A nonprofit organization for infosec pros has launched an initiative that aims to close the widening workforce gap and educate security practitioners on career advancement opportunities.
On Thursday, the Cybersecurity Career Lifecycle (CSCL) program was introduced by the Information Systems Security Association (ISSA), providing a framework to designate the five career stages of security professionals.
The program will help those in varying stages in their careers by showing them “where they are in their career, where they want to go, and how to accelerate their growth,” ISSA said in a release.
The five career stages encompass “pre-professionals” (meaning students or young adults), entry level workers, mid-career professionals, and individuals in senior and executive level roles.
“The information security profession, which evolved largely in reaction to threats, is now paying the price of an entire ‘missing generation,'” an ISSA release said, later citing a Bureau of Labor Statistics prediction that the cybersecurity field will experience a 22 percent growth in employment by 2020. A 2013 (ICS)2 Cybersecurity Jobs Report determined that around 300,000 cybersecurity jobs are vacant in the U.S.
To fill the growing demand, the CSCL framework explains required knowledge, skills and aptitudes (KSAs) needed to succeed and advance in a cybersecurity career, ISSA said. In addition, the program offers an assessment tool offering individuals skills and career analysis, in order to recommend a career path based on their skills and interests.
In a Friday interview with SCMagazine.com, Candy Alexander, a member of ISSA's international board of directors, said that, along with providing a road map for millennials interested in entering the field, the framework provides guidance for adults looking to make a career change, particularly veterans.
“It's going to help fill the gap by assisting individuals in navigating through their career,” Alexander said. She later added that the CSCL program will help highlight workers' strengths and weaknesses, as well as their passion.
CISOs and security experts at private companies, agencies and academic institutions, contributed to the development of the CSCL's first phase. The CSCL assessment tool will be the focus of the program's second phase and will initially be available to ISSA members.
“When we talk about the executive level many people think of the CISO, but we don't want to just limit [executive level positions] to the CISO,” Alexander said. “We have people that have been at the top of their game for awhile, for 10 or 20 years, and they are not CISOs. They may be chief scientists in the research area or a chief security architect, which lays out what the network and topology should look like. We've identified the skills, knowledge and aptitude for each phase of the lifecycle and what that means.”
An annual study by Raytheon polls millennials on their interest in, and knowledge of, cybersecurity careers. This year's study, released earlier this month, showed that nearly 40 percent of respondents had a greater interest in a career that would make the internet safer than they did 12 months ago. But participants lacked understanding of career opportunities available to them.
In the study, nearly two-thirds of the respondents said they didn't know what the cybersecurity profession was.