Advocating for the voice of cybersecurity
Clar Rosso, Chief Executive Officer at cybersecurity professional association ISC2, has helped pave the way for the growth of the cybersecurity profession through her efforts in outreach, certifications and research into cybersecurity careers.
Prior to joining ISC2 in 2020, Rosso led a long career in professional association management, working across nonprofit membership associations geared toward the accounting and finance profession.
“Even in my work there, cybersecurity was a priority,” says Rosso. “As a leader within the business, I championed security by design and our professional development team worked with a CISSP and other cyber experts to build cyber literacy throughout the accounting and finance profession.”
Since her entrance into the cybersecurity field, Rosso has completed the training for ISC2’s Certified Information Systems Security Professional (CISSP) certification, as well as earning the Certified in Cybersecurity certification. She says the business acumen and risk management skills gained throughout her career helped prepare her for her entry into cybersecurity.
“By being a business leader, having spent a lot of my career in risk management, and having frequently been involved in technology transformation projects, I walked onto the job with a solid foundation in information and system security.”
Defining cybersecurity skills
Now, at ISC2, Rosso works to represent cybersecurity professionals by constantly considering how best to serve the profession and ISC2’s more than 500,000 members, candidates and associates. The nonprofit organization provides 10 industry certifications; hosts global networking and professional development events for its members; connects members via regional chapters; and conducts career- and technical-focused outreach in academic and government institutions.
Through industry research, Rosso and ISC2 work to define challenges facing the industry and methods to strengthen the cybersecurity profession. “It became clear to us through conversations and research that one of the most important ways to impact the cybersecurity workforce gap is to drive more people into the profession at the entry level,” says Rosso.
According to Rosso, accomplishing that goal has involved making a strong commitment to diversity, equity and inclusion (DEI), as well as creating the Certified in Cybersecurity (CC) certification geared toward entry-level cybersecurity professionals. As part of their efforts to expand the cyber workforce, ISC2 announced it would give away free education and CC exams to one million people interested in cybersecurity careers. Since opening enrollment for the program in September 2022, more than 260,000 people enrolled in the program, and more than 26,000 people have earned the CC certification.
“Having fair, valid, reliable, globally recognized and accredited certifications in cybersecurity is hugely valued by the marketplace, and really important in ensuring that we have qualified people doing this work that directly impacts our economic and national security,” says Rosso.
“I love cybersecurity professionals. These are people who are working 24/7, but their willingness to volunteer and give back is just astounding.”
— Clar Rosso
Measuring progress in the cybersecurity profession
In addition to ISC2’s certification programs, the nonprofit is known for its annual Cybersecurity Workforce Study, which surveys thousands of cybersecurity professionals about the state of the cyber workforce.
“Historically, the workforce study has really been used to demonstrate whether the supply meets the demand for cybersecurity professionals,” says Rosso. “Last year, we learned our demand for cybersecurity professionals is about three and a half million unfilled roles, and at the same time we learned that 95% of organizations with 100 or fewer employees have no information systems security professionals at all.”
The workforce study reports on more than the cybersecurity workforce gap — the report also identifies factors that contribute to and stem from the global lack of cybersecurity professionals, such as hiring and retention challenges.
“We dug in to find out what are the cultural aspects of organizations that make people want to stay, and what are those things that make them run for the exits,” says Rosso. “We identified that it was important for folks to be listened to by their leaders, and for the cybersecurity team to have a voice at the table and help define the direction of the organization’s efforts.”
Influencing cybersecurity locally & globally
ISC2 strives to help cybersecurity professionals gain influence in organizational leadership in a number of ways. The nonprofit hosts live events each year geared toward networking and professional development, such as the annual ISC2 Security Congress, and focuses on creating opportunities for cybersecurity professionals to step into leadership roles in their organizations and communities. A global organization, ISC2 members effect change on a local level through chapters.
“I love cybersecurity professionals,” Rosso says. “These are people who are working 24/7, but their willingness to volunteer and give back is just astounding, and we see that most clearly through our chapters.”
ISC2 has more than 150 chapters around the globe focusing on the specific challenges and goals of each region. “They do everything from charitable fundraising to helping skill and leadership development for existing professionals and leading team-building exercises. They also work with local academic institutions to support them with their needs, whether as advisory council members, adjunct professors, or going to career fairs and talking about cybersecurity with students about to enter the workforce,” says Rosso.
On a global level, ISC2 prioritizes advocating for the voice of cybersecurity professionals with policymakers and government institutions. As national and international bodies look to regulate cybersecurity, data privacy and artificial intelligence, the voice of cybersecurity industry leaders can help inform policy that serves the field, rather than hindering it.
“Over the past couple of years, the interest in cyber regulation has become very prolific across the globe. We think a cybersecurity professional’s time is best spent on securing their organizations, information and systems, and not struggling to comply with newly differentiated regulations across the globe. One of the most important things we do is give voice to more than 500,000 diverse security professionals across the globe. Among the issues we advocate for is the harmonization of standards because cybersecurity is borderless,” Rosso says.
In a borderless profession, Rosso strives to unite cybersecurity professionals and create standards of certification through ISC2 that help organizations around the world recognize the value of and need for cybersecurity. As regulations and cybersecurity threats evolve, advocating for the voice of the cybersecurity professional is a critical step in ensuring a secure future.