Security Experts:

Connect with us

Hi, what are you looking for?


Training & Awareness

ISSA Launches Cybersecurity Career Lifecycle Program

In an effort to address the global cybersecurity workforce gap, the Information Systems Security Association (ISSA) has launched a professional development framework.

In an effort to address the global cybersecurity workforce gap, the Information Systems Security Association (ISSA) has launched a professional development framework.

The Cybersecurity Career Lifecycle (CSCL) program is an industry-wide initiative that defines and maps the five stages of the cybersecurity career lifecycle: pre-professional (students, young adults), entry level, mid-career, senior level, and executive level. For each of these stages, the framework defines the knowledge, skills, aptitudes and responsibilities, allowing cybersecurity professionals to identify the current stage of their career.

CSCL also provides information on how to be successful in each stage, and how to advance to a next career level. Each of the levels has multiple tracks and path options, ISSA said. The second phase of the program will focus on an assessment tool that will make career recommendations based on a skill and career level analysis.

According to ISSA, a total of 75 CISOs and experts from leading organizations across the globe contributed to the development of the framework’s first phase. “The CSCL is driven by a steering committee of industry influencers who provide guidance to task forces and assist with outreach to industry partners,” the organization said.

“Companies are having a hard time finding the security professionals with the right combination of business and technical savvy that they need to combat growing threats, and schools are not graduating enough students with the necessary skills or experience for entry-level positions,” noted Stefano Zanero, assistant professor at the Politecnico di Milano university and a member of the board of directors at ISSA. “It is imperative that we attract new talent and that new entrants, as well as those further into their careers, have a path to follow to accelerate their success. With the introduction of our Cybersecurity Career Lifecycle, we are creating a structured approach to career growth within this unique and rewarding profession.”

Recent studies have shown that there are hundreds of thousands of vacant jobs in the cybersecurity industry and experts believe the number will continue to increase as more and more major organizations suffer data breaches. According to the United States Bureau of Labor, employment in this sector will record a 22% growth by 2020.

ISSA believes that the lack of consensus when it comes to cybersecurity career definitions makes it more difficult for professionals to evolve, and for organizations to attract new entrants and hire the right people for a specific role.

“This problem cannot be addressed by one single entity, it is a global problem that the profession needs to address as a whole. ISSA is uniquely positioned to lead this effort for the profession, since we are the profession. The CSCL is an example of how ISSA is enabling cybersecurity professionals to drive their own destiny,” said Frances “Candy” Alexander, GRC consultant for Towerwall and a member of the ISSA board of directors.

ISSA is not the only organization looking to bridge the cybersecurity workforce gap. Earlier this month, the (ISC)² Foundation and the University of Phoenix published a report detailing the challenges posed by the shortage of professionals. The report also provides recommendations on how the situation can be addressed.


Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies

Application Security

Hack The Box Raises $55 Million in Funding Round Led by Carlyle

Management & Strategy

Neurodivergence, by its name, implies a different way of thinking. The question we wish to examine is whether the inclusion of this neurodiversity can...

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.

Management & Strategy

The US government’s 120-day Cybersecurity Apprenticeship Sprint has come to an end. The initiative has resulted in more than 190 new cybersecurity programs and...

M&A Tracker

Security awareness training company KnowBe4 will go private after being acquired by Vista Equity Partners for roughly $4.6 billion in cash.KnowBe4 first announced receiving...


Faced with the daily barrage of reports on new security threats, it is important to keep in mind that while some are potentially disastrous,...