Organizations are realizing that it is not a matter of if a cyberattack will occur against their enterprises; it is a matter of when. This realization is causing executives and board members to take a growing interest in what is being done to protect and defend their top non-human asset: information. Support for growth in cybersecurity staffing is here; the problem is that the pool of skilled cybersecurity talent is facing a drought.
To address the global cybersecurity skills shortage, ISACA has launched a portfolio of innovative skills-based cybersecurity training courses and performance-based exams and certifications, through its Cybersecurity Nexus (CSX). These new CSX certifications are providing a benchmark that will help shape the future of cybersecurity hiring and the career progression of cybersecurity professionals. CSX will help assure cybersecurity pros that they can keep their skills sharp in the face of evolving threats, changing technology, and highly motivated adversaries who seem to get cleverer every minute. Organizations will have assurance that candidates have the right skills to address cybersecurity incidents from day one on the job, and that their security teams have the most important and current skills, knowledge and advanced capabilities.
This ISACA effort is critical, as 82 percent of organizations expect to experience a cyberattack in 2015. But, they feel they are relying on a workforce that is not qualified to handle complex threats, according to the State of Cybersecurity: Implications for 2015 survey from ISACA and RSA Conference. The results also revealed that 35 percent are unable to fill open cybersecurity positions.
Historically, cybersecurity training has been more general and did not evolve with the changing threat landscape. There has never been a defined career progression for cybersecurity. ISACA examined the lifecycle of a cybersecurity career and the skills that are needed at every level to develop a holistic approach to cybersecurity from beginning to end.
ISACA’s new cybersecurity certifications are:
- CSX Practitioner—For this certification, a professional must demonstrate the ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes. There is one certification at this level, and three training courses are available. This certification is a prerequisite for any of the five CSX Specialist certifications.
- CSX Specialist—A professional must demonstrate effective skills and deep knowledge in one or more of five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. There is one certification and one training course for each of these five areas. Professionals can choose to attain one or more of the five. CSX Practitioner is a prerequisite for a CSX Specialist designation.
- CSX Expert—Only those who possess a master level of cybersecurity skills will be able to attain CSX Expert. Professionals must demonstrate skills that show they can identify, analyze, respond to and mitigate complex cybersecurity incidents. There is one training course and one certification at this level. No prerequisites are required.
ISACA is the first organization to use PerformanScore, a unique learning and development tool that measures a professional’s skill in performing cybersecurity job activities in a virtual setting using real-world cybersecurity scenarios.
Skills verification for cybersecurity pros should recognize that there are multiple ways to respond to threats, and PerformanScore can do just that—measure skills across the entire solution set of possibilities. Since the tool compares actions to grading criteria that are referenced against an adaptive scoring rubric in real-time, instructors can provide more precise feedback and professionals can learn more efficient cybersecurity techniques.
ISACA is the right organization to answer the urgent call for skilled cybersecurity professionals. ISACA blends the membership strength, vision, global reach, reputation, integrity and ties to global governmental entities like no other organization. We have the commitment, tools, resources and foundation to offer the complete holistic program that is provided through CSX. As a member of ISACA for over 15 years, it is exciting to see the strong strides ISACA is making to help strengthen enterprise security today.
For more information, visit www.isaca.org/csxnews .
Eddie Schwartz, CISA, CISM
President of White Ops, Inc.
Chair of ISACA’s Cybersecurity Task Force