A recent study conducted by consulting firm Frost & Sullivan estimated that the number of security professionals was around 2.25 million globally in 2013, but market indicators show the need for as many as 4.25 million security professionals by 2017, representing the potential for a 47% shortage in qualified personnel.
Cisco estimates that currently as many as 1,000,000 security positions remain vacant, and other research indicates that 62% of organizations do not plan to increase security training in 2014, further compounding a cybersecurity skills-gap that makes recruiting and retaining personnel with the prerequisite expertise needed to safeguard critical systems and sensitive information increasingly difficult for both the public and private sectors.
In response, ISACA announced at its North America CACS conference it has launched the Cybersecurity Nexus (CSX) program, developed in collaboration with chief information security officers and cybersecurity experts from leading companies, in an effort to provide a central location to provide cybersecurity research, education, guidance, and certifications.
“Several universities have good cybersecurity programs in place, but even these are not enough. With every employee and endpoint at risk of being exploited by cybercriminals, security is everyone’s business,” wrote Tony Hayes, International President of ISACA and the IT Governance Institute.
“At the root of ISACA’s new, comprehensive CSX program is the knowledge that there is a great need to make cybersecurity education and ongoing training as accessible as possible to the next generation of defenders and those already in the field.”
The CSX program highlights ISACA’s ongoing collaboration with organizations including the National Institute of Standards and Technology (NIST) and European Union Agency for Network and Information Security (ENISA), and marks the first time in its 45-year history that ISACA will offer a security-related certificate.
“Security is always one of the top three items on a CIO’s mind, yet IT and computer science programs at the university level are not allocating a proportional amount of training to cybersecurity,” said Eddie Schwartz, VP of global cybersecurity at Verizon and chair of ISACA’s Cybersecurity Task Force. “Today, there is a sizeable gap between formal education and real world needs. This, in itself, is an area requiring immediate focus so that the industry can get better at detecting and mitigating cyberthreats.”
The ISACA announcement follows on the heels of (ISC)2’s launch of their Global Academic Program, which will make a wealth of educational resources freely available to academia in order to help alleviate the shortage of skilled security professionals.
The Global Academic Program provides access to products and services for higher education organizations applicable to both undergraduate and post-graduate programs which include coursework materials for domain-specific modules and practice assessments to instructional handbooks for teachers as well as textbooks for students, and will be available to any accredited institution wanting to beef up their IT security course offerings.