In the late 1980s, the International Information System Security Certification Consortium, abbreviated (ISC)², was founded. It is an originally American nonprofit organization dedicated to training and certifications of cybersecurity professionals. On Aug. 17, 2023, the organization announced that it now has half a million members and announced a rebranding as part of continued growth in global membership. In the process, the name (ISC)² was replaced with ISC2.
One of the organization’s most sought-after training certifications is the CISSP certificate, with CISSP standing for Certified Information Systems Security Professional. ISACA and CompTIA are other vendor-neutral and internationally active organizations that provide similar training programs and credentials.
It is no secret that cybersecurity has become an increasingly important and complex challenge for organizations of all kinds, sizes, and industries. A look at the agenda for (ISC)² (now ISC2) SECURE London 2023, taking place Sept. 21, shows some of the themes that are becoming increasingly important: cloud security, artificial intelligence, third-party risk management, and compliance, the challenge of SaaS security, the need for robust cyber resilience, cybersecurity management, a growing attack surface, etc.
The pressing challenge of the cybersecurity workforce gap
With all these cybersecurity challenges and the fact that they are increasing faster than the cybersecurity workforce and the capacity to deal with them can grow, the industry has seen ever-increasing automation and expansion of available tools to address (new) cybersecurity challenges more efficiently.
Yet, there is still a significant shortage of people in cybersecurity. And with, among other things, ongoing digital transformation and the changing nature of our societies and the geopolitical context we live in, it doesn’t seem that the cybersecurity workforce will become too large for the challenges we have and will encounter any time soon, quite the contrary. Moreover, it’s not just about the digitization of our world and the classic IT domain: with the increasing adoption of Industry 4.0 technologies and use cases, there is also the enormous challenge of OT (operational technology) security.
“The cybersecurity field is still critically in need of more professionals. To adequately protect cross-industrial enterprises from increasingly complex modern threats, organizations are trying to fill the worldwide gap of 3.4 million cybersecurity workers” (ISC2 Cybersecurity Workforce Study)
ISC2 Certified in Cybersecurity (CC) as a way to close the gap and enhance DEI in security
With all this – and more – in mind, ISC2 launched a training and certification program a while back through which it aims to certify 1 million people in cybersecurity for free (there is a small fee for the exam). It is an entry-level cybersecurity certificate called ISC2 Certified in Cybersecurity℠ , or CC.
According to the ISC2 Cybersecurity Workforce Study, the global cybersecurity workforce in 2022 was around 4.7 million. This is larger than ever before but, at the same time, not sufficient at all, according to the report.
Per the organization, cybersecurity continues to face a critical shortage of professionals. And with increasingly complex modern threats, including those mentioned earlier, they are therefore attempting to close the global gap. In fact, according to the study, there is a workforce gap of just under 3.4 million cybersecurity workers.
There are many ways to attract – and retain – more cybersecurity workers. For example, the study also dives deeper into topics such as employee experience, attracting talent from other domains, etc.
“Research suggests that organizations prioritizing recruitment and training of entry-level personnel, regardless of their technical experience and background, can reap significant benefits and enable new talent to embark on successful cybersecurity careers” (ISC2)
Notably, a large percentage of cybersecurity workers were first in IT before moving into cybersecurity. But depending on the age group, a relatively significant portion was doing something else first. Organizations are also increasingly looking at attracting people who did something else first to increase the cybersecurity talent pool. Some are also trying to encourage more diversity and inclusion, not just because it matters a lot, obviously, but also because of the shortages of skilled cybersec workers. Here, too, the new certification intends to play a role.
Industry recognition for the ISC2 CC cybersecurity certification
In late July, ISC2 announced that there were already more than 265,000 registrations for the entry-level cybersecurity training and certification program. Twenty-seven thousand individuals had also completed the training in less than ten months.
There are initiatives elsewhere to increase the number of security professionals by similar organizations, consortia, vendors, and governments. For example, many regional, national, and local government programs attempt to offer the opportunity for unemployed people and workers in other sectors to start careers in cybersecurity. It remains to be seen whether these measures will work on the ground and which are most effective. Moreover, of course, we must distinguish between the different types of activities in cybersecurity. It has become such a complex matter that there are also a lot of diverse jobs.
In the meantime, you can look at ISC2 Certified in Cybersecurity℠. After all, a decent degree of cybersecurity knowledge is beneficial since awareness and the human aspect remain critical cybersecurity challenges regardless of one’s position within an organization.
ISC2, as mentioned, also wants the initiative to bring more diversity, equity, and inclusion (DEI) to the cybersecurity workforce by reaching out to and attracting underrepresented populations. Half of the 1 million free online and self-paced training programs are reserved for this purpose. By attracting groups of people who typically have less presence in the industry, it looks to enhance the accessibility of cybersecurity careers.
Candidates must first create an ISC2 account (the first year it’s free). After creating an account, they can (apply to) get free access to the “Certified in Cybersecurity Official ISC2 Online Self-Paced Training” (“CC” for short). After that, they get access to the study materials and can take the exam after the study at a Pearson VUE site (i.e., not online).
Topics covered in the training: security principles, business continuity, disaster recovery and incident response concepts, access control concepts, network security, and security operations.
As announced by ISC2 in August, the program helped it round the half-million community member mark. Also in August, the ‘Certified in Cybersecurity’ or CC certification won a SC Award in the Excellence Award category for the Best Professional Certification Program.
Top image purchased under license Shutterstock, all other images belong to their respective mentioned owners and serve illustration purposes.