Historically there has been a shortage of college and university-level education programs focused on the knowledge, skills and competencies required for effective management of corporate security risk-related activities.
According to a Security magazine poll, the Certified Protection Professional (CPP) certification from ASIS International is at the top of 30% of security leaders’ lists of what certifications they plan to obtain this year. The CPP was closely followed by the CISSP (Certified Information Systems Security Professional, from (ISC)2).
Cybersecurity is not a low-skill field. It requires general IT knowledge, specialist cybersecurity certifications, and, sometimes, knowledge about particular industry sectors such as finance and health. We need talented, skilled professionals to meet the demand. And we don’t need them in a few years – we need them now. How do we get enough people in the pipeline to meet the growing need?
Today’s center of gravity in cybersecurity is shifting, pulling the skills and experience of cyber defenders in new directions. In most companies, this situation has led to a convergence of responsibilities between physical security, information security and cybersecurity teams, and an increased commitment to “staffing-up” of dedicated “cyber defenders.”
There have been volumes written about the role of the CSO and how to gain a seat at the table in the C-suite. A relatively small number of CSOs have been able to convince their management that the CISO should be under their purview, citing the inherent mission conflicts that exist when the CISO reports to the CIO.
Analyzing the background of security leaders across the corporate security and risk management landscape, it is not surprising to see that a significant percentage of them have come from the public sector.