Associate of (ISC)² Spotlight: Rachel Phillips

Rachel Phillips HeadshotName: Rachel Phillips, PMP, Assoc. (ISC)²
(ISC)² Exam(s) Passed: CISSP
Title: Cybersecurity Analyst
Location: Seattle, WA, U.S.A.
Education: M.S. Information Technology (Security and Assurance) and B.S. Business Administration (New Media and Internet), Kaplan University
Years in IT: 10
Years in Cybersecurity: 3
Cybersecurity Certifications: Associate of (ISC)²

Rachel Phillips, PMP, Assoc. (ISC)² is an influencer and sought-after contributor for her views and leadership in technology and security. She holds a Master’s in IT with emphasis in Information Security and Assurance, and a Bachelor’s in Business Administration from Kaplan University. As a cybersecurity analyst, she provides oversight and assurance of meeting industry standards and best practices to secure the IT environment.

How did you decide upon a career in cybersecurity?

A mentor wisely advised me to consider cybersecurity several years back while I was deciding on an area of focus for my master degree. Security is not only a fast-growing industry with great employment prospects, but aligns well with my aptitudes and interests. 


Why did you decide to pursue certification through the Associate of (ISC)²?

The CISSP certification is considered the “gold standard” so was my first choice, and (ISC)² provides the Associate designation while working towards endorsement for CISSP. 


In cybersecurity, no two days are the same – what is your main role in your organization?

As a cybersecurity analyst, I am responsible for execution of the enterprise security program including initiatives, operations, security testing and security event response.  


Tell us about a project that you were particularly proud of:

I’m proud of many accomplishments while working in security, but the ones that stand out most are SOC audits. It’s challenging to take an organization through a successful SOC 2 Type I and then SOC 2 Type II audit. It demonstrates the maturing of a security program. Being part of that, to lead those engagements, was very rewarding. 


What impact has the Associate of (ISC)² had on your career?

The Associate of (ISC)² designation shows a commitment to a career in cybersecurity and provides credibility to colleagues, clients, and the like. 


What advice would you give to those who are thinking about pursuing cybersecurity as a career?

In my article for ITSPmag, titled ‘My Quantum Leap into Cybersecurity,’ I advise those wondering if they have what it takes to pursue a career in cybersecurity to “apply anyway” – they just might be surprised. I love working in security, and only wish I made the move earlier! Certifications have helped me fast-track my career and I highly recommend them, but don’t let it stop you either. I pursued the Associate (ISC)² while I work towards CISSP endorsement to show my commitment to excellence in the field.


Learn more about how the Associate of (ISC)² can help you start on the path to certification.

Powered by WPeMatico

Ways to Earn CISSP CPEs

CISSP CPEIn this ever-changing field, you’re constantly required to learn about new tools, vulnerabilities and threats. We know that time and financial resources may get in the way of participating in CPE offerings that help you sharpen your skills and hone your craft. We are committed to enabling our members to become the most well-rounded and effective cybersecurity practitioners around so we’ve compiled a list of CISSP CPE opportunities that will work for your busy schedule.

Online CPE Opportunities:

In-Person CPE Opportunities:

In 2018 we want to enable our members to excel and achieve their personal and professional goals by providing enriching and relevant CISSP CPE opportunities. We encourage you to visit our website often for updates, share your thoughts in our community on your professional development needs and take advantage of the free opportunities that will help you continue growth and through your work positively impact a safe and secure cyber world.  

Powered by WPeMatico

Throwback Thursday: Security Congress in Austin

Last year’s Security Congress in Austin was our largest one yet with nearly 2,000 cybersecurity professionals in attendance. You know what they say, everything is bigger in Texas!

Our first independent Congress featured 139 educational sessions, as well as vendors presenting in the Solutions Theater, (ISC)² member focus groups, Cloud Security Alliance (CSA) Summit and the Information Security Leadership Awards (ISLA) Americas ceremony and celebration.

If you attended last year, you saw the excitement and enthusiasm from staff, speakers and attendees. If you were unable to attend, you’re in luck – you can watch some of the top sessions from 2017’s Security Congress online! Below is a list of the sessions currently available – and we’ll keep adding them as we get closer to the 2018 event.

Help Wanted! – Addressing the Cybersecurity Skills Shortage   Panel

This panel conversation on one of the hottest topics in cybersecurity – the skills shortage – took place during the first day’s luncheon. The session was attended in person by 800 cyber pros. Gary Beach, author of The U.S. Technology Skills Gap, served as moderator. The panel was made up of Brandon Dunlap of Amazon, Donald W. Freese, deputy assistant director for the FBI, our own CEO David Shearer, CISSP, and Deidre Diamond, founder and CEO of CyberSN and #brainbabe. Cybersecurity is a fairly new industry – and it’s critical to all businesses, so without a built-in backfill, how can we fill the growing number of open jobs? The panel discusses solutions – including early childhood education, government programs, on-the-job trainings, internships and more. Brandon Dunlap on training your staff: “If you can build that relationship and make that investment, you can keep them for life.”

It’s a Brave New Cybercrime World – Donald W. Freese

The opening keynote for the 2017 Security Congress event was a “fireside chat” about cybercrime with Donald Freese and Brandon Dunlap. Donald discussed the importance of terminology (“risk vs. threat” and “probability vs. possibility”) and learning the languages of the other departments you’re working with. Emphasizing collaboration and outreach within your own organization, Donald also talked about the accessibility of the FBI (through various regional offices, as well as FBI Twitter) and the value of building relationships with your local agencies before there is an issue to report.

Cybersecurity Careers: It’s Not Just Hacking

Deidre Diamond is a powerful voice in the cybersecurity industry. She is the founder of CyberSN – a cybersecurity staffing agency – and the #brainbabe movement to replace “booth babes” with STEAM students at conferences and conventions. She spoke to a crowded room about the 500,000 unfilled cyber jobs and what those of us already in the field can do to help fill the gap. She referenced the 2017 Global Information Workforce Study’s findings that the percentage of women in the field remained stagnant at 11 percent, as well as research showing that 56 percent of women in tech are leaving inside 10 years. Aside from the lack of women in cybersecurity, there are other ways that the industry can grow – and that involves shaking the stereotype of the hoodie-clad man in the basement. Cybersecurity jobs involve so much more than simply “hacking,” and it’s time to come together to see how we can work together to recruit new and unique talent to this exciting and lucrative field.

From 10% to 100% Cloud in 3 Years: How (ISC)² is Doing it & Putting Security 1st 

Our own COO Wes Simpson led a Birds of a Feather session where he talked about how (ISC)² has been transitioning to a 100% cloud-based services model. The interactive discussion starts with the how and why our organization made the choice to go all in with the cloud – and of course, how our team ensured that security would be front and center throughout the entire process. Using a DevSecOps approach, our IT team restructured, and grew quite a bit, to focus on accomplishing our mission of “Digital-End-To-End” (DETE) revamping of our online presence. If you are preparing for a move to the cloud, or even if you’re in the midst of the journey, this session is a must-watch.

Agile cloud securityAgile Cloud Security

Paul Oakes, CISSP-ISSAP, CCSP, CSM, CSPO, AWS PSA, is a senior enterprise security architect for TD Bank. He has 16 years of Agile experience and 20 years of security experience, working in the cloud for the past 10. He teaches courses on Agile, as well as security, and delivers a conceptual roadmap for cloud security professionals to use as a guide to tackle their day-to-day tasks of securing their cloud, or transitioning to a cloud security environment.

Agile methodology is reality-driven and, inherently, your enemy is already using it. Paul describes Agile’s essential principles as “based in technical excellence, good design, motivated individuals and empowered, self-organized teams.” This session is an ideal starting point for understanding Agile methods and how they can serve a cloud security environment.

Cyber, Risk and Gender: Is There a White Male Effect in Cybersecurity?

Security researchers from ESET, a security software company, presented findings on the intersection of cyber, risk and gender. Lysa Myers and Stephen Cobb, CISSP, reviewed numerous studies that indicated that white males perceived less risk than the rest of the population, termed “the white male effect.” Most of the industry in the U.S. fit these demographics, yet, cybersecurity professionals tend to see more risk in technology than their peers. White male risk

Resiliency is More Than A Mood: Building a Safer Homeland – Juliette Kayyem

Juliette Kayyem, author of Security Mom, was Tuesday’s keynote speaker at Security Congress and shared about her experiences as a terrorism expert for the U.S. Department of Homeland Security. She spoke about minimizing risk and maximizing defenses, and understanding that you’re never going to get your risk or vulnerability to zero. While much of cybersecurity work focuses on prevention and preparation (“left of boom” policies), there also needs to be a focus on the response and recovery efforts when an incident does occur. Juliette Kayyem offers five important steps to building a more resilient system and what we all need to do to “keep calm and carry on.”


We’re expecting another sell out at this year’s Security Congress in New Orleans. Early bird registration is now open – including discounts for (ISC)² members, students and groups. Save your spot now and we’ll see you in N’awlins this October!

Powered by WPeMatico

SSCP Spotlight: Wai Sheng Cheng

Name: Wai Sheng Cheng
Title: Security Analyst
Employer: Cboe Global Markets
Location: Kansas, U.S.A.
Degree: Master of Science, Information Systems Engineering, Johns Hopkins University
Years in IT: 6
Years in information security: 3
Cybersecurity certifications: SSCP

How did you decide upon a career in cybersecurity?

I decided on a career in cybersecurity when my email account was first compromised in 2011. I learned about this when my friends and family called to ask if I had sent out emails asking for money. As an engineer-in-training, I was curious to know why and how this had happened. It was through this experience that I first became interested in information security.

Why did you get your SSCP

My former boss at the Kansas City Chiefs said to me one day that we will always need more knowledge in the department. He encouraged me to take any IT certification exams that I could. As I previously stated, I was interested in information security and had already earned my Security+, so the SSCP was a good next step for me. I took the CISSP exam after passing my SSCP exam and am currently an Associate of (ISC)² working toward achieving my full status as a CISSP.

What is a typical day like for you? 

I currently work in the Security Operations Center (SOC) tier 1 and tier 2 issues that come in. Issues may involve log reviews, firewall configuration and monitoring network traffic, for example. Most recently, I have been tasked with the Data Loss Prevention Program. In short, as a team, we are all responsible in maintaining a secure infrastructure via administrative, technical and physical controls.

Can you tell us about a personal career highlight? 

The first is I received an offer from the Kansas City Chiefs Football Club to work for them. The second was receiving an offer from the National Security Agency. In short, I have been processed by the NSA. To go through full-scope polygraph and PAB (Psychological Assessment Battery) was unique experience. There is nothing else like it. 

How has the SSCP certification helped you in your career?

I believe the SSCP was a step in the right direction in demonstrating to my potential employers that one, I take information security seriously, and two, I can be trusted.  To take any certification involves time and money.  What I mean by that is this:  it takes time to prepare for the exam, and time and money to sit through an exam.  It is the process that the employers look for.  

What is the most useful advice you have for other information security professionals?

Personal growth and professional development are important to me. One has to pick and choose the right place that one wishes to work. There are many organizations out there where all they want you to do is to keep your seat warm. Sure, it’s a steady paycheck, but it will stunt your skill-set, and can hurt your career.   

Information security is unlike information technology. It is why security is in its own department, and why the department would report to CISO. Security is a challenging and lucrative career. However, be mindful of what this is all about, because at the end of the day, information security is a service.  It is about people helping people. 


For more information on the Systems Security Certified Practitioner certification, download our Ultimate Guide to the SSCP.

Powered by WPeMatico