It seems impossible to read the news without coming across a story of a data breach or other hacker exploit. Not too long ago, issues surrounding data privacy and fraud were only on the minds of information security professionals; they are now urgent concerns for everyone, as we grow increasingly dependent on online transactions. Of such circumstances are professions born, and cybersecurity is answering that call.
The facts are clear: there are not enough cybersecurity professionals worldwide to meet the growing demand for these skills. Cisco’s 2014 Annual Security Report estimates that close to one million positions for security professionals currently remain unfilled. The UK National Audit Office has stated its belief that there are not enough existing or upcoming appropriately skilled professionals, and the EU’s digital agenda commissioner claims that the EU’s competitiveness is under threat due to the growing cybersecurity skills gap.
While no one organization can fill a gap of that magnitude, ISACA® has harnessed its decades of global expertise and launched Cybersecurity Nexus (CSX), which offers valuable cybersecurity-focused services and products. Recognizing that the journey toward building a cadre of knowledgeable professionals starts with a single step, ISACA is focusing its first efforts on the creation of a Cybersecurity Fundamentals Certificate, which tests recent graduates or those aspiring to enter the field of cybersecurity on basic knowledge and competencies in cybersecurity. Registration is now open for the certificate, which is aligned with the National Institute of Standards and Technology (NIST) and the National Initiative for Cybersecurity Education (NICE), and is compatible with global cybersecurity issues, activities and job roles. It is also aligned with the Skills Framework for the Information Age (SFIA).
The body of knowledge for the certificate was finalized in March, and development has begun on a glossary to be used as a study aid. In addition to the glossary, optional workshops will be offered to help prepare exam takers. The first workshops and exams will be held in conjunction with ISACA’s European Computer Audit, Control and Security (Euro CACS)/Information Security Risk Management (ISRM) conference in Barcelona, Spain, in September, and at North America ISRM in Las Vegas, Nevada, in November.
The certificate is just one of many activities planned for the CSX program. A career management program will be offered to demonstrate the knowledge needed to enter, and advance in, the cybersecurity profession. A practitioner-level certification—requiring both knowledge and experience on par with ISACA’s other four certifications (CISA®, CISM®, CGEIT® and CRISC®)—is in development, and the first exam will take place in mid-2015. Also planned are knowledge products such as implementation guidance for ENISA’s cybersecurity framework. ISACA® is also honored to host, with the EC-Council Foundation, the finals of the Global CyberLympics, which will take place in conjunction with Euro CACS/ISRM.
More than ever before, cybersecurity professionals need opportunities to come together to address complex problems. Through the CSX program, ISACA offers a forum in which cybersecurity professionals can find credentials, networking, knowledge, and training and education. ISACA is convinced that better trained, more knowledgeable professionals can contribute to an improved overall state of cybersecurity across the private and public sectors.