nThe doors opened at ISC2 Security Congress in Nashville, Tennessee thisnweek as ISC2 members, candidates and a variety of industry expertsnstarted the first of three days of sessions designed to inform, educate,nmotivate and inspire.n
nnDay one opened with a presentation from ISC2 CEO Clar Rosso, whonprovided a state of the profession update that was both encouraging andneye-opening. ISC2 announced that the combined membership community –nmembers, candidates and associates – has now passed 600,000 – anremarkable and extremely positive example of growth at a time when wenneed more people than ever to grow the profession.
nnThe success of Certified in Cybersecurity (CC) and the One MillionnCertified in Cybersecurity (1MCC) program to provide the educationnresources and exam for free to one million candidates, along withnincreased demand for experience-driven certifications such as the CISSPnhave seen the member community grow rapidly, with both recent graduatesnand career changers successfully leveraging their new CC certificationnto enter the profession for the first time. For example, 30% of thenstudents that have passed the certification exam now have jobs, and 29%nof those previously unemployed who have passed have also found their wayninto the workforce.n
nnMore people building their pathway into the profession can’t come fastnenough, as new research announced by Rosso revealed that the workforcenfaces greater pressures than ever to keep people, data, systems andnorganizations safe. Ransomware now accounts for almost a quarter ofnbreach incidents (24%), 21% of incidents due to misconfigured systemsnand 41% linked to increasingly sophisticated phishing attacks.n
nnMost concerning, alongside data from the new ISC2 CybersecuritynWorkforce Study to be released next week, Rosso revealed that 75% ofnthose polled stated the current threat landscape is the worst for thenlast five years, a reflection of the economic, geopolitical and otherndisruptive incidents taking place around the world right now. A furthern49% expect to see cybersecurity headcounts fall in the coming year. Thisncomes as the workforce has grown to 5.5 million people, but the gap hasnalso grown by almost 9% to four million, erasing the fall seen duringnthe COVID-19 pandemic.n
nnThe trouble with Crypton
nnFollowing her opening address, Rosso handed the stage first to ISC2nBoard of Directors Jill Slay, who welcomed attendees and reminded us allnof the power and value of a diverse and aware cybersecurity communitynpulling together in the same direction, then to the opening keynotenspeaker of Congress, Wired journalist and author Andy Greenberg.
nnHis new bookn Tracers in the Dark nwas the basis for a deep dive into the deep web, the rise and fall ofntrading empires such as Silk Road and AlphaBay and how thencryptocurrencies these sites and their users relied on for anonymous,nuntraceable trading are in fact nothing of the sort.n
nnGreenberg explained how in fact, while there is much that can be done tonobfuscate the details of a buyer when conducting a cryptocurrencyntransaction, due to the detailed and distributed blockchain records thatnare created every time a cryptocurrency is used, a very traceable linenof breadcrumbs is in fact laid that can be used to link an illegal ornconcerning dark web purchase not only back to the buyer, but to thenseller and platform operator too.n
nnCrypto – not what you thinkn
nnCryptocurrencies and the dark web have been bed fellows for some time,nfrom the early days of currencies such as bitcoin that were quicklynadopted as a means to pay for small drug deals right up to their use onnsprawling hidden marketplaces where almost anything illegal could benbought or sold. Not to mention their use today as a payment method ofnchoice for ransomware demands. Cryptocurrency frauds, such as thoseninvolving the MtGOX and BTCe exchanges, also illustrate the extent ofnthe criminal enterprise surrounding these currencies.n
nnHowever, as Greenberg showed the audience, it was the ability tontrace the cryptocurrency transactions that played such as major rolenlaw enforcement bringing now both the Silk Road, and the much largernAlphaBay marketplace that attempted to fill the void. From thenability to follow the flow of the cryptocurrencies, to the pointnwhere they meet the regulated financial world – even criminalsneventually want to cash out to fiat currency – law enforcement hasnbeen able to follow the money and with it find the criminals. Nonenof us should assume that cryptocurrencies are anonymous. Like manyncybersecurity defenses, it’s more a case of how many obstacles youncan put between the pursuer and what they seek and whether it’snenough to deter them. For a cybercriminal its access, for lawnenforcement following the money, it’s the identity of those involvednin the transaction.n
n- n
- n ISC2 Security Congress is taking place until October 27 2023n in Nashville, TN andn virtually. Moren information and on-demand registration can be found here.n n
- n ISC2 SECURE Washington, DC takes place in-person on Decembern 1, 2023 at the Ronald Reagan Building and Internationaln Traden Center. Then agenda and registration details are here. n
- ISC2 SECURE Asia Pacific takes place in-person on Decembern 6-7, 2023 at the Marina Bay Sands Convention Centre inn Singapore.n n Find out more and register here. n
- Register your interest in ISC2 Security Congress 2024 in Las Vegas here. n