<div dir="ltr">See the item from the SANS newsletter below. (For my taste the last two sentences in it are more important in principle, and in my perspective the main topic of US national association is obviously ... abstract.) The question is <b>what do you think about OWASP engaging in AppSec specialists' certification</b>? (Probably the question is not new, and we do not follow ISACA deliberately, then please send me a link to some discussion about it.) Wouldn't it be nice to create a methodology to train and examine the AppSec professionals in domains where we supply knowledge and tools (dev, test and ... management)?! (I guess it can make our brand more interesting for the AppSec crowd, bring more money and make dissemination of our tools easier).<div>

<br></div><div>~timur<br><div><br></div><div><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"> --Study Calls for Cyber Security Professional Organization</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">(July 28 & August 1, 2014)</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">A study from the Pell Center at Salve Regina University in Rhode Island</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">acknowledges that "there are not enough people equipped with the</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">appropriate knowledge, skills, and abilities to protect the information</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">infrastructure, improve resilience, and leverage information technology</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">

<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">for strategic advantage." The report "proposes the creation of a</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">national professional association in cybersecurity to solidify the field</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">as a profession, to support individuals engaged in this profession, to</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">establish professional standards, prescribe education and training, and</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">... to support the public good."</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><a href="http://pellcenter.salvereginablogs.com/cybersecurity-report-recommends-path-to-professional-standards-in-cybersecurity-industry/" style="font-family:arial,sans-serif;font-size:12.8000001907349px" target="_blank">http://pellcenter.salvereginablogs.com/cybersecurity-report-recommends-path-to-professional-standards-in-cybersecurity-industry/</a><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<a href="http://www.fiercecio.com/story/pell-study-calls-creation-national-professional-cybersecurity-association/2014-08-01" style="font-family:arial,sans-serif;font-size:12.8000001907349px" target="_blank">http://www.fiercecio.com/story/pell-study-calls-creation-national-professional-cybersecurity-association/2014-08-01</a><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">Study:</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><a href="http://pellcenter.salvereginablogs.com/files/2014/07/Professionalization-of-Cybersecurity-7-28-14.pdf" style="font-family:arial,sans-serif;font-size:12.8000001907349px" target="_blank">http://pellcenter.salvereginablogs.com/files/2014/07/Professionalization-of-Cybersecurity-7-28-14.pdf</a><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">[Editor's Note (Assante): I learned long ago that a people-focused</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">approach to cybersecurity brings with it the necessary clarity to</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">understand the true nature of the challenges and establishes a clear</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">framework for planning, engineering, and implementing measures that can</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">be sustained and built upon.  We all know of countless organizations</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">that reacted to a specific incident by implementing</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">outside-expert-recommended technology only to fail in its deployment and</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">operation.  Getting a competent handle on cybersecurity means engaging,</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">

<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">integrating, equipping and training people to make the difference.  Our</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">

<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">attention should turn to identifying and enhancing the knowledge and</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">skills of cybersecurity professionals as a field while involving</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">business architects and engineers to make cyber-informed decisions.</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">Getting this right sets the stage for game changing progress in cyber</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">resilience and defense.</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">(Honan): This is something that I have argued for in the past,</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<a href="http://www.net-security.org/article.php?id=1842" style="font-family:arial,sans-serif;font-size:12.8000001907349px" target="_blank">http://www.net-security.org/article.php?id=1842</a><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">, To me the issue is not</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">one of creating more qualifications for individuals working in the</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">field, but on the lack of accountability for those that are practising</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">in the industry but are providing below par services or products.</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">(Paller): We can do reliable assessments for the technical roles -</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">forensics, secure coding, penetration testing, intrusion detection,</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px"><span style="font-family:arial,sans-serif;font-size:12.8000001907349px">incident response, etc. <b>but any attempt to reliably measure skills for</b></span><b><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


</b><span style="font-family:arial,sans-serif;font-size:12.8000001907349px"><b>security managers and policy people is hopeless</b>. Why do you think there</span><br style="font-family:arial,sans-serif;font-size:12.8000001907349px">


<span style="font-family:arial,sans-serif;font-size:12.8000001907349px">is no certification for corporate managers?]</span><br clear="all"><div><div dir="ltr"><div><br></div></div></div>
</div></div></div>

<br>
<div><font color="#66cccc" face="times new roman, serif" size="1">Email us to enforce secure link with your mail servers (domain).</font></div><span style="font-family:'times new roman',serif;font-size:x-small;background-color:rgb(255,255,255);color:rgb(102,204,204)">This message may contain confidential information - you should handle it accordingly.</span><br><span style="font-family:'times new roman',serif;font-size:x-small;color:rgb(102,204,204);background-color:rgb(255,255,255)">Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.</span>