In an effort to address the global cybersecurity workforce gap, the Information Systems Security Association (ISSA) has launched a professional development framework.
The Cybersecurity Career Lifecycle (CSCL) program is an industry-wide initiative that defines and maps the five stages of the cybersecurity career lifecycle: pre-professional (students, young adults), entry level, mid-career, senior level, and executive level. For each of these stages, the framework defines the knowledge, skills, aptitudes and responsibilities, allowing cybersecurity professionals to identify the current stage of their career.
CSCL also provides information on how to be successful in each stage, and how to advance to a next career level. Each of the levels has multiple tracks and path options, ISSA said. The second phase of the program will focus on an assessment tool that will make career recommendations based on a skill and career level analysis.
According to ISSA, a total of 75 CISOs and experts from leading organizations across the globe contributed to the development of the framework’s first phase. “The CSCL is driven by a steering committee of industry influencers who provide guidance to task forces and assist with outreach to industry partners,” the organization said.
“Companies are having a hard time finding the security professionals with the right combination of business and technical savvy that they need to combat growing threats, and schools are not graduating enough students with the necessary skills or experience for entry-level positions,” noted Stefano Zanero, assistant professor at the Politecnico di Milano university and a member of the board of directors at ISSA. “It is imperative that we attract new talent and that new entrants, as well as those further into their careers, have a path to follow to accelerate their success. With the introduction of our Cybersecurity Career Lifecycle, we are creating a structured approach to career growth within this unique and rewarding profession.”
Recent studies have shown that there are hundreds of thousands of vacant jobs in the cybersecurity industry and experts believe the number will continue to increase as more and more major organizations suffer data breaches. According to the United States Bureau of Labor, employment in this sector will record a 22% growth by 2020.
ISSA believes that the lack of consensus when it comes to cybersecurity career definitions makes it more difficult for professionals to evolve, and for organizations to attract new entrants and hire the right people for a specific role.
“This problem cannot be addressed by one single entity, it is a global problem that the profession needs to address as a whole. ISSA is uniquely positioned to lead this effort for the profession, since we are the profession. The CSCL is an example of how ISSA is enabling cybersecurity professionals to drive their own destiny,” said Frances “Candy” Alexander, GRC consultant for Towerwall and a member of the ISSA board of directors.
ISSA is not the only organization looking to bridge the cybersecurity workforce gap. Earlier this month, the (ISC)² Foundation and the University of Phoenix published a report detailing the challenges posed by the shortage of professionals. The report also provides recommendations on how the situation can be addressed.
