The doors opened at ISC2 Security Congress in Nashville, Tennessee this week as ISC2 members, candidates and a variety of industry experts started the first of three days of sessions designed to inform, educate, motivate and inspire.

Day one opened with a presentation from ISC2 CEO Clar Rosso, who provided a state of the profession update that was both encouraging and eye-opening. ISC2 announced that the combined membership community – members, candidates and associates – has now passed 600,000 – a remarkable and extremely positive example of growth at a time when we need more people than ever to grow the profession. Clar Russo - Day 1 Security Congress 2023 

The success of Certified in Cybersecurity (CC) and the One Million Certified in Cybersecurity (1MCC) program to provide the education resources and exam for free to one million candidates, along with increased demand for experience-driven certifications such as the CISSP have seen the member community grow rapidly, with both recent graduates and career changers successfully leveraging their new CC certification to enter the profession for the first time. For example, 30% of the students that have passed the certification exam now have jobs, and 29% of those previously unemployed who have passed have also found their way into the workforce.

More people building their pathway into the profession can’t come fast enough, as new research announced by Rosso revealed that the workforce faces greater pressures than ever to keep people, data, systems and organizations safe. Ransomware now accounts for almost a quarter of breach incidents (24%), 21% of incidents due to misconfigured systems and 41% linked to increasingly sophisticated phishing attacks.

Most concerning, alongside data from the new ISC2 Cybersecurity Workforce Study to be released next week, Rosso revealed that 75% of those polled stated the current threat landscape is the worst for the last five years, a reflection of the economic, geopolitical and other disruptive incidents taking place around the world right now. A further 49% expect to see cybersecurity headcounts fall in the coming year. This comes as the workforce has grown to 5.5 million people, but the gap has also grown by almost 9% to four million, erasing the fall seen during the COVID-19 pandemic.

The trouble with Crypto

Following her opening address, Rosso handed the stage first to ISC2 Board of Directors Jill Slay, who welcomed attendees and reminded us all of the power and value of a diverse and aware cybersecurity community pulling together in the same direction, then to the opening keynote speaker of Congress, Wired journalist and author Andy Greenberg. Andy Greenberg Day 1 Security Congress 2023 

His new book Tracers in the Dark was the basis for a deep dive into the deep web, the rise and fall of trading empires such as Silk Road and AlphaBay and how the cryptocurrencies these sites and their users relied on for anonymous, untraceable trading are in fact nothing of the sort.

Greenberg explained how in fact, while there is much that can be done to obfuscate the details of a buyer when conducting a cryptocurrency transaction, due to the detailed and distributed blockchain records that are created every time a cryptocurrency is used, a very traceable line of breadcrumbs is in fact laid that can be used to link an illegal or concerning dark web purchase not only back to the buyer, but to the seller and platform operator too.

Crypto – not what you think

Cryptocurrencies and the dark web have been bed fellows for some time, from the early days of currencies such as bitcoin that were quickly adopted as a means to pay for small drug deals right up to their use on sprawling hidden marketplaces where almost anything illegal could be bought or sold. Not to mention their use today as a payment method of choice for ransomware demands. Cryptocurrency frauds, such as those involving the MtGOX and BTCe exchanges, also illustrate the extent of the criminal enterprise surrounding these currencies.

However, as Greenberg showed the audience, it was the ability to trace the cryptocurrency transactions that played such as major role law enforcement bringing now both the Silk Road, and the much larger AlphaBay marketplace that attempted to fill the void. From the ability to follow the flow of the cryptocurrencies, to the point where they meet the regulated financial world – even criminals eventually want to cash out to fiat currency – law enforcement has been able to follow the money and with it find the criminals. None of us should assume that cryptocurrencies are anonymous. Like many cybersecurity defenses, it’s more a case of how many obstacles you can put between the pursuer and what they seek and whether it’s enough to deter them. For a cybercriminal its access, for law enforcement following the money, it’s the identity of those involved in the transaction.