearly 50 hours of expert-led sessions

(ISC)² revealed the expert-led breakout session agenda for its 10th annual Security Congress, which will take place virtually November 16-18.

isc2 2020 Security Congress keynotes

The renowned three-day conference, focused on industry discussion and continuing education for security professionals of all levels, will feature three engaging keynotes from industry luminaries Bruce Schneier, Graham Cluley and Juliette Kayyem, as part of a program filled with 45 carefully selected sessions. Early Bird registration is available through September 30. Members can earn more than 45 CPE credits by attending.

Last year’s event in Orlando drew more than 2,500 attendees, and this year’s shift to a virtual conference – in combination with drastically-reduced pricing – creates unprecedented flexibility, enabling more cybersecurity professionals than ever before to access world-class expertise from presenters around the globe. All-Access Pass attendees will be able to choose from up to five sessions at any given time slot throughout the three-day event and will have exclusive access to all recorded sessions for up to one year after Security Congress concludes.

“We’re excited about the high standard of quality this year’s group of speakers will deliver and we think this event rivals any other in the cybersecurity community this year, period,” said Wesley Simpson, COO, (ISC)².

“During a year like 2020, when practitioners are not only working hard to protect their organizations from increased opportunistic threats, but are needing to seek out alternative methods for professional development, we’re proud to be able to offer such a robust set of learning opportunities to our members and the industry at large. The flexibility of the online format also enables them to audit sessions live as well as over the coming months as they focus on continuing professional education.”

The topics covered in this year’s program represent the subject areas that the cybersecurity community is most interested in, both in terms of facing current challenges and preparing for future technology trends. A mix of individual speakers, duos and panels will provide professional development sessions on a wide array of both technical and soft skills topics, including: Cloud Security, DevSecOps, GRC, Critical Thinking, Professional & Career Development, Privacy, Human Factors, Security Architecture/Engineering, ID/Access Management, Mobile Security, Incident Response, Investigations, Application Security/Software Assurance, Security Automation, ICS/Critical Infrastructure, workforce challenges and more.

In addition to the sessions and keynote addresses, the event will also feature:

  • Security Congress Kick-off – the (ISC)² Leadership Team will kick-off the virtual conference with introductions and expectations for the week, along with a brief video presentation.
  • Town Hall – a panel consisting of members from (ISC)2 management and the (ISC)2 Board of Directors will answer questions regarding membership, certifications, information security and more. This meeting is open to all attendees.
  • Career Center – this will include career center presentations, career coaching, resume reviews and mentoring sessions.
  • Networking Events – cybersecurity attendees, speakers and exhibitors will be able to meet virtually to cultivate meaningful connections, engage in real-time communication and participate in comprehensive subject matter discussions.

(ISC)² research: Why cybersecurity is a great choice for an exciting career

Cybersecurity is becoming increasingly important as more businesses collect, share, and use more data as part of their practice. But you do not need to be a cybersecurity expert to understand that this is a booming industry. As breach after breach hits the headlines, it is clear to everyone that organizations need more professionals focused on cybersecurity.

How You Can Become a Cybersecurity Hero

Organizations from all industries and sectors are all seeking skilled security staff. Every role within IT has a cybersecurity aspect. Focusing on security as your primary role opens up a world of options.

Whether you are looking to work your way towards a CISO role or to work with brand new technologies, the only thing that will restrict your growth is your desire.

Hiring managers want to see a token of proof of your practical experience. Having a security certification can be one of the most crucial qualifications when applying for a cybersecurity position.

(ISC)² is the leader in security certifications and is acknowledged by companies worldwide. And the best way to start building your career in cybersecurity is by earning the (ISC)² Systems Security Certified Practitioner (SSCP) certification.

Earning SSCP certification helps you build your self-confidence and showcase a solid cybersecurity foundation, strong and versatile skillset, which will become a valuable asset to anyone seeking to make an impact and advance a career in the cybersecurity sector.

Download our white paper, How You Can Become a Cybersecurity Hero, to learn more.

Expand your cloud expertise: Discount on CCSP training

Challenging times call for exceptional measures. And (ISC)² is committed to helping you keep your Certified Cloud Security Professional (CCSP) certification goals on track this year. (ISC)² is bringing back special pricing on flexible CCSP exam prep so you can keep moving forward with full freedom and confidence.

Discount on CCSP training

For a limited time, take advantage of Official CCSP Online Self-Paced Training at a discounted price of just $495 – normally $749.

Now’s the time to advance your career with the most highly regarded cloud security credential.

CCSP Online Self-Paced Training includes:

  • 180-day access to course content
  • Official (ISC)² Student Training Guide (electronic)
  • More than 100 prerecorded videos
  • Interactive flash cards
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions

2020 (ISC)2 Global Achievement Awards: Celebrating achievements in cybersecurity

(ISC)2 announced the list of honourees for its 2020 (ISC)2 Global Achievement Awards, which recognize and celebrate the most outstanding annual and lifetime achievements in the field of cybersecurity. “While we won’t have the opportunity to honour them in person this year at our (ISC)2 Security Congress, we would like to recognize and celebrate the outstanding work that these professionals from around the world have done to inspire a safe and secure cyber world,” said … More

The post 2020 (ISC)2 Global Achievement Awards: Celebrating achievements in cybersecurity appeared first on Help Net Security.

Discounted CISSP exam prep pricing is back

Challenging times call for exceptional measures, and (ISC)² is committed to helping you keep your CISSP certification goals on track this year. (ISC)² is bringing back special pricing on flexible CISSP exam prep so you can keep moving forward with full freedom and confidence.

discounted CISSP exam prep

For a limited time, take advantage of Official CISSP Online Self-Paced Training at a discounted price of just $561 – normally $849.

Now’s the time to advance your career with the most highly regarded cybersecurity credential.

CISSP Online Self-Paced Training includes:

  • 180-day access to course content
  • Official (ISC)² Student Training Guide (electronic)
  • More than 300 prerecorded videos
  • Interactive flash cards
  • Case studies and real-world scenarios
  • Knowledge checks after each domain
  • Post-course assessment questions

Save now!

(ISC)² signs up Global Knowledge as official training provider

(ISC)² announced that Global Knowledge has been added as an Official Training Provider for the UK, further expanding the range of leading training organizations offering (ISC)² certification preparation training in one of the world’s biggest markets for IT security professionals.

Global Knowledge will be providing exam preparation training for the full range of (ISC)² certifications to its UK customer base, delivering pathways to new sectors and audiences, increasing the size of the UK channel presence for (ISC)2 and responding to increased demand and a growing supply shortage of certified professionals in the workforce.

“Expanding the channel for (ISC)² certification training in the region to provide more choice to learners is of paramount importance at this critical time for both the UK and the global economy,” said Deshini Newman, managing director EMEA at (ISC)².

“The world of work has changed in response to the challenges presented by the global pandemic. It has made cybersecurity skills all the more critical as organizations tackle the cyber challenge on multiple fronts – dealing with external and internal cyber threats, maintaining regulatory compliance amid evolving regulation, following best practices and securing an increasingly distributed workforce. We welcome Global Knowledge as a UK partner in delivering our shared mission and supporting the development and learning journey of cybersecurity professionals.”

As an Official Training Provider in the UK, Global Knowledge customers are assured that they are being taught by verified security experts, who are authorized to deliver the most relevant, up-to-date course content developed by (ISC)².

“Global Knowledge welcomes the opportunity to be a (ISC)² Official Training Provider in the UK,” said Glyn Roberts, Managing Director at Global Knowledge UK. “For over two decades, Global Knowledge has provided the quality IT and business skills training that organizations of all sizes require to succeed in an ever-changing business world and cybersecurity landscape. This new partnership with (ISC)² will support our goal to continuously grow and innovate, ensuring our mutual customers always obtain the most relevant learning experience and content possible.”

There’s CISSP training, then there’s official CISSP training

The CISSP is the most highly regarded certification in the cybersecurity industry, so it isn’t surprising that countless training companies offer CISSP exam prep. But you wouldn’t trust your personal fitness to just anyone wearing a track suit. The same holds true with certification exam prep.

When enlisting a training provider, it pays to know who’s really helping you prepare.

[embedded content]

Put your trust in an (ISC)² Official Training Provider for your CISSP exam prep.

(ISC)² partners with leading training providers throughout the world, so you have convenient access to official training that meets your needs. Our training providers have gone through a meticulous vetting process, and are trusted training resources for individuals, organizations, and government agencies. All instructors are verified security experts, authorized to deliver the most relevant, up-to-date course content developed by (ISC)².

Protect your training investment.

(ISC)² Security Congress 2020 transforms into virtual conference

The 10th annual (ISC)² Security Congress will take place as a virtual conference in recognition of the health concerns and many corporate travel restrictions this year associated with the COVID-19 pandemic.

isc2 security congress 2020

The renowned three-day conference, focused on industry discussion and continuing education for security professionals of all levels, will be held online from November 16-18.

Recognizing that many training budgets have been reallocated due to the economic impact of COVID-19, (ISC)² Security Congress 2020 is offering a heavily discounted Early Bird pricing to (ISC)² members and associates of just $295 for an All-Access pass. Non-members will also benefit with Early Bird pricing of $395. Registration details will be announced when open. The Early Bird window will close on September 30.

While last year’s event in Orlando drew more than 2,500 attendees, the flexibility of a virtual conference will enable more cybersecurity professionals than ever before to access world-class expertise shared through upwards of 40 sessions by presenters from around the globe.

Professional development sessions will provide actionable insights into a wide array of both technical and soft skills topics including Cloud Security, DevSecOps, Governance, Risk and Compliance (GRC), Career Development, Privacy, workforce challenges and more.

(ISC)² members will also have the opportunity to earn as many as 45 continuing professional education (CPE) credits – more than any other previous Security Congress – by attending live and on-demand sessions. Presentations will be recorded and available on-demand after the conference.

“This year is bittersweet in a lot of ways, and although we’re disappointed that we won’t be able to see our colleagues and members from all around the world in person, we’re excited to embrace this new online format for Security Congress,” said Wesley Simpson, COO, (ISC)². “All of this expert discussion, insight and peer-to-peer engagement is now more accessible than ever before to professionals around the world. As a virtual event, Security Congress will bring the global cybersecurity community together as we close out one of the most challenging years our profession has ever faced.”

More details on the full program agenda will be announced in the coming weeks.

Tell us what you think: (ISC)² Cybersecurity Workforce Survey

(ISC)², the world’s largest association of certified cybersecurity professionals, is launching its annual Cybersecurity Workforce Survey, and they want to hear from you.

Cybersecurity Workforce Survey

This study is shared with government agencies and security policy makers around the world. It is referenced in countless media reports and used by organizations of all as a benchmark for security hiring strategies.

You can help shape the conversation and build awareness for the issues that matter most to security professionals like you.

The survey closes Sunday, June 14th, 2020.

Save almost 50% on CISSP training: Offer ends June 15

With the globally recognized (ISC)² CISSP certification, you prove your cybersecurity expertise to the world. Save nearly 50% on CISSP Online Instructor-Led Training when bundled with your exam. Now thru June 15, 2020, you can purchase both for just $1,995.

Promotional pricing is $1,296 for the course (normally $2,495!) plus $699 for the certification exam. Use the coupon code EXAMBUNDLECISSP at checkout.

Save almost 50% on CISSP training

The training & exam bundle includes:

  • Online Instructor-Led Training course completed over 8 weeks or 5 consecutive days
  • Exam voucher (valid for 12 months)
  • Official (ISC)² Student Training Guide (electronic)
  • Direct access to an (ISC)² Authorized Instructor
  • Interactive flash cards
  • Post-course assessment
  • Continued access to course content for 6 months, including recorded sessions
  • Access to official training guide for 12 months

In addition to our CISSP training and exam bundle, we’re offering special pricing on our Certified Cloud Security Professional (CCSP) and Systems Security Certified Practitioner (SSCP) certification training bundles.

CCSP Training/Exam Bundle

Save almost $1,000 on CCSP training. Training course is $1,296 (normally $2,295) plus $599 for the certification exam. View the CCSP training schedule and choose your dates.

SSCP Training/Exam Bundle

Save almost $600 on SSCP training. Training course is $1,046 (normally $1,645) plus $249 for the certification exam. View the SSCP training schedule and choose your dates.

(ISC)² CISSP certification recognized as equal to a Masters by UK NARIC

(ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – announced that the Certified Information Systems Security Professional (CISSP) certification has been found comparable to Level 7 of the Regulated Qualifications Framework (RQF) in the UK, denoting that the certification is comparable to Masters degree standard.

isc2 cissp masters

This further validates the achievement of CISSP-certified professionals in their ongoing career and qualification progression and supports educational institutions looking to determine weighting of a relevant certification to award course credits. It follows the American Council on Education’s College Credit Recommendation Service (ACE CREDIT) recognizing six (ISC)² certifications as eligible for college credit.

The benchmarking of the CISSP was conducted by UK NARIC, the UK’s designated national agency responsible for providing information and expert guidance on academic, vocational and professional qualifications from across the world.

UK NARIC conducted an in-depth independent benchmarking study of the CISSP certification, using its well-established methodology for credential evaluation. This involved reviewing core qualification components as well as a comparative analysis of the skills assessed during a candidate’s computer adaptive test (CAT) examination to the RQF.

The analysis saw UK NARIC conclude the qualification assessed knowledge and skills comparable to the RQF Level 7 standard, with clear emphasis on assessing specialized cybersecurity knowledge, understanding and application of skills including: organizational problem solving and decision making, awareness and correct use of industrial standards, policy and best practice, along with understanding and appropriate use of methodologies, techniques and training in relation to cybersecurity.

“Recognizing the CISSP as comparable to Masters level qualifications further underlines the robust educational and operational value of the certification within Europe,” said Deshini Newman, managing director EMEA at (ISC)².

“It will support our members in their career progression as they embark on opportunities both within their own organizations and externally when applying for roles with degree entry criteria.”

The RQF is a framework developed by the UK Government to describe the demands in different qualifications across an eight-level scale. The RQF can be used to help understand how qualifications relate to each other.

As the levels of the RQF have also been referenced to the eight levels on the European Qualifications Framework (EQF), the RQF and EQF can help employers understand and compare qualifications awarded in different countries, allowing for portability or transferability across the region.

UK NARIC’s independent benchmarking of the CISSP to the RQF enables certification holders to understand how their qualification compares in the context of the UK education system, and to the RQF.

UK NARIC’s recognition of the certification is effective immediately and extends to all members in good standing that hold the CISSP.

(ISC)2 Professional Development Institute: Timely and continuing education opportunities

In this Help Net Security podcast, Mirtha Collin, Director of Education for (ISC)², talks about the Professional Development Institute (PDI), a valuable resource for continuing education opportunities to help keep your skills sharp and curiosity piqued.

Each course is designed with input from leading industry experts and based on proven learning techniques. And best of all, these courses are free to members and count for CPEs.

Professional Development Institute

Here’s a transcript of the podcast for your convenience.

Hi, my name is Mirtha Collin and I’m the Director of Education for (ISC)². I’m happy to have the opportunity to join this Help Net Security podcast today to talk to you a little bit about the Professional Development Institute, a major initiative for continuing cybersecurity education that we’re really excited about.

Just to quickly set the table for those listening who may not be aware, (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the Certified Information Systems Security Professional certification – or CISSP for short – (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 150,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry.

The Education Department at (ISC)² develops and delivers training materials and courses that help the cybersecurity community achieve certification and also provides learning opportunities to keep their skills sharp and maintain their certifications. We celebrated our 30th anniversary last year as advocates for the cybersecurity profession, and what I’d like to talk to you about today – PDI – has been a huge step forward for our association.

The Professional Development Institute (which we’ve shortened to “PDI” for obvious reasons) was launched by (ISC)² in February 2019 in an effort to deliver increased member value and keep our members and associates, as well as other industry participants, up to speed on the latest emerging trends in cybersecurity.

A state-of-the-art video production studio was also built in our headquarters to produce engaging high-production content for courses authored by leading cybersecurity professionals.

Let’s back up a minute though. It’s important to understand the lay of the land in cybersecurity education, and why we thought making a major investment in continuing education was something worth doing.

When it comes to certification, (ISC)² exams – as well as the exams of various accrediting bodies in the industry – probe our members on a wide array of knowledge domains to prove that they have the practical skills it takes to manage security systems. The exams focus on real-world examples that only experienced professionals will be familiar with. So, it’s a great system for separating the really knowledgeable pros from those who still need more time in the trenches.

However, cybersecurity is one of the more dynamic fields in the world, and the landscape and technological changes come frequently. What may have been applicable two years ago may no longer be of critical importance, and new challenges and solutions spring up on an annual and sometimes monthly basis.

While (ISC)² routinely updates its exams to make sure the most relevant topics are being covered, certification updates take time to build and process, and don’t happen each and every year. And then there are the “soft skills” aspects of the job that aren’t conducive to testing but are useful to develop, such as how to present to your executive leadership or how to build a high-performing team.

This can create certain gaps in curriculum when rapidly emerging trends develop in a short window of time. And those who became certified several years ago need to keep their skills sharp too, even if they don’t have an exam coming up anytime soon.

This is where PDI comes in and why we think it’s such a revolutionary step in education. This program has resulted in the development of a robust catalogue of continuing professional education courses and the ability to continuously refresh that catalogue based upon clearly articulated member need. So, in other words, as new topics and trends bubble to the surface, we have the ability to quickly design courses to address them and give cybersecurity professionals the ammo they need to be able to understand the basic concepts, at a minimum.

Subject matter experts guide the development of the course material and are supported by a team of highly qualified adult education experts and creative professionals.

We also recognized that cybersecurity professionals have very busy jobs, and don’t normally have a lot of free time to attend classes, which is why we knew that we had to build an on-demand library of courses that they could access whenever they want, at the push of a button from wherever they are in the world.

Given the nature of the different trends in cybersecurity, this is not a one-size-fits-all approach to education either. Some topics understandably require more of a time investment than others to fully grasp. This is why the PDI portfolio includes three formats of courses: Immersive courses are designed to provide an in-depth course on a single topic; Labs are hands-on courses designed to allow students to practice specific technical skills; and Express Learning courses are typically 1-2 hours in length – some are even doable during a lunch break – and they’re designed especially to quickly address emerging industry topics or trends or introduce the learner to a topic.

I think what we’re most proud of so far, in addition to the quality, is the broad range of topic areas we’ve addressed through PDI, which include working with the Internet of Things, industrial control systems, containers, privacy regulations, cyber insurance, mobile security, AI, and the NIST Cybersecurity Framework, as well as building skills such as penetration testing, malware analysis, interpersonal skills, cloud basics, communication with the C-suite, responding to a breach, and many more.

We tailor these courses for those learners with a basic to intermediate knowledge of security concepts, so they can be informative and challenging to almost any learner. And the topics are also designed to be universal so that they apply to what anyone around the world is facing.

In addition to helping learners stay updated on the latest trends, PDI also offers an opportunity for members and associates of (ISC)² to obtain continuing professional education – or CPE – credits to keep their certifications in good standing at no additional cost. More than 100 CPEs can be earned by completing all the courses in the PDI portfolio.

Because of this, all courses include a final assessment. Other learning activities vary by course type and may include instructional videos, video interviews, interactive presentations, knowledge checks, independent readings, webinar excerpts and real-world scenarios.

This was a major undertaking that the entire association got behind, and the program now contains 35 courses, with a total educational value of more than $10,000 per person available.

It’s been so popular that more than 20,000 unique members had enrolled in a PDI course by the end of December last year, which means we delivered more than $7.9 million in equivalent course value within the first 10 months of the program being available.

I should mention that as far as we know, this is the only program of its kind in the industry, where members can get all of this value at no additional cost. Additionally, we are making our courses available to non-members at deeply discounted prices as a way to encourage continuous learning during the COVID-19 crisis. For more information about this, please go to isc2.org/development.

The feedback we’ve received from our members so far has been outstanding and they’re really engaging with the materials and recommending courses to their friends and colleagues, as well as submitting ideas for future courses to [email protected].

Thanks for listening today and thanks to RSA Conference and Help Net Security for giving us an opportunity to spread the message about PDI. You’re all welcome to come check out the content.

If you’d like to explore the PDI portfolio, you can either access My Courses if you’re a member or associate of (ISC)² or simply visit isc2.org/development if you’re not yet a member.