The (ISC)² Security Congress 2022 is one of the premier cybersecurity events of the year, where thousands of industry leaders gather in person and virtually to network, share insights and shape the future of the cybersecurity landscape. The event was held from October 10th to the 12th in Caesars Palace, Las Vegas.
This year’s (ISC)² Security Congress hangs on the theme “Empower,” as (ISC)² CEO Clar Rosso stated during the opening session. The Security Congress event is about (ISC)² helping to empower the industry to strengthen the efforts against bad actors, helping everyone to secure their security posture and systems more effectively, and driving a more successful digital transformation.
Empowering The Digital Landscape by Closing the Skills Gap
The first day of the event began with Clar reminding everyone of the power of community. We are more powerful as a unit. By pooling resources, the cybersecurity landscape may facilitate "a more safe and more secure cyber environment." She noted that cybersecurity has emerged as a major issue throughout the globe. Once a premium luxury only governments and multinational corporations could afford, it is now a necessity for all businesses and households.
"It has been dreadfully under-resourced for far too long, despite the importance of the issue,” Clar plead. Nevertheless, authorities are beginning to see the severity. They're having in-depth discussions about cybersecurity with the key players of the industry, which hasn't happened previously. The more pressing concern today according to Clar is the existing skills gap and talent pool. Everyone in the landscape wants to know, "What do we need to do to train competent individuals who can contribute to the teams?"
She argued that greater schooling and "good, cautious, realistic wise public policy" were required. The cybersecurity industry, which Clar estimates are lacking 3.4 million skilled workers, "needs a new style of thinking," she added. This calls for concerted efforts to bring about change, forge novel entry points into the sector, and attract candidates from beyond the norm.
Career-changers, both from within and outside of a company, have valuable experiences and insights to offer. The industry needs to recruit at all levels, from interns to chief information security officers.
As Clar phrased, the (ISC)² is providing solutions to empower the next generation of cybersecurity professionals, who will play a vital role in bringing about this shift. The company is now providing a free foundational certification called “Certified in Cybersecurity.” About 60,000 people around the world have participated in the pilot since it began in January. More than 20,000 people have enrolled in the tests. And more than 7,000 students have already completed the exam.
Empower Women's Role in the Digital Trust Industry
Another unique highlight for the day was the session held by speaker Mari Galloway, the CEO and founding board member of the non-profit Women’s Society of Cyberjutsu. The cybersecurity and privacy business (so-called “digital trust industry”) has identified the issue of ongoing human resources deficit (particularly, the dearth of women). Potential candidates like students and job seekers aren't as interested in working in the sector since they don't have as much background knowledge and as many connections in the industry.
Mari reflected on what she went through before the establishment of the organisation. Frustration was the first step. She’d started working as a network engineer. To paraphrase, “I was like, yes, I’m going to be the best network engineer ever. I was almost two months in, and I couldn’t stand it. I was seriously considering quitting my job. The only woman there was me. My manager wanted me to be the secretary and prepare meeting slides because I was the only minority on my team. Mari recounted, “And I was like, sure, I don’t want to do that.”
Soon after, she started taking an interest in cybersecurity and acquired a CISSP. She failed the test the first time she took it and decided to talk to a friend about it, who suggested she join a study group. Then she realised other women are also taking this course because they want to further their education in this landscape, become hackers, and do all these great things. As they say, “the rest is history.”
The first day of this year's (ISC)² Security Congress was dominated by discussions on the subject "Empower," which is fitting given the importance of the topic. It's time for all of the industry's top dogs to get together and figure out how to work together to fill the void in the skills that the current talent pool has created. My humble take on the word "Empower" is that, as Mari confirms, the cybersecurity landscape is open to a diversity of talent.