....with David Shearer
CEO, (ISC)²‘s Global Information Security Workforce
Back in April 2015, (ISC)²‘s Global Information Security Workforce Study foretold of a massive shortfall in the global information security workforce, predicted to reach dire proportions by 2020. The deficit of over 1.5 million professionals is in addition to staff that will be hired at the forecast rate of recruitment, pitching this looming catastrophe as one that demands a global, unified solution. (ISC)² CEO, David Shearer, has big plans for his organisation over the coming years, strategies that he hopes will begin to address this untenable situation. His call to action is bigger than any individual company or country: for the sake of everyone, information security professionals the world over need to coordinate, communicate, collaborate and spread the word that security needs help. Only by bringing new people into the industry are we ever going to beat cybercrime and make the Internet a safe place to work and play. (ISC)² (the abbreviation of International Information System Security Certification Consortium) is a global leader in cyber security education and certification, operating as a notfor-profit in 160 countries around the world. It is headquartered in the United States, with branch offices in Arlington, Virginia; London, Hong Kong, Tokyo and an authorised agency in Beijing. The organisation of best known for running the professional certification known as CISSP, however, there is a lot more to (ISC)² than first meets the eye. Running seven of the most widely recognised and accepted professional certifications in the industry, (ISC)² is the single largest members’ community of information security professionals, with over 110,000 members. The company was formed in 1989 as a collaboration between a collective of US companies wishing to standardise the way information security professionals were certified. The approach was innovative and highly desirable to both the industry and individuals and set the standard for what has become an enormous success. After 6 ½ years steering the (ISC)² ship, CEO Hord Tipton decided to retire and hand the helm to his second in command, David Shearer. Shearer had been Tipton’s COO for the previous two years, however, they’d been friends and colleagues for many years prior, so passing control to Shearer was an easy decision. David believes his long service in the US public sector was the best preparation he could have had to ready him for the challenges of running the world’s biggest InfoSec certification
6 | Chief IT
organisation. His career spanned a variety of government agencies, working with diverse security environments such as maritime law enforcement, national critical infrastructure, and food safety. Throughout his tenure in government, each and every engagement came with its own InfoSec challenges, which is why Shearer believes the move into information security full time was such a natural progression. Taking over as CEO was still a daunting prospect. He was replacing the visionary, Tipton, who as a retiring chief executive, was leaving a legacy where the, “vision and mission transcends the role of CEO,” Shearer admitted. Shearer’s goal is not to fundamentally change (ISC)², instead he plans to build on the solid foundation Tipton laid down and, “Add more value to the membership, delegate more responsibility to regional offices and interact better with individual members.” Shearer sees the new services he is introducing for members, such as the innovative Threat Central, as the beginning of the transformation of (ISC)² into a more agile and comprehensive members’
organisation. “Members should expect to see many richer CPE opportunities and ways to interact with (ISC)² at the organisational level and individual level to further the professionalism of the information security marketplace.” Shearer’s biggest challenge to date was making sure he hired the right COO to assist him. “It’s hard to find just the right person that will allow me to get out of the day-to-day detail of running a company.” Luckily the hunt is over and Shearer is extremely happy with his appointment in Wesley Simpson and the rest of his executive team. Shearer suggested that an initial goal he set himself is to listen to members and industry and try and address some of the negative comments he’s heard or read about (ISC)² and CISSP over the past 12 months. He admits that the information security industry is one of the most forthright communities in speaking their mind, so he’s not surprised that within a body of 110,000 members, some are not entirely happy. However, he acknowledges that there are issues, such as industry generally using CISSP as a hiring