Yes, they are in here, as the real name of a person is attached to the screen name / avatar and can be found easily by clicking the screen name. As I'm a EU resident and (ISC)² has a European HQ my personal data should be handled according to the rules in the GDPR, so in fact (ISC)² needs my explicit permission to publish my personal data. I can't remember having given that to (ISC)², but that's probably somewhere in the T&C. But it may become an issue if the GDPR will be enforced (May 25th 2018).
I wa taknking more generally about screenames and avatars, just in terms of proving you could work back.
But even if isc2 didn’t have any EU HQ they’ve still collected you’re personal data via whatever mechanism - limited exploit purpose with consent is needed to comply. That last box might need a look.
No we’re just talking about the privacy implications of screennames and a last point around if processing EU resident data subjects personal data - what if say a US company with no enrich in the EU that does a big old data slurp and starts processing that persononal data as if there is no tomorrow. Does GDPR have provision for this or not? Is there legal recourse through international courts? Does it go diplomatic, are trade restrictions deployed by the EU?
You asked: "what if say a US company with no enrich in the EU that does a big old data slurp and starts processing that persononal data as if there is no tomorrow"
Usual caveats apply; I'm not a lawyer and this should not be considered legal advice etc.
That being said: the EU explicitly does not allow processing of my personal data without permission. Yes, (ISC)² would be held responsible if that happened (they are seen as the data controller) and I could even hold the data processor (the staff that runs this board) responsible. It would then be up to them to sue (ISC)²: no more trying to blame each other while I sit here waiting. And no, is is not sufficient if there is something vaguely worded in the T&C to allow it - the EU laws are very explicit: this needs to be made clear to me in clear, understandable (I'd say: at least 15 pt size font ) wording.
I think that it would be wise - especially for (ISC)² - to ensure compliance with the GDPR ASAP. The GDPR will become effective on May 25th, 2018 and especially security related companies should ensure they have their act together before that date.
Yeah, I think ISC2 has that covered there was a live chat on this. Agreed on all fronts for requirements for collection, controllers.
However, let's say a company in a Third Country carries on allowing EU based Natural Persons to use their website for services, processes personal data, processes special categories of personal data, because - why not? Could they do so with impunity? What would be the ramifications?
Tinder could be seen as a possible test case for this:
Not sure if they have offices in the EU/presence there but folks certainly use the service.
I think you can target the following :
once you finish CISSP , you can have job trails and no need to wait to complete all certifications you mentioned.
2. Understanding on any cloud platform like AWS will be more helpful , you can plan for certification( AWS security engineer etc) in parallel.
3. Getting additional insight on Azure platform will give you more benefit , I recommend you to go through Microsoft University i.e https://mva.microsoft.com/ which is free platform to learn.
4. In Long term, you plan to groom as an Auditor after completion of CISA etc.
5. Initially you can try as SOC engineering and Cloud Security Engineer
6. Have a good understanding on Penetration and VAPT tools which will be very helpful to get the job rather waiting to complete too many certifications.
7. Explore more tools like opensource SIEM , alertlogic , threndmicro ,FIM etc