- achiver21
- Oct 8, 2021
- 2 min read
I started my Cybersecurity journey about a year ago. Honestly, I didn’t even know where to begin? Then I started to watch YouTube videos, listen to podcasts, and then start taking classes on my own to get certified in various aspects of cybersecurity. Through those classes and cyber seminars, I met a lot of individuals just like me either new to the cyber security field or have been in a field for many years and now finally started to work on their certifications like CISSP, CISA, CISM. But as I strike a conversation with them about the current situation in Cyberworld and started to think more strategically, I’ve kept asking myself literarily the million $$$$ question, where are we going wrong? Where did and are all the experts with so many certifications and guidelines to follow, when the companies get hacked, where are we dropping the ball? You don’t think all the Companies, Organizations, and Govt institutions that have been hacked and had some sort of defense mechanism in place?
Macy's, Microsoft, Nordstrom, Conoco Philips, T Mobile, FBI, NSA, CIA, Air Canada, AOL, Ashley Madison, Zoom, Facebook, Nintendo, Sony, Whisper, Discover and Mastercard, Adobe, Bank of America, Cox Communication, MGM, ADP, Embassy Cables, California Child support, Apple, Bulgarian Revenue, UK Driving Standards, Florida Dept of Juvenile Justice.
From:
NIST 800-53 – Mandatory for federal agencies (FISMA & Fedramp)
ISO 27001 – Cybersecurity control objectives
ISO 27002 – Cybersecurity control implementations
ISO 27701 – Privacy controls
ISO 31000 – Risk management programs
Or have had employed men/women who had 1 or more these certifications, like:
CISSP - Certified Information Systems Security Professional
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
Security + - CompTIA Security+ is an entry-level security certification
CEH – Certified Ethical Hacker
GIAC – Global Information Assurance Certification
SSCP – Systems Security Certified Practitioner
CASP+ - CompTIA Advanced Security Practitioner
GCIH – Certified Incident handler
OSCP – Offensive Security Certified Professional
FISMA – Federal Information Security Management
I think we’re making this more complicated than it already is. Writing more guidelines and keep coming up with new certifications while our castles are getting hacked is not a solution. It's high time we must re-evaluate our strategies to protect our Castles/ organizations for which we get paid to protect.