There’s a saying in journalism: Everyone needs an editor. That’s not because reporters are bad writers, but rather because they’re too close to the story. They need some outside perspective.
The same may be true of cybersecurity professionals. Their own experience and knowledge of the market — which is exactly what makes them so valuable — might also sometimes be what keeps them from recognizing new approaches to solve problems.
“I am a rule follower, but I'm not going to follow the rules if somebody tells me this is the only path to get something done,” said Clar Rosso, CEO of (ISC)2. She joined the non-profit organization specializing in training and certifications for cybersecurity professionals a little more than a year ago — with limited background in cyber. What she did have, however, was experience running an association representing a market that — like cybersecurity — was facing something of a workforce crises.
Click here for full coverage of the 2022 SC Media Women in IT Security program.
“Twenty years ago, in the accounting profession, we were looking at workforce crises from a different angle: those baby boomers are going to retire, and it's going to be a cliff, and then there's going to be no CPAs,” Rosso said. “I had been saying then — you have to stop only hiring accounting majors. What are the non-technical competencies that makes somebody really successful? That's even more so with cybersecurity, because of the dynamic nature and the need to think differently about problem solving. You never want all the same kind of people at the table.”
Rosso heard over and over that the workforce needed to grow. But the paths to accomplish that were pretty well worn: encouraging STEM at a younger age; create a career to promote from within; adjust recruitment techniques to draw more applications and promote diversity. All important and spurring degrees of success.
But what about expanding the pool? (ISC)2 recently launched its Certified in Cybersecurity certification, delivering foundational knowledge, skills and abilities to take on entry- and junior-level cybersecurity roles. Rosso saw this as a means of filling a gap, nurturing a new generation of cybersecurity practitioners entering the field. During the August 2022 Cyber Workforce and Education Summit at the White House, Rosso announced a (ISC)2 pledge to certify 1 million people worldwide for free.
“We did research that described the characteristics of people who want to go into cyber and what the employers are trying to hire,” Rosso said. “They're looking for creativity and problem solving, critical thinkers, analytical thinkers, good communicators. Yes, people have a little bit of a hero complex — but for the good.
"And people wanting to do good? That is a pretty awesome profession to be working for.”