Nonprofit Takes On Cybersecurity Skills Shortage

ISC2, a nonprofit that specializes in training and certifications for cybersecurity professionals, hopes to make a dent in the ongoing cybersecurity skills shortage with its new Professional Development Institute (PDI).

Provided as a free portfolio of course offerings to its more than 140,000 members and associates globally, the institute aims to enhance their skills and abilities. Courses also are available for a fee to non-members and the general public.

Wesley Simpson, ISC2’s chief operating officer, tells us the skills shortage means cybersecurity professionals are asked to be “Jacks and Jills of all trades, and must be knowledgeable in a wide array of evolving cybersecurity issues.”

ISC2’s Wesley Simpson

“While continuing education doesn’t ‘solve’ the shortage itself, it arms these men and women with more up-to-date skills to be able to identify the new tools, strategies and threats they are dealing with on a daily basis in order to improve the security posture of the organizations they work for or with, and helps them to advance in their careers,” he said. “This is especially important in the context of MSPs. As organizations struggle to find full-time cybersecurity staff to hire, many prefer to enlist the services of a partner to guide their cybersecurity programs. Demonstrating up-to-date knowledge of technologies and the threat landscape can be a differentiator for MSPs in earning the trust of a partner or client.”

The nonprofit’s members and associates represent all types of organizations across industries, private and public sectors, direct and indirect sales, and large and small businesses.

The multiyear strategy includes adding 18 new staff during the next two years, joining the more than 160 existing global employees of the association. The nonprofit also will build out a video production studio in its Clearwater, Florida, headquarters to produce content for courses featuring leading cybersecurity professionals.

PDI builds on the successful 2018 pilot launch of three professional development courses. Topics included General Data Protection Regulation (GDPR) for security professionals, DevSecOps and building a strong culture of security. Focus groups and member surveys provided insight into the professional development needs of security professionals and the results have and will continue to inform PDI’s curriculum strategy.

“Certification is a great way for organizations to understand the caliber of cybersecurity professional they are hiring or who is on their staff, and certifications like the Certified Information Systems Security Professional (CISSP) are highly regarded for their rigor,” Simpson said. “However, certification should be viewed as one step along a cybersecurity knowledge journey, not a destination. The threats and challenges facing our industry, as well as the innovations to combat them, are constantly changing, and continuing education is critical to understanding this evolving landscape and how to defend the digital assets of an organization.”

“There has been demand from ISC2 members for a wide array of professional development opportunities for education and continuing professional education (CPE) purposes,” said James McQuiggan, product and solutions security officer at Siemens Gamesa Renewable Energy, and ISC2 Central Florida Chapter president and advisory council North America member. “I had the honor and pleasure to provide guidance for the content of one of the initial courses and shared my experience and expertise in its development, because I agree with the focus on practical application of security principles. Many of us who are ISC2 certification holders need opportunities like PDI to stay educated and up to speed on the latest threats, techniques and tools.”