cancel
Showing results for 
Search instead for 
Did you mean: 

Inside (ISC)² with Tony Vizza

cancel
Showing results for 
Search instead for 
Did you mean: 

Inside (ISC)² with Tony Vizza

Re: Inside (ISC)² with Tony Vizza

Community Manager

 

This is your chance to get Inside (ISC)² as leaders from our organization will be swinging by this Community to answer your questions. Joining us this month is Tony Vizza, the Cybersecurity Advocate for the Asia-Pacific region. 

tony.PNGTony is responsible for advancing the cybersecurity profession in the APAC region. To give you a little more information, Tony has been involved in the information technology and information security fields for more than 25 years. His information security credentials include CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Controls), CISM (Certified Information Security Manager) and he is a certified ISO/IEC 27001 Lead Auditor. He has also taught and mentored young and aspiring information security students through Victoria University and TAFE New South Wales (NSW) in association with Infoxchange.

Tony will be live, here on the Community, on Wednesday, September 26th from 12:30pm to 1:30pm GMT +10 to answer any of your questions. 


Feel free to leave your questions or comments now, and Tony will be able to answer them when he is live on the Community. 

9 Comments
Newcomer II

What are your recommendations for a Senior level course in Computer Science in Computer and Network Security.  I am pulling together a new course and would like to hear your recommendations.

Newcomer II

I am looking forward to answering all your questions!

Newcomer II

HI Everyone, standing by to answer all your questions! 

Newcomer II

@Daniel-Nash1

 

If you are looking at a Bachelors degree or perhaps a Masters degree, I would suggest that a degree that is aligned in terms of content with one that features the eight domains of the CISSP (https://www.isc2.org/Certifications/CISSP) is a good one to work towards.

 

I graduated with a Computer Science degree almost 20 years ago and while my degree was worthwhile and it taught me many things, I found that when I started to apply for work (at the time) there was a far greater demand for people with industry certifications (at the time the MCSE and CCNA were at the top of the list!). Hence, I feel that if students knew that their degree was also an excellent pathway into an industry certification such as the CISSP, it would offer additional value to those students knowing that they graduate both with their degree AND the knowledge to hopefully pass the CISSP exam and become an Associate, and in time. once they have attained the pre-requisite industry experience, become a fully fledged CISSP. 

 

Hope this helps!

Community Manager

Thanks for taking some time to answer questions on the Community, Tony!  I would love to know what is your biggest priority when promoting cybersecurity in the APAC region.  

 

Thanks! 

Newcomer II

@SamanthaO_isc2 

 

Thank you for the question. 

 

In my view, the biggest priority for cyber security in the APAC region is to help organisations understand that cyber risk and breaches are not just things that happen to others. They can and almost will certainly happen to your organisation at some point in time.

 

Being cognisant of this, in my view, the priority is to address the cultural aspects of cyber security through:

 

- A focus on safety and ensuring that organisations treat cyber security the same way they treat other risks. 

- Better education on information security matters and demystifying the subject for organisation decision makers. 

- Better understanding of the business, legal, compliance, regulatory and reputation implications of a cyber breach. 

- Forward planning around incident response, disaster recovery and mitigation of a breach. 

- Moving away from the reactive management techniques around user awareness to positive and proactive leadership techniques. 

 

I hope this answers your question Samantha!

Community Manager

That is it for today. A big thank you to @TonyVizza for taking some time to answer questions in the Community. If you have any further questions for Tony, please feel free to leave a comment here for him. 

 

 

Thanks,

 

Samantha

Contributor I

Hello Tony - based on the recent Global Information Security Workforce Study (GISWS) http://blog.isc2.org/isc2_blog/2017/02/cybersecurity-workforce-gap.html, there is an expected 1.8 million shortage in InfoSec professionals. 

 

What ideas or actions do you have that will help advocate and encourage the need for more people in our industry?

 

Thanks!

Newcomer II

@James

 

Thank you for the great question.

 

Its an interesting dilemma - in my view, not only will there be a shortfall in information security professionals as the GISWS study illustrates, but also, a shortfall in suitably qualified and skilled professionals. There are a multitude of reasons for this, and it is worth exploring each of these in some detail so that we can understand why this is the case and how to tackle the problem:

 

  1. To this day, the perception that "hackers" are nerdy teenage boys who live in their parents basement continues to endure (when nothing could be further from the truth!). This stereotype endures and serves as a significant roadblock for many (especially women) to join the industry. 
  2. Many organisations are still to appreciate the fact that information security is a science unto itself and related, but totally different, to information technology. Many rely on their generalist IT support staff to secure their environments, often resulting in issues. These 
  3. Many organisations still treat information security as a niche issue and have underestimated their risk exposure. This, however, is slowly changing. 
  4. There is an increasing focus on regulatory bodies to ensure that information breaches are viewed in the context of privacy breaches and legislation to manage these issues is either non existent, at proposal stage only or very new. As such, we are still waiting to see governance, risk and compliance initiatives become "mainstream". 

How do we solve this?

  1. Work on our image. Information security is more than the "CSI-Cyber" typecasting that exists of cybersecurity people, and its more than just pen-testing. Its risk analysis. Its auditing. Its security engineering. Its secure application development. Its education and training. Its business process analysis. Its business continuity planning. Its a myriad of areas encompassing all industries. By changing the perception, we welcome more diverse people and with that, more people overall. 
  2. Look at industries such as traditional IT, insurance, business and legal and work with people who are seeking further career enhancement in an area related to what their core skill set is but seeking to capitalise in a booming area. Within IT for example, working with people who may have become unemployed due to cloud / digital transformation strategies. These people have a depth of related knowledge that would serve them well in an infosec space. 
  3. In an advocacy sense, working across industry sectors to educate as to the business criticality of information security in this interconnected world we live in today. 
  4. Work with school students to highlight the variety of jobs that can exist in information security and work with career guidance counsellors to ensure they understand the depth of the industry and the many career options available, and of course highlight the excellent earning potential such work can bring. 
  5. Work with university students and students in other tertiary institutions to ensure that what they are learning from a theoretical perspective is matched in a practical sense and give them mentors and role models in industry to learn from and aspire to be. 

 

I hope this helps answer your question.