ISC2 is developing a Code of Professional Conduct for cybersecurity professionals to be released later this year. As cybersecurity practices continue to evolve and become increasingly com plex, developing a Code,aimed at providing clearer guidance and standards for professional and ethical behavior within the profession is vital. In early Spring, the Code draft was shared with ISC2 members and associates, seeking their comments and feedback. The response was excellent and affirms our commitment to this project.
The latest step in the project has been a four-part series of virtual workshops to develop materials for the new Code. With the support of 16 volunteers, the ISC2 Standards and Practices team along with the Code Taskforce, facilitated the development of key resources to accompany the Code and provide cyber professionals practical guides to help apply the new Code in their day-to-day decision-making.
These workshops took place in June 2025 and have developed member-informed resources supporting Code implementation and accountability to ensure that the Code is practical, actionable and accessible to all cybersecurity professionals.
Code of Professional Conduct Workshops
The virtual workshops had participation from 16 members, including 2 taskforce members, around the world . Volunteers had varying levels of experience in the field, from CC to advanced credentials, to ensure that the materials are appropriate for all professionals. The workshops focused on the following themes:
- Bringing the Code to Life through Examples and Scenarios
- Clarifying Expectations: Practical Guidance on the Code
- Walking the Talk: Creating a Decision-Making Framework
- Putting It All Together: Testing, Tuning and Closing Gaps
Volunteers on the Value of the Workshops and the Code
“A well-defined Code of Professional Conduct provides clarity in navigating ethical dilemmas and reinforces a culture of accountability, trust and integrity—making it easier for cybersecurity professionals to act with confidence and consistency in complex, high-stakes environments.” - Sameer Dutta, CISSP, CCSP
“The Code gives everyone a clear roadmap when facing those tough ‘What should I do?’ moments at work, plus the confidence to stand your ground when someone asks you to cut corners on security. It gives you peace of mind knowing you're doing the right thing while also earning more respect from your team and clients who trust that you're following professional standards.” - Jen Blacker, CISSP
“The collaboration with fellow cybersecurity leaders, particularly on ethics, created an opportunity to share and discuss diverse professional experiences across societies and cultures. Each participant contributed values shaped throughout their career, fostering open dialogue and critical examination of the professional code of conduct in an inclusive environment. We encountered ethical dilemmas that we might not otherwise face in our daily work, making the experience both enriching and thought-provoking.” - Dvir Geva, CISSP, CC
"The most valuable aspect of the workshop was the strong sense of teamwork. Despite being in different time zones and not knowing each other beforehand, we collaborated effectively to develop a Code of Professional Conduct for ISC2. The openness, clarity and collaborative spirit shown by the group are key traits for a successful career in cybersecurity." - Rupesh Paterical, CISSP, CCSP
Next Steps and Upcoming Release
As the project heads into its final stages in 2025, the Code Taskforce will review and refine the June Workshop materials for release with the new Code. They've finalized the draft Code which will be reviewed and approved by the Ethics Committee and ISC2 Board of Directors before being released to the public.