By Sari Greene
Sari Greene is an information security practitioner and entrepreneur. She is the author of Security Program and Policies: Principles and Practices, 2nd Edition and The CISSP Complete Video Course.
What keeps me up at night isn’t the threat actors or the cybercriminals, the newly identified exploit, or even the prospect of every “thing” having an IP address. My worry is the frightening lack of qualified cybersecurity leadership. We need professionals with critical thinking skills and risk-based reasoning. Women and men who can educate, motivate, mentor, and inspire. Dedicated, committed, and passionate individuals who recognize that cybersecurity is about protecting our companies, our communities, and our countries from those who seek to do us harm as well as the mundane accidental or inadvertent consequence of every day actions.
How Big is the Problem?
A Rand Corporation study estimates there are around 1,000 top-level cybersecurity experts globally vs. a need for 10,000 to 30,000.
More than 209,000 cybersecurity jobs in the U.S.A. are unfilled and postings are up 74-percent over the past five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics. The demand for information security professionals is expected to grow by 53 percent through 2018.
2015 PwC US State of Cybercrime Survey asked whether organizations have the expertise to address cyber-risks associated with implementation of new technologies and only 26-percent said they have capable personnel on staff.
This Is Not About IT
The cybersecurity leadership shortage isn’t just sheer numbers nor is it a technology issue. The challenge is to fill cybersecurity positions with people who can align cybersecurity and organizational objectives and more importantly, who can effectively communicate those objectives to a diverse population. In addition to information systems professionals, we should be encouraging people of all ages with experience in law, finance, compliance, audit, engineering, education, law enforcement, and the military to join the ranks of cybersecurity professionals. Once we’ve attracted the talent, we need to expediently transition professionals from other disciplines into the realm of cybersecurity. And we need to know they’re ready to take on the task.
CISSP Certification is the Gold Standard
The (ISC)2 CISSP certification is the globally recognized gold standard for cybersecurity professionals. According to research published by BurningGlass, in 2014 there were nearly 50,000 postings for workers with a CISSP (Certified Information Systems Security Professional) credential. BurningGlass estimates that amounts to three-quarters of all the people who hold that certification in the United States—and presumably most of them already have jobs
Earning a CISSP certification requires documented applicable experience and demonstrated knowledge. The CISSP exam has long been derided as being a mile wide and an inch deep. The examination poses 250 questions that span across eight security domains ranging from governance and risk management to software development. In my opinion, that is exactly the reason it is the right exam and the right certification for the next generation of cybersecurity leadership.
This interdisciplinary approach requires that the CISSP candidate study topics that may be outside of their comfort zone or area of interest. Most candidates start their certification journey being intimately familiar with two or three security domains, moderately familiar with two or three, and unfamiliar with the rest. Studying for the CISSP exam forces candidates to learn and correlate concepts that may otherwise go unknown and unnoticed. The result is a holistic rather than myopic understanding of cybersecurity security objectives. And the learning process doesn’t end with the exam. Maintaining a CISSP certification requires ongoing continuing education across domains.
Paths to Preparation
There are a variety of study options available. Candidates should choose a study option that matches their learning style and is designed to truly enhance their cybersecurity knowledge and understanding; not just regurgitate exam answers.
Having a study plan and sticking to it is critical. But going it alone can be difficult. Fortunately, there are (ISC)2 Chapters around the world that provide an opportunity to build a local network of peers. Chapters welcome CISSP candidates and many offer mentoring programs.
A Career with a Purpose
Cybersecurity is a career with a purpose. It is so much more than a paycheck. It is a chance to really make a difference. Cybersecurity leaders influence decisions that impact individual privacy, critical infrastructure service availability, economic prosperity and global security. Whatever the interest – from a small nonprofit to a multinational corporation, jobs are waiting for the right leader.
Start Preparing for the Exam with Safari
The CISSP Complete Video Course contains 24+ hours of training with content divided into 9 lessons with 94 video sub-lessons. The videos consist of live trainer discussions, screencasts, animations, and live demos. The video lessons in this course review each exam objective so you can use this course as a complete study tool for taking the CISSP exam. It also includes plenty of end-of-lesson quizzes and a full practice exam.