ISSA launches professional development framework
ISSA launched an industry-wide program to solve the global cybersecurity workforce gap. The ISSA Cybersecurity Career Lifecycle (CSCL) is a professional development framework that maps all five stages of the cybersecurity career lifecycle and empowers cybersecurity professionals – from students to CISOs – to identify where they are in their career, where they want to go, and how to accelerate their growth.
The ISSA will also establish an International Consortium for Cybersecurity Education (ICCE), bringing together key stakeholders from the public and private sectors around the world to find a common solution for this shared problem.
The “missing generation”
The information security profession, which evolved largely in reaction to threats, is now paying the price of an entire “missing generation.” An estimated 300,000-1,000,000 cybersecurity jobs are vacant, and demand will likely rise as the private sector faces unprecedented numbers of data breaches and cybersecurity threats. The U.S. Bureau of Labor Statistics is predicting 22 percent growth in employment in cybersecurity by 2020.
One study shows the lack of qualified security talent is approaching a state of critical mass, where organizations are vulnerable to serious risk exposure. A recent Ponemon Institute study[ii] found that the lack of a strong security posture is directly related to the lack of sufficient security expertise. Economists even predict the gap affects the effective adoption of key technologies in the enterprise and the public sector – and will, in turn, inhibit enterprise growth and economic expansion.
Despite the spotlight on cybersecurity skills as a national priority, widely accepted career definitions are still evolving. This lack of concensus makes it difficult for organizations to attract new entrants; for professionals to evolve their careers; and costly for organizations that often reinvent the wheel on job descriptions or hire for the wrong role.
The Cybersecurity Career Lifecycle Framework
As the only independent global organization for cybersecurity professional development, the ISSA is in a unique position to bring the industry together to address these critical issues. The CSCL is driven by a steering committee of industry influencers who provide guidance to task forces and assist with outreach to industry partners.
The CSCL framework defines and maps the five stages of a cybersecurity professional’s career:
- Pre-professional (students, young adults, etc.)
- Entry level
- Mid-career
- Senior level
- Executive level.
For each stage, the framework provides a common definition of the required Knowledge, Skills, and Aptitudes (KSAs) and responsibilities; how to be successful in each level; and how to get from one career stage to the next. Each level can have multiple tracks and path options.
The second phase of the CSCL will focus on an Assessment Tool. This tool will offer a skills and career level analysis, and it will recommend career plans tailored to each individual professional. The CSCL Assessment Tool initially will be made available to ISSA members.
The ISSA will also offer guidance and resources for professionals to achieve their career goals and will work with other service delivery providers to offer security education programs that support the stages of the CSCL framework.