Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
Cyber attacks, breaches, hacks and ransomware are on the rise – that shouldn’t be news.
And according to many experts, one of the main reasons for this is a long-deplored shortage of cybersecurity talent.
To help close this workforce gap — as well as combat burnout of existing talent and empower companies to stay ahead of hackers — the global cybersecurity non-profit organization, (ISC)2announced three major new initiatives this week.
“The cybersecurity profession is at a critical turning point in its evolution,” said Clar Rosso, CEO of (ISC)2. “The field is poised for rapid growth and expansion, and it takes people from all backgrounds around the world to build a safe and secure cyber world.”
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
Support Candidate Growth
According to the most recent Cybersecurity workforce survey of (ISC)2 needs to grow the global cybersecurity workforce by 65% to effectively defend organizations’ critical assets.
To help combat a staff shortage of more than 2.7 million people, the nonprofit’s three new initiatives include:
- (ISC)2 Certified in Cybersecurity: This entry-level certification exam evaluates candidates on security principles; business continuity, disaster recovery and incident response concepts; access control concepts; network security; and security operations.
More than 1,500 pilots who have passed the exam are on their way to full (ISC)2 certification and membership, Rosso said. As members, they gain access to continuing education, thought leadership, peer support, industry events, and other professional development opportunities – ultimately extending their experience and working toward more advanced and specialized certifications.
- (ISC)2 One Million Certified in Cybersecurity is now open for registration. This follows the White House nonprofit’s recent announcement that they will be offering free entry-level cybersecurity certification exams and self-paced courses to a million new cybersecurity professionals.
- (ISC)2 Candidate Programme: Individuals considering a career in cybersecurity have free access to exclusive resources and benefits and discounts on all certification courses.
Barriers to Entry, Identifying Candidates
(ISC)2 has been developing these programs for almost a year, Rosso says. They complement the well-known Certified Information Systems Security Professional (CISSP) certification and work through the charitable foundation Center for Cybersecurity and Education. The nonprofit has 168.00 members — professionals from all areas of cybersecurity.
Rosso pointed out that one of the most intractable cybersecurity staffing challenges is identifying entry-level and junior-level candidates with the right skills and aptitude to learn and grow on the job.
“At the same time, people who are early in their careers are unable to demonstrate their understanding of cybersecurity concepts and capture the attention of hiring managers,” Rosso says.
In a 2021 survey by Champlain College onlinefor example, cybersecurity professionals identified their main barriers to entry as high expectations of prior education or work experience and a lack of diversity and inclusion.
And, (ISC)2 research suggests: that organizations focused on recruiting and developing entry-level cybersecurity personnel — including those with little or no technical experience — are helping accelerate the “invaluable hands-on training” the next generation of professionals needs, Rosso said.
Ultimately, “to build resilient teams at all levels, we believe creating more opportunities for novice and junior practitioners is one solution we can use to close the workforce gap,” she said.
More breaches, but no action
The new initiatives come amid, and largely driven by, growing cyber-attacks — and increasingly sophisticated and costly attacks. According to one estimate, the average cost of a data breach is up to $4.35 million this year.
“Cyber intrusions are escalating in an alarming trajectory for organizations and governments of all sizes around the world,” said Rosso.
She pointed out that many organizations fall victim to cyber-attacks because of vulnerabilities and weaknesses in their defenses — problems that professionals say they could tackle more effectively if they had enough people.
“It really is that simple,” she said. “We need more people in the role of defending organizations.”
So why aren’t organizations doing more?
“While the most obvious factor is simply demand outpacing the supply of qualified individuals, there are more nuanced reasons for the gap,” Rosso says.
Organizations in particular are failing to address cybersecurity needs as a “strategic necessity” – many still view cybersecurity at their peril as a back office, optional expense. When staff resources are limited, organizations tend to look for the most highly qualified individuals with years of hands-on experience. But these are scarce.
Most of the work that needs to be done is suitable for entry-level or junior staff, Rosso said, but organizations are sometimes unwilling to invest the necessary six to eight months of hands-on training needed to train newcomers to speed.
“Decades in which cybersecurity is a small but powerful club of individuals with very similar education and work experience has led to a build-up of unconscious biases that hinder the hiring or promotion of diverse individuals,” said Rosso.
Organizations must stand up
Yet, while important, these initiatives are only one way of addressing the growing problem.
Organizations need to invest in people, hire entry-level and junior staff and upskill them, Rosso said. They need to “increase everyone’s cyber literacy,” she said, while encouraging a new generation of individuals from all backgrounds to consider careers in the field.
(ISC)2 has a broad view on the matter: focus on increasing diversity in the profession and encouraging more women and minorities to view cybersecurity as a career — and one that could be very rewarding, it said. Rosso. In fact, half of the nonprofit’s $1 million pledge will go through partner organizations that actively serve underrepresented groups.
“We encourage employers and governments to prioritize cybersecurity as a strategic imperative,” said Rosso. “We encourage breaking the idea of who would be good at cyber, and instead we start by looking at a person’s non-technical skills and motivations, then train for the technical ones.”
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.