Top Security Tips from (ISC)2 Congress

October is the cybersecurity awareness month. Since 2004, the POTUS and the US Congress declared October to be the cybersecurity awareness month, dedicated to the public and private sectors working together to raise awareness about the importance of cybersecurity. October 2024 marks the 21st cybersecurity month to be celebrated. Since 2023, “Secure Our World” has been the enduring cybersecurity awareness month theme, recognizing the importance of taking daily actions for risk reduction in the online space and when being connected to devices.

In line with this, the ISC2 Security Congress 2024 was held in Las Vegas, aiming to discuss industry challenges and best practices, including strategies to reduce business risks as well as minimize uncertainty in some operations. Of these one presentation by Ralph Villanueva, the IT Security and Compliance Analyst at the Hilton Grand Vacations was particularly interesting. Taking inspiration from the Seven Habits of Highly Effective People, the presentation outlined the Seven Habits of Effective IT Security and Compliance Professionals. These tips can be a guiding light for cybersecurity professionals around the world.

The Seven Habits of Effective Security Professionals

1. Understanding the enterprise’s business mission, vision, and objectives
   Don’t just focus on your role in the company alone. Instead, widen your horizons, look at the bigger picture, and focus on getting everyone on board to work towards one common mission and vision.
2. Continuously studying the internal & external IT environment and risks
   The internal and external IT environments are constantly evolving as are the risks. IT security and compliance professionals need to stay abreast of these evolving environments and risks faced by the enterprise so that appropriate measures can be taken to keep up with them as well as combat them.
3. Know the key players in the enterprise
   For IT security and compliance professionals, getting things done on time is critical. Any time wasted on say getting approvals or dealing with red tape can prove to be unimaginably expensive. This is why they need to know whom to go for what requirements, for budget approvals, and for which request. It is not about playing politics but getting things done most quickly and efficiently.
4. Know your strengths and weaknesses
   To be effective in your role as IT security and compliance professionals, you need to know what you can accomplish yourself, what your team can accomplish by itself, and when as well as for which tasks you need to seek help from others. Make an inventory of your strengths and weaknesses, and use it to define your or your team’s scope of improvement as well.
5. Learn how to communicate technical requirements of compliance
   Not everybody would be able to understand the technical requirements of compliance like you would. It is your expertise, not everybody else’s. If you want to accomplish goals and finish tasks properly, you would need to explain why a particular requirement or task is important, in a language that the other person can understand. So, help coworkers and stakeholders across the business understand why the requirements are important.
6. Face the realities of the job
   Let’s face it, cybersecurity is not the number one goal for most organizations. It often may not even be second or third. Additionally, not everybody would be open to the additional hassles of the measures being taken to secure systems, like multi-factor authentication, firewalls, disabled USB ports, etc. Stakeholders often look unfairly at security policies and data provenance policies, because for them it is like a chore or a hassle, but as an IT security professional you look at it differently. Don’t lose your cool and instead try helping them understand why it is important.
7. Be proactive and positive
   As an IT security and compliance professional, you don’t have to always be the messenger of doom. Understand that your role has the potential to make a real difference for the enterprise. Being proactive is indispensable for your role because keeping up with threats and risks calls for it. However, being positive is also essential. Keeping a positive attitude will help you get work done quicker and more effectively, while also having the enterprise be more open to listening to you and your ideas.

Embracing these seven habits can be challenging, especially due to the siloed nature of enterprises. But breaking through those barriers and looking at the bigger picture can work out for everybody’s benefit.

These seven habits can be transformative for your career as an IT security and compliance professional. Apart from that, validating your skills and knowledge with a CISSP certificate. A CISSP certificate can help you stand out among your peers while also allowing you to be a part of an active global community of the best information security professionals.

Get CISSP certification with Cognixia

Once you have employees with the CISSP certification, they will demonstrate their skills to benefit your business with –

• Complete understanding of how to secure or protect confidential business data from hackers.
• Analyze risks and be aware of the common hacker strategies that can affect your business. They can determine the weak points of the organizations and work on them.
• Aptitude in improving not only the customer but also employee privacy ensuring all the information stays with the business only.

Get (ISC)2 CISSP Training & Certification and increase your business visibility as well as credibility in the cybersecurity market. Cognixia is the world’s leading digital talent transformation company that offers a wide range of courses, including CISSP training online with a comprehensive CISSP study guide.

Here’s what you will cover in this course –

• Learn and apply the concepts of security & risk management
• Gain an understanding of security engineering to protect information by exploring and examining security models and frameworks
• Learn how to identify, categorize, & prioritize assets
• Examination and security network architecture and its components
• Learn how to identify & control access to protect assets
• Designing and conducting security assessment strategies, logging, & monitoring activities
• Developing a recovery strategy and maintaining operational resilience
• Learn how to secure the software development cycle

Prerequisites

• Candidates for the CISSP certification should have at least 5 years of total paid work experience in two or more of the 8 CISSP CBK domains. Any extra certificate from the (ISC)2 authorized list, a four-year college degree, or a regional equivalent would qualify as one year of the necessary experience.
• If a candidate doesn’t have enough experience to qualify as a CISSP, they can still become an Associate of (ISC)2 by completing the CISSP test. After that, they will have 6 years to acquire the 5 years of necessary experience.