One in five IT security professionals say their enterprises have been the target of an advanced persistent threat (APT) yet 62 percent of organizations have not increased security training in 2014, according to the ISACA 2014 APT Survey. A separate study by Cisco estimates that close to 1,000,000 positions for security professionals remain unfilled.
These indicators of a massive talent shortage are compounded by a skills gap, with few cybersecurity programs emphasizing expertise in business strategy and communication, in addition to technology. To help address this growing worldwide skills crisis, global IT association ISACA today launched the Cybersecurity Nexus (CSX) program.
CSX, developed in collaboration with chief information security officers and cybersecurity experts from leading companies around the world, fills an unmet need for a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications, education, mentoring and community. All CSX materials are designed to provide security-related information within the larger business context.
“Unless the industry moves now to address the cybersecurity skills crisis, threats like major retail data breaches and the Heartbleed bug will continue to outpace the ability of organizations to defend against them,” said Robert Stroud, ISACA international president-elect and vice president of strategy and innovation for IT Business Management at CA Technologies. “ISACA is proud to help close this gap with a comprehensive program that provides expert-level cybersecurity resources tailored to each stage in a cybersecurity professional’s career.”
CSX includes career development resources, frameworks, community and research guidance such as Responding to Targeted Cyberattacks and Transforming Cybersecurity Using COBIT 5, a business framework that helps enterprises govern and manage their information and technology.
The CSX program marks the first time in its 45-year history that ISACA will offer a security-related certificate. The association’s four certifications—including the Certified Information Security Manager (CISM) credential—require both an exam and proof of work experience. Ideal for recent university graduates and IT professionals seeking to change fields, the Cybersecurity Fundamentals Certificate requires applicants to pass a knowledge-based exam that provides objective proof of subject mastery to potential employers.
Student interest in cybersecurity careers is strong. A recent global poll of members of ISACA student chapters shows that 88 percent of the ISACA student members surveyed say they plan to work in a position that requires some level of cybersecurity knowledge. However, fewer than half say they will have the adequate skills and knowledge they need to do the job when they graduate.
“Security is always one of the top three items on a CIO’s mind, yet IT and computer science programs at the university level are not allocating a proportional amount of training to cybersecurity,” said Eddie Schwartz, vice president of global cybersecurity and consulting solutions at Verizon Enterprise Solutions and chair of ISACA’s Cybersecurity Task Force. “Today, there is a sizeable gap between formal education and real world needs. This, in itself, is an area requiring immediate focus so that the industry can get better at detecting and mitigating cyberthreats.”
“Enterprises cannot rely on just a handful of universities to teach cybersecurity. With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders,” noted ISACA International President Tony Hayes.
Upcoming elements in the Cybersecurity Nexus program include a mentoring program, a practitioner-level cybersecurity certification, SCADA guidance, training courses, implementation guidance related to the US Cybersecurity Framework developed by NIST and teaching materials for professors.