....with David Shearer
CEO of international cybersecurity certification organisation, (ISC)². ASM: It’s been an interesting year in terms of cybersecurity - what have been the highlights for (ISC)²? David Shearer (DS) It’s also been an interesting year for (ISC)². In 2016, cybersecurity has been increasingly regarded as a strategic international issue affecting all levels of society. By the year 2020, the number of networked devices (the internet of things) will outnumber people by six to one, transforming current conceptions of the internet. (Source: UN, Comprehensive study on cybercrime, UNODC, Vienna, 2013.) As mobile data usage and traffic has been increasing rapidly and substantially, faster than prevention technology - cybersecurity measures and policies, countries worldwide are at a higher risk of facing information security challenges more than ever before. Talent capacity building has been one of the most discussed topics in the global arena. No matter where I travelled this year—the Americas, Europe, Asia—I heard the term ‘talent capacity building’ in almost all discussion forums. (ISC)² members remain at the forefront of cybersecurity, and since 2004, our Global Information Security Workforce Study continues to validate this significant talent shortage. Our members are overworked based on the limited number of qualified people in the workforce and consequently, many are falling behind in their duties. This is compounded by the lack of new people entering the profession. In addition, our members are increasingly involved in a range of audits that consume significant amounts of time, at the expense of operational cybersecurity requirements and responsibilities. In 2016, we have tried to address the workforce shortage by speaking with various government agencies about how (ISC)² can collaborate with them to enhance the quality of the cybersecurity workforce and increase the numbers in the professional pipeline. Our recent signing of a memorandum of understanding (MOU) with Cyber Security Agency of Singapore (CSA) is one of those moves. The MOU allows CSA and (ISC)² to increase public cybersecurity awareness, and complement existing efforts in the development and maintenance of the cybersecurity competency framework in Singapore. At the same time, we asked our global regional offices to expand our International Academic Program (IAP) to a network of university partners, to provide them with access to the professional knowledge maintained by (ISC)²’s Common Body of Knowledge (CBK®)
4 | Australian Security Magazine
so that their graduates will be equipped with much-needed cybersecurity skills. We also advise the course designers and course accreditors to help them embed cybersecurity into degree modules and associated syllabi. The Associate of (ISC)² program has been instrumental in helping over 15,000 people become full members since 2009. Our associate program provides a career path for individuals that do not have the requisite experience requirements, but are able to pass one of our rigorous exams. For example, the CISSP requires 5 years of experience, but an Associate of (ISC)² has six years to get the required experience. By using the (ISC)² digital badge, our Associates can validate that they passed our exam, and are progressing toward certification. Employers can look to Associates of (ISC)² as a way of building talent capacity by giving our Associates a chance to get the required experience while growing with their organizations. At (ISC)² we believe that when it comes to cybersecurity, we need to look after the most vulnerable members of society - children and seniors – and do everything we can to ensure their safety. We’re trying to reach young hearts and minds through our Safe and Secure Online program, and we have engaged Garfield as our ‘spokes-cat’ to leverage the awareness programs to show young children that cybersecurity is an exciting field. Garfield and Friends brings international recognition to (ISC)²’s program
for cyber security education for children. www. safeandsecureonline.org ASM: How have the new services that have come online this year been received by your members? DS: In 2016 we focused on increasing member benefits, including forming strategic partnerships with industry to help position our members for success. We recognize that many of our members struggle to have the right level of staff, and they seldom have all the tools they need, like Security Information and Event Management (SIEM) technologies. Some of our members tell us they spend more time chasing vulnerability information and normalizing all the data, instead of actually patching and remediating vulnerabilities. For these members, we teamed up with Cytenna to bring Vulnerability Central to our members at no cost. Vulnerability Central empowers members to spend less time researching and normalizing vulnerability data and more time on targeted vulnerability remediation. In addition, we partnered with the Institute for Applied Network Security (IANS), providing members access to their CISO Impact Diagnostics. We have a partnership with UCF and their Common Controls Hub, which helps our members make sense of more than 90,000 individual mandates from 800-plus laws and standards around the globe. We also are trying