csx conferences report - ISACA

15 downloads 336 Views 1MB Size Report
This is the best time in 20 years to be an information security professional: there is strong job security and solid car
NOVEMBER 2017

CSX CONFERENCES REPORT More than 1,150 attendees were welcomed to the CSX 2017 North America and CSX 2017 Europe Conferences. ISACA members, attendees, volunteers, speakers, sponsors, exhibitors and staff gathered in Washington, DC, 2-4 October, and in London, 30 October-1 November.

2017

2017 EUROPE

BIG IDEAS, FRESH TAKES AND NOTABLE QUOTES CSX conferences featured more than 120 sessions focused on innovation, the technology workforce, disruptors, best practices, and professional development. Additionally, members of the ISACA Board of Directors provided leadership briefs each day, highlighting recent research and perspectives. Here are some takeaways: “ We’re not just protecting IT; we’re protecting an entire enterprise and their customers,” said ISACA Board Vice Chair Rob Clyde in his closing remarks, Choose Wisely: Navigating Global Cyber Security Supply and Demand. “ Cyber security is everyone’s business – it ensures global and local economic security, but it’s also a matter of public safety,” said ISACA CEO Matt Loeb in his leadership brief, Collaborating to Build Cyber Resilience for Public Benefit. “ A huge amount of the SSH certificates that were stolen with the Heartbleed Bug are still not changed,” said Tammy Moskites, Managing Director, Senior Security Executive, Accenture, in her session Rise of the Machines: Protecting New Identities. “Even if you patch your system, hackers still have the keys – they now have access to a well-patched system.” She also warned, “Stealing certificates will be the next big market for hackers.” “ There will be 36 billion devices connected to the Internet by 2020. We must use AI to find insights into cyber security for the Internet of Things,” said Ed Cabrera, Chief Cybersecurity Officer, Trend Micro, in his session Understanding the Risks of Smart Cities. “ This is the best time in 20 years to be an information security professional: there is strong job security and solid career growth,” reported David Foote, Chief Analyst, Foote Partners, in his session, Analyst View: Cyber Security Jobs Workforce Review. He also noted, “The speed of technological change right now is the slowest it will be in your lifetime.”

2 CSX NORTH AMERICA 2017

KEYNOTE SPOTLIGHT: MATT OLSEN Former Director of the National Counterterrorism Center gives an unsettling look at how cyberattacks and terrorism are closely aligned, but provides hope for minimizing opportunities and impact Matt Olsen, counter-terrorism expert and president of IronNet Cybersecurity, shared parallels between cyberattacks and terrorism in his presentation, The Challenge of Security in an Age of Evolving Threats. Olsen outlined how cyberattacks and terrorism are similar: • Both create a sense of vulnerability in that no place is safe; our companies and our families can be hit at any time • They are asymmetric; one person can have an incredibly outsized impact • The government’s ability to prevent these attacks is limited; they must mitigate and manage risk with limited resources

Counterterrorism tactics can be applied to safeguard against cyberattacks. Olsen shared lessons from fighting terrorism: • Security needs to be a team effort, with shared information between the government and private sectors • Build a cadre of expertise – we need the right people and leaders to shrink the timespan between breach and detection • Perfect the policy. What is the cyberwarfare deterrence doctrine? What are the options to defend and defer? • Earn and build trust between the technology sector and government, and between people and government

CSX EUROPE 2017

KEYNOTE SPOTLIGHT: RAJ SAMANI The Chief Scientist and Fellow at McAfee shares the value of one person’s data – and how cybercriminals work together Due to the collection of consumers’ personal data and the way businesses are evolving, “Information security professionals are the most important people in any organization in the 21st century,” Raj Samani stated in his presentation, The Very Latest in the Fight Against Cybercrime. The leveraging of consumers’ personal data for monetary gain is common, yet people do not realize what – or even when – they are sharing. For example, movie theaters routinely collect personal data while enrolling customers in loyalty programs; customers view this as a benefit without considering how their data will be used. The same goes for social media: the value of data per account is more than what one might think. Although the perceived value of personal data is decreasing because people will give it away for very little in return, the real value of the data is increasing. “This is evident in things like the fact Facebook acquired WhatsApp for $19 billion when its profits were still at zero; this puts the value of each user’s data at around $42,” said Samani. All of this personal data is valuable, and there are various new business models for committing cybercrime. Anyone can find a “Professional DDoS service” via Google, and criminals share instructions over YouTube videos and even live chat.

3 CSX CONFERENCES 2017

SHELEADSTECH : FOSTERING INCLUSIVITY IN YOUR ENTERPRISE’S CULTURE ™

Attendees at both CSX conferences celebrated the launch of ISACA’s SheLeadsTech™ program with panel presentations and networking receptions. Leaders in a variety of inspiring professional roles spoke candidly about the need for mentoring, inclusion and C-suite engagement to draw more women into the tech workforce and create meaningful opportunities. Moderator for both panels: Tammy Moskites, Managing Director, Senior Security Executive, Accenture

“ If your diversity is driven by policy and not culture, you’re just checking a box.” Theresa Grafenstine, on instilling inclusivity as a value at your enterprise.

“ My clients expect diversity and their employees expect a diverse environment…Without change, we won’t have employees; they will go elsewhere.” Cheryl Martin, on envisioning the next 10 years of business.

Panelists at CSX North America: • Sarah Abedin, CISA, CGEIT, CRISC, Senior Managing Consultant, IBM Global Business Services (Public Sector) • Marianne Azer, Ph.D., Member, Egyptian Parliament • Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA, ISACA Board Chair, Advisory Managing Director, Deloitte Consulting • Linda Kostic, CISA, CISSP, CPA, Business Line Risk Officer, Financial Services • Lisa Mascolo, Managing Director, IBM Global Business Services (US Federal) • Archana Vemulapalli, Chief Technology Officer, Washington, DC Panelists at CSX Europe: • Sarah Orton, CISA, IT Audit Director, AstraZeneca • Cheryl Martin, Cyber Security Partner, EY • Keisha Smith, Manager of Business Development STEMX, SATRO The panels described characteristics of a good mentor: • Someone who is different from me, who can expand my understanding of myself • Someone who did not give me answers, but gave me guidance • An advocate for inclusion • Struck up a relationship organically • Role model Mentoring needs to include formal and informal relationships. Panelists recommended getting to know people for who they are, and taking the time to discuss things other than your personal goals.

CONFERENCE POLL: MENTORING FOR WOMEN “What mentoring opportunities should exist for women in tech?” “ I’d like to see more opportunities for women to transform into leaders and break into executive management.” Cheryl Millevolte, CISA NBC Universal

“ Our CEO is one of the rare female CEOs in technology. We’re fortunate she is our leader. Mentoring is needed. Not just mentoring, but female role models. Role models are needed to bring more women into technology, into information security. We talk about equality, but we are not there yet. We need trail blazers and their stories to inspire others.”

“ I’m hoping for more opportunities like the SheLeadsTech™ panel to give professionals better insight into what opportunities are out there and how to find them.”

Sébastien Gagné Directeur Marketing, Terranova WW Corp.

Debbie Paylor, CISM Directorate of Information Management, Pine Bluff Arsenal

“ If you’re entering the workforce, meet with a mentor to develop your leadership, teamwork and soft skills.” Jenny Tryon, CIA, CISA, CISSP, SA Manager, Corporate Compliance & IT Audit at Westar Energy

4

CSX EUROPE 2017

PREPARING FOR GDPR: THE EXPERTS WEIGH IN The plenary panel “GDPR - Where to Start and How to Stay on Course” gathered experts in the General Data Protection Regulation (GDPR), which goes into effect in May 2018 and will impact all organizations in Europe as well as those doing business in Europe. Solutions for the requirements emerged from panelists and attendees: MAPPING DATA: Ensure that you are not only in a position to know where Personally Identifiable Information (PII) is stored so you can comply with deletion requests, but also be positioned to accurately measure risk and exposure with a forward strategy for adhering to the rules. SHADOW IT: Despite having all the necessary policies in place, employees will still follow the path of least resistance, like using unsanctioned cloud applications, sharing information outside of correct channels to people they should not be (accidentally or not) and generally circumventing the prescribed operating procedures, which can result in risk for a company. DATA PROTECTION OFFICER (DPO): 28,000 more DPOs are needed in Europe to ensure adherence to GDPR. Organizations will recruit from existing staff, which is not necessarily a problem – if they are competent. Likely, an entire team will need to fulfill the needs, including business acumen, change management, IT systems knowledge, and GDPR expertise – a heady mix of demands for one person.

Moderator: Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, ISACA Board Director and Past Chair, Group Director of Information Security, INTRALOT Panelists: • Graham Carter, CISA, CGEIT, Corporate IS Risk & Compliance Manager, ABB Ltd and GDPR Working Group member, UK • Paul Jordan, European Managing Director, International Association of Privacy Professionals (IAPP) • Joanna Karczewska, CISA, IS Auditor, ASKOT and GDPR Working Group member, Poland • Andreas Mitrakas, Ph.D., LL.M., M.Sc., Head of Unit: Data Security and Standardization, ENISA – European Network and Information Security Agency

GDPR: PREPARING YOUR BUSINESS FOR IMPLEMENTATION ISACA board director Michael Hughes describes how everyone will be impacted and avoidance is not an option Sharing facts and myths in an engaging way through a dense and information-packed presentation, Hughes describes the GDPR in terms anyone can understand.

Other key takeaways:

Myth: All details of a breach must be shared immediately.

• The Information Commissioner’s Office (ICO) will pursue all company sizes for a breach, so if you’re a small or medium-sized enterprise, you still need to adhere to the regulations.

Truth: An organization has 72 hours. Myth: All personal data involved in a data breach needs to be reported.

• Cyber security is a key part of reducing the risk from a breach, though not the only one.

Truth: Only if it is likely to result in a risk to personal rights and freedoms.

• If you collect PII, make sure you are responsible. You need to be clear how long you will use it, what for, and with whom you will share it.

The overall guidance in a breach situation will be familiar to many: “Tell it all, tell it fast, and tell the truth.”

• Privacy notes need to be clear and easy for consumers to understand.

5 CSX NORTH AMERICA 2017

EXECUTIVE PANEL: IMPROVING SECURITY GOVERNANCE FOR BETTER BUSINESS OUTCOMES Commenting on recent ISACA research on the importance of strong tech governance, the executive panel on governance found common ground despite diverse experiences. “ We know that this is an area of concern for most directors. I don’t think there are any directors that don’t think cyber security is a major risk for their companies. I think where we struggle is, they’re not quite sure what to do about it.”

Moderator: Matt Loeb, CGEIT, CAE, ISACA CEO Panelists: • Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CISSP, CPA, ISACA Board Chair, Advisory Managing Director, Deloitte Consulting • Richard H.L. Marshall, Esq., Founder and chairman of the board of Cinturion Group. Inc., and CEO of X-SES Consultants LLC • Dottie Schindlinger, VP/governance technology evangelist at Diligent Corporation

- Dottie Schindlinger

“ Board members in general look at this as a technical problem that is to be solved by the propeller heads. And the propeller heads look at this as, this is a technical problem, just give me enough money, and leave me alone, and let me do my job. That’s not communicating. That doesn’t track.”

- Richard Marshall

“ Cyber is a strategic business risk, and the idea that boards somehow relinquish their oversight responsibilities because that’s too hard, it’s IT – imagine if they had the same perspective with their CFO. ‘That finance stuff, that’s a little tough, we’re not going to ask finance questions.’ I mean, that’s crazy.”

- Theresa Grafenstine

CSX EUROPE 2017

KEYNOTE SPOTLIGHT: ADE MCCORMACK Technologist, astrophysicist and software engineer focuses his work on the convergence of humanity and technology, and its implications for business and society Ade McCormack outlined big picture thinking about how security, technology and business professionals need to look to anthropology to see strategies for success as we move to what he calls “Industry 4.0.” The evolution of human working habits (hunter/gatherer, agriculture, factory and “Industry 4.0”) means that we need to look back, learning the lessons of what humans are conditioned to, in order to be successful in the future.

The digital era is not fully upon us, but McCormack predicts it will evolve in three distinct stages over the next century and beyond: INDUSTRIAL DIGITAL – Today’s model, with businesses operating as normal, but putting a digital veneer onto operations HUMAN DIGITAL – With technology being adopted to help humans do what they do, but better FULL DIGITAL – When an automated, computer-driven system can do what we humans do at the top of our cognitive ability

The digital fully Theera digitalis eranot is not fully upon us, upon us…

Rather than submit to a bleak portrait of a robot-driven future, McCormack did have some positive steps to ensure organizations and people are equipped to handle this disruption: 1) Build workplaces to match anthropological needs 2) Turn data into capital 3) Treat your career like a lean startup 4) Practice deliberately: “What have you done recently to make yourself world class?” 5) Bring forth your humanity

6 CSX EUROPE 2017

KEYNOTE SPOTLIGHT: NICK COLEMAN The Global Head of Cyber Security Intelligence Services at IBM asks,

“How are we going to prepare for the future of work?” Nick Coleman asked audience members during his presentation, Artificial Intelligence, Automation, Orchestration: A Game Changer? to think about their day jobs and the processing of information individuals perform, like email or extracting information from numerous sources. He then stated, “If you continue doing what you have always done without embracing automation, you will be obsolete in three to four years.” Automation is happening across industries, from planes and ships to self-driving cars; now is the time to embrace automation in cyber security. Resilience is the underlying objective in any cyber security system—it’s about how businesses can cope with disruption, and it’s about business performance as opposed to security performance.

It is the role of the security professional to translate resilience into capabilities across the key cyber security areas of assessing threats, protecting against them, detecting intrusions, responding to incidents and recovering. He stated that we should be studying these areas and assessing how we can embed AI and automation to improve efficiency and resilience. As numerous new pieces of legislation in the UK will be coming into effect before June 2018, businesses are under more pressure to ensure they are complying with new regulations, and in shorter time frames. The need for efficiency is increasingly important.

CONFERENCE POLL: DIGITAL TRANSFORMATION “What technology will accelerate digital transformation in the next 3-5 years?” “ We can expect to see more autonomous cars, artificial intelligence and big data. Autonomous cars could be the revolution in people’s lives after vehicles adopt drivers’ behaviors. Technology is changing; within five years, many things can happen. For instance, we’re talking about autonomous vehicles now, but these could actually be on the road in five years.” Jianping Wang CISA for General Motors

“ The largest transformation will be ensuring everyday people outside of Western countries have the same access to technology.” Phil Biegler Independent Consultant

“ I’m in the retail sector, and blockchain is going to be transformational. We also are focusing on cloud.” Jay Dutt, CPA, CISA Senior IT Audit Manager at Coach

“ My boldest prediction is about GDPR and the need to balance the regulations with all the possibilities and all the enablers of cyber security, technology performance, and the needs of business—public, private and consumers.” Pelle Soderberg P2C, Skogsduvevägen, Sweden

7 CSX NORTH AMERICA 2017

PARTNERING WITH GOVERNMENT TO PROMOTE CYBER SECURITY: US The Congressional Cyber Security Caucus, chaired by Members of Congress Jim Langevin and Michael McCaul, kicked off National Cyber Security Awareness Month by inviting ISACA and other cyber security experts to share with lawmakers and their staff members the importance of risk mitigation and auditing on 2 October in the Cannon House Office Building on Capitol Hill. Some takeaways from the panel include: “ Tech permeates everything we do; we need to make sure all organizations are secure in a volatile world, and we all play a part in addressing the challenges. The macro issue is leveraging the positive impact of technology.” – Matt Loeb “ Without cyber security audits, we lack a lens to how things are evolving; we need an independent source examining institutions.” - Nick Marinos “ Cyber security audit isn’t a mere checklist or bean counting—it ensures enterprise success. Ask your constituents what they’re doing to ensure security.” – Brad Jones “ It’s an interesting and exciting time. Cool new functionality got ahead of security; we need to build tech with security embedded and with holistic governance. Boards and the C-suite need to understand how tech impacts the entire enterprise.” – Frank Schettini

Panel moderator: Matt Loeb, CGEIT, CAE, ISACA CEO Panelists: • Brad Jones, MBA, Director of Government Relations at The Institute of Internal Auditors Inc. • Nick Marinos, CIPP/G, Director, Director, Cybersecurity and Information Management Issues at the U.S. Government Accountability Office (GAO) • Frank Schettini, MBA, ISACA Chief Innovation Officer • Greg Witte, CISM, CISSP – Program Manager, Security Standards Team at G2 Inc.

CSX EUROPE 2017

PARTNERING WITH GOVERNMENT TO PROMOTE CYBER SECURITY: UK ISACA leadership met with several UK government officials and important stakeholders while in London, including:

“ Our goal in the meetings, beyond relationship building, is to understand each stakeholders’ pain points and needs, as well as the existing environment and how ISACA might work with the organization to support them with policy measures or offer our tools as appropriate,” said Tara Wisniewski, ISACA’s Managing Director of Advocacy and Public Affairs.

• European Union Agency for Network and Information Security (ENISA), a center of expertise for cyber security in Europe, to discuss the new EU cyber security legislation, General Data Protection Regulation (GDPR). Andreas Mitrakas, Head of Unit from ENISA, also appeared on the GDPR keynote panel at CSX Europe. • Paul Jordan, European Managing Director for IAPP, to discuss ways ISACA and IAPP can partner together on GDPR and other initiatives. Jordan also appeared on the panel. • FALCON (Fraud and Linked Crime Online), the Metropolitan Police response to fraud and online crime, met with ISACA leaders to consider collaborations on informing small businesses about cyber security and explore future apprenticeship initiative opportunities. • Member of Parliament Brendan O’Hara, to discuss issues concerning data protection and cyber workforce. ISACA will provide future briefings to inform his response to GDPR.

8 CSX CONFERENCES 2017

KEYNOTE SPOTLIGHT: MARY AIKEN The inspiration for CSI: Cyber applies her psychology expertise to understanding online behavior; both CSX conference audiences received her fascinating insights Cyberpsychologist Mary Aiken specializes in the impact of technology on human behavior and the intersection between humankind and technology – or “where humans and technology collide.” If you don’t understand adversarial behavior online, she asks, “how can you know that your cyber security will be effective?” Behavior changes in a cyber environment; we change when we are online, and perceive ourselves as anonymous when we are not. Tracking cybercrime is always evolving, as behavior evolves as technology does. For example, the motive of a stalker is to steal glimpses of intimacy; for a cyberstalker, the motive is to access everything about

CSX NORTH AMERICA 2017

KEYNOTE SPOTLIGHT: HECTOR MONSEGUR One hacker seemed destined for a life of crime; he described his journey from hacker to FBI asset to corporate cyber security expert Hector Monsegur, formerly known as the notorious hacker Sabu, explained that his family was involved in criminal activity when he was a child, and he was drawn to computers and hacking as a young teenager. “You had to hack to learn how to use the systems,” Monsegur said. He was adept at developing methodologies and efficiencies: he learned to infiltrate in less than 10 emails by phishing executive assistants, junior developers and C-suite members other than the CEO. As his talents grew, he invented Sabu, his online pseudonym, and said, “Sabu is everything that was angry inside of me.” He viewed himself as a hactivist but grew weary of the notorious hacker group he was a part of, Anonymous, which “could have done good things, but it is a toxic culture” focused on trolling and striking discord. Eventually, the hacker was identified for his work with LulzSec (“we laugh at your security”), which claimed responsibility for several high-profile attacks. “LulzSec was essentially providing penetration assessments for free,” he joked. After his arrest, he worked with the government to identify other LulzSec members; he served time in prison, and is now lead penetration tester for Rhino Security Labs, breaking into clients’ networks to find vulnerabilities and helping prescribe solutions. Monsegur credits his new outlook on the positive influence of his cellmate, a rabbi. “He taught me so much, including that there is more to life than being a bad guy,” he said.

the victim, and it is easy to stalk more than one person at a time online in a way that is impossible in real life. “Are we even still talking about the same behavior?” Aiken asks. She encourages cyber security professionals to make informed, intuitive assumptive leaps when it comes to combatting cyber criminals. All criminals have motives, and you can develop cyber behavioral insights when you understand the motives for hacking. Additionally, she said, “Technology is not good or bad; it is either used well or poorly by humans.” She encourages all tech users to create a better cyber space.

SOCIAL MEDIA ROUNDUP C SX N O RT H A MER ICA 2017

C SX EUROP E 2017

1,727 1.6 million

1,166 1.4 million

POSTS TAGGED #CSXNA

PEOPLE WERE REACHED WITH 9.85 MILLION IMPRESSIONS

POSTS TAGGED #CSXEURO

PEOPLE WERE REACHED WITH 6.5 MILLION IMPRESSIONS

10 CSX CONFERENCES 2017

CISOs: RAISING VISIBILITY AND ADDRESSING SOFT SKILLS Chief Information Security Officers gathered at CSX conferences for CISO Forums to discuss progress in some areas of their positions, and continued challenges in others At CSX North America, the 30 attendees agreed that there has been increased information security awareness among board and C-suite leaders; enterprise-wide emphases on cyber security (beyond incident response); and significant visibility for CISOs and infosec reports to corporate boards. Additionally, 90% of attendees said they are currently, or have completed, implementing security by design in their organizations; last year, it was 20%. CISOs identified continued workforce and skills shortages as challenges, although some see progress based on more training

CISOs participated in a media panel with national press at CSX North America, describing their roles and challenges. One outcome was an article on CyberScoop, “CISOs are finally getting access to the corporate board — but need more of it.”

options from academic and industry institutions. Attendees also voiced frustration that board members’ attention can be scattered across digital transformation, cyber security policies and programs, and overall funding. The group agreed on several activities to position CISOs and their teams, including: • Regular visibility with business unit leaders and their teams, including creating a “security liaison role” to optimize communications; • Awareness-building and marketing programs, including organization-wide CISO and team road shows; • Board and CEO buy-in, messaging and leaders who regularly and authentically emphasize information security importance; and • Emphasizing CISO soft skills, business acumen and passion for the job—as well as technical expertise and experience.

CLICK HERE TO READ MORE >>

Patric J.M. Versteeg, CISO of Vsec, The Netherlands, asked attendees for soft skills opinions in a live polling exercise at the CISO Forum at CSX Europe, and led a discussion fueled by the data. The live poll findings included: 43%

23%

YES

57% NO

I have experienced, witnessed or been informed that the communication between the CISO/CSO to other CxO’s has been determined as inadequate for board / business level.

Never

8%

Always

69%

When communicating with a CISO/CSO (peer) about “Security” (Information Security / Cyber Security / IT Security), I sometimes get let lost in the industryspecific language used.

Sometimes

Are these elements a part of CISO Soft Skills?

21% The phrase “CISOs are lacking Soft Skills” is:

Unfamiliar to me

79%

Familiar to me

Management, Leadership, Emotional Intelligence, Social Intelligence Organization Sensitivity

YES NO UNCLEAR

Intelligence Obtaining an MBA

SPECIAL THANKS TO OUR EMCEES:

CSX EUROPE 2017

MEASURING AND MONITORING IT SECURITY RISK Neil Gast, manager, security risk management for United Airlines, spoke to a jam-packed audience about the critical success factors and lessons learned in measuring and monitoring IT risk. Critical Success Factors: • Define good metrics catalogue (aligned to the organization’s priorities and risk appetite) • Take a best guess at metric threshold • Prioritize metrics • Define and document high-level processes that support the program

Lessons Learned: • Do not try to measure all metrics • Do try to measure all end points • Usable data may not be available (because it may be old, dirty or inaccurate) • Managing data is difficult

CSX North America Emcee: Mark Thomas, CRISC, CGEIT CSX Europe Emcees: Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, Past ISACA Chair

CSX NORTH AMERICA 2017

SEVEN STEPS TO CREATING A CYBER SECURITY CULTURE

Robert Stroud, CGEIT, CRISC, Past ISACA Chair

JOIN US FOR CSX 2018!

Michael Simmons, president and CEO of Bearing Cybersecurity & Consulting, showed how to utilize an Infinite Game Theory mindset to incorporate a cyber security culture into your corporate DNA. 1. Get buy-in from the top 2. Create a policy-based cyber security plan 3. Create assessments 4. Continuous training 5. Begin during onboarding 6. Continuous communication 7. Appoint evangelists

“An effective cyber security program is a mindset that must be pervasive throughout the organization: a shared responsibility interwoven within its culture.”

– Michael Simmons

15-17 October 2018 Las Vegas, Nevada, USA

29-31 October 2018 London, England

IN CYBER SECURITY, THERE’S NO SUBSTITUTE FOR REAL-WORLD EXPERIENCE. That’s why ISACA created the Cybersecurity Nexus™ (CSX) Training Platform, the first on-demand, real-world training solution that builds real technical skills to help your staff combat real threats. Receive hands-on, practical training in a live and dynamic network environment. Also available: the CSX Practitioner (CSXP) certification, the first vendor-neutral, performance-based certification that measures and validates technical cyber security skills and abilities. Learn more at https://cybersecurity.isaca.org/