ISACA launches cyber-security skills programme

IT association ISACA launches Cybersecurity Nexus programme to help address the security skills shortage

Global IT association ISACA has launched its Cybersecurity Nexus (CSX) programme to help address the global security skills shortage.

According to the Cisco 2014 Annual Security Report, more than one million positions for security professionals remain unfilled around the world.

CSX is aimed at helping IT professionals with security-related responsibilities to “skill up” and providing support through research, guidance and mentoring.

A recent ISACA survey found that 62% of organisations have not increased security training in 2014, despite 20% of enterprises reporting they have been hit by advanced persistent threats.

“Unless the industry moves now to address the cyber-security skills crisis, threats such as major retail data breaches and the Heartbleed bug will continue to outpace the ability of organisations to defend against them,” said Robert Stroud, ISACA international president-elect.

CSX is designed as a comprehensive programme that provides expert-level cyber-security resources tailored to each stage in a cyber-security professional’s career.

The programme includes career development resources, frameworks, community and research guidance, such as Responding to Targeted Cyberattacks and Transforming Cybersecurity Using COBIT 5.

There is also a Cybersecurity Fundamentals Certificate that is aimed at entry level information security professionals with zero to three years of practitioner experience.

The CSX program marks the first time in its 45-year history that ISACA will offer a security-related certificate.

The certificate is for people just coming out of college and for career-changers now getting into IT security. The foundational level is knowledge-based and covers four domains:

  • Cybersecurity architecture principles
  • Security of networks, systems, applications and data
  • Incident response
  • Security implications related to adoption of emerging technologies
  • The exam will be offered online and at select ISACA conferences and training events beginning this September.
  • The content aligns with the US NICE framework and was developed by a team of about 20 cyber-security professionals from around the world.
  • ISACA plans to add more to the CSX programme, including: A cybersecurity practitioner-level certification with the first exam in 2015, Cybersecurity Training courses, SCADA guidance and digital forensics guidance.

A recent global poll of members of ISACA student chapters shows that 88% of the ISACA student members surveyed say they plan to work in a position that requires some level of cybersecurity knowledge.

However, fewer than half say they will have the adequate skills and knowledge they need to do the job when they graduate.

“Security is always one of the top three items on a CIO’s mind, yet IT and computer science courses at university level are not allocating a proportional amount of training to cybersecurity,” said Eddie Schwartz, chair of ISACA’s Cybersecurity Task Force.

“Today, there is a sizeable gap between formal education and real world needs. This, in itself, is an area requiring immediate focus so that the industry can get better at detecting and mitigating cyber threats,” he said.

According to Tony Hayes, ISACA international president, enterprises cannot rely on just a handful of universities to teach cybersecurity.

“With every employee and endpoint at risk of being exploited by cyber criminals, security is everyone’s business. We need to make cybersecurity education as accessible as possible to the next generation of defenders,” he said.

Read more on Hackers and cybercrime prevention