www.infosecurity-magazine.com
Open in
urlscan Pro
18.66.248.31
Public Scan
Submitted URL: https://links.e.rsaconference.com/els/v2/XX4-hDaPXZJE/Zko3QWJsUXpOV3dqcWFUSFBLL00vMGVlQkU5VjhEMWY5NlUvZWlpUXU0dWRHcDRSSjRTU1krNFdm...
Effective URL: https://www.infosecurity-magazine.com/interviews/interview-isc2s-ceo-human-element/
Submission: On May 26 via api from US — Scanned from DE
Effective URL: https://www.infosecurity-magazine.com/interviews/interview-isc2s-ceo-human-element/
Submission: On May 26 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Infosecurity Group Websites
*
* Magazine
* Events
* Infosecurity Europe
* Infosecurity Leadership Summit
* Infosecurity Magazine Events
* Infosecurity North America
* Infosecurity Netherlands
* Infosecurity Belgium
* Infosecurity Russia
* Infosecurity Mexico
* Infosecurity Middle East
* Insight
* Infosecurity Webinars
* Infosecurity Whitepapers
* Infosecurity Online Summits
* Log In
* Sign Up
* ×
search
* News
* Magazine Features
* Opinions
* News Features
* Interviews
* Editorial
* Blogs
* Reviews
* Slackspace
* Next-Gen Infosec
* Webinars
* White Papers
* Podcasts
* Industry Events & Training
* Magazine Events
* Online Summits
* Company Directory
* Application Security
* Automation
* Big Data
* Business Continuity
* Cloud Security
* Compliance
* Cybercrime
* Data Protection
* Digital Forensics
* Encryption
* Human Factor
* Identity Access Management
* Industry Announcements
* Internet Security
* Malware
* Managed Services
* Mobile Security
* Network Security
* Payment Security
* Physical and Information Security Convergence
* Privacy
* Risk Management
* The Internet of Things
* Infosec Blog
* Log In
* Sign Up
Latest
* Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader
* Three-quarters of Security Pros Believe Current Cybersecurity Strategies Will
Shortly Be Obsolete
* State of Cybersecurity Report 2022 Names Ransomware and Nation-State Attacks
As Biggest Threats
* Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of
Exploited Flaws
* 18 Oil and Gas Companies Take Cyber Resilience Pledge
*
* News
* Topics
* Features
* Webinars
* White Papers
* Podcasts
* Events & Conferences
* Directory
* Search
* ×
search
Infosecurity Magazine Home » Interviews » Interview: (ISC)2's CEO Discusses
Cybersecurity's Human Element
6 May 2022 Interview
INTERVIEW: (ISC)2'S CEO DISCUSSES CYBERSECURITY'S HUMAN ELEMENT
JAMES COKER REPORTER, INFOSECURITY MAGAZINE
* Follow @ReporterCoker
Thankfully, the cyber skills gap is a topic receiving a growing amount of
attention, and given the urgency of the situation, rightly so. It also features
heavily in the UK government’s recent national cyber strategy, published at the
end of last year. However, the shortfall of skilled workers in the industry
remains critical, with the (ISC)2’s most recent Cybersecurity Workforce
Study finding it is 65% below what it needs to be.
It’s a problem requiring both long and short-term solutions, and these are at
the heart of the raison d’etre of (ISC)2, a professional association
specializing in training and certifications for cybersecurity professionals.
Recently, Infosecurity met with the association’s CEO Clar Rosso at (ISC)2’s
office in Mayfair, in the heart of London, UK, to discuss tackling the cyber
skills gap in addition to other pertinent topics in the field, including the
impact of the Russia-Ukraine conflict on the cyber-threat landscape.
BOOSTING THE TALENT PIPELINE
Rosso, who was appointed to her current post in October 2021, outlined several
new initiatives the (ISC)2 is taking to boost the pipeline of skilled workers in
the industry. One of these is its Entry-Level Cybersecurity Certification,
“which will help demonstrate that an individual has an aptitude for moving into
a cybersecurity career.” Rosso revealed that the certification’s exam is being
piloted and a full launch is planned this summer.
In conjunction with the new certification, (ISC)2 is working with employers to
help ensure entry-level cybersecurity professionals are able to work
independently in paid roles as soon as possible. This is an attempt to deal with
the ‘chicken and the egg’ situation that permeates the sector – whereby
employers generally only employ those who already have significant work
experience. “They want them to come into the profession fully experienced, and
that’s a problem – where are they going to get that experience?” explained
Rosso.
(ISC)2’s entry-level certification is part of a broader initiative to make it
easier for youngsters to develop their technical skills or for those working in
other industries to retrain in cybersecurity. Developing these alternative
routes into the sector will undoubtedly be critical in closing the skills gap,
and Rosso has observed some positive recent signs in this direction. She noted
that new recruitment practices are starting to take hold in many organizations,
whereby a greater emphasis is being placed on soft skills, such as problem
solving and communication, above technical qualifications. For example, she
observed that recruiters increasingly attend cybersecurity competitions to watch
the participants in action. “They don’t focus on interviewing them; they watch
and see whether they’re demonstrating those kinds of non-technical skills –
analytical thinking, problem-solving and ability to communicate – and hire them
based on that alone,” said Rosso.
Clar Rosso, CEO, ISC(2)
Rosso herself came into the sector through an unorthodox route – following a
lengthy career in accounting and finance. Despite the lack of technical
knowledge, she quickly found significant similarities between the two sectors,
particularly in areas like risk management and compliance. This experience and
perspective are likely to prove invaluable as the relatively young cybersecurity
industry matures. This includes how it is regulated, which is an area of focus
for the recently formed UK Cyber Security Council. For instance, “the model used
to govern accountancy in the UK would be one to think about if we do move
forward with chartering individuals in cybersecurity,” stated Rosso.
KEEPING CERTIFICATIONS RELEVANT
To help improve her technical skills and knowledge, Rosso is currently
undertaking (ISC)2’s renowned Certified Information Systems Security
Professional (CISSP). At a time when the relevance of certifications in the
sector is increasingly being questioned, Rosso argued that qualifications like
CISSP continue to play a significant role by providing “an extra level of
confidence” to employers about an individual’s capabilities following their
earlier education pathway.
Nevertheless, Rosso said (ISC)2’s approach to certifications is evolving to
ensure it remains relevant. This includes marrying qualifications together more
with other educational pathways such as university degrees “so they’re not
looked at as separate paths but as complementary things.” She pointed out that
certifications are already embedded in many relevant university courses in the
US, and this is an area now being actively explored in the UK, particularly with
the new entry-level certification.
Another essential means of closing the cyber skills gap is making the sector
more diverse in areas like neuro, ethnicity and gender. This is also vital in
improving the quality of the cybersecurity profession, as “the more diverse
teams you have, the better they are at solving problems.”
Rosso acknowledges that lack of diversity is a particular issue at (ISC)2, where
only around 9% of its members are women. This is despite the accreditation body
estimating that females make up 22-24% of the global cyber workforce, a figure
which, while improving, remains too low in itself. She believes the even lower
female representation in industry associations like (ISC)2 could be due to not
seeing enough people who look like them in those organizations and attending
their events. Indeed, Rosso admitted she was taken aback by the lack of female
attendees at the (ISC)2 Secure London conference last month. “You have to have a
programmed effort so that when new people are coming into the organizations,
they can connect with others and feel welcome,” she noted.
> “You have to have a programmed effort so that when new people are coming into
> the organizations, they can connect with others and feel welcome”
CYBER IMPLICATIONS OF RUSSIA-UKRAINE
One topic that simply has to be mentioned at the moment is the ongoing
Russia-Ukraine conflict, and this context, its implications for the global
cyber-threat landscape. One observation made by Rosso is that certain
cyber-threats emanating from the crisis may not be public knowledge due to
intelligence services withholding the information for security reasons.
Therefore, she believes that government agencies need to be more forthcoming
with providing such information in the future. “That creates a huge risk for
businesses, and at some point, we need to talk about that,” outlined Rosso.
“Just like the government wants businesses to report breaches, the government
needs to help businesses understand their risks.”
(ISC)2 also recently surveyed its members about their biggest concerns relating
to Russia’s invasion of Ukraine, producing some interesting findings. The
biggest fear outlined by participants was the immediate threat to critical
infrastructure and essential supply chains, which could potentially put lives at
risk throughout the world. This was followed by a lack of preparedness to combat
attacks on critical services and data loss/ability to do business.
Rosso found the next three concerns listed by the respondents especially
noteworthy. In fourth place was precedent, with cybersecurity professionals
predicting that cyber warfare tactics will become the global norm, affecting all
types of organizations. “I think there is agreement that this is going to become
the global norm, and we’re going to have to figure out how we deal with it,” she
stated.
In fifth was opportunism, with a number of cybersecurity professionals
foreseeing cyber-criminals using the attention placed on the conflict to sneak
through attacks undetected. The final and “most sobering” concern was not to
lose sight of the human cost of the conflict, remembering that the real damage
of the war is not being caused by cyber-attacks but by weapons. A respondent
from Ukraine summed up this sentiment: “Right now all our services are under
physical attack, so cyber-attacks in comparison with physical [destruction] of
our infrastructure and people [takes] second place.”
The discussion concluded with Rosso revealing what she believes is the sector’s
biggest challenge over the coming years. Perhaps unsurprisingly, this focuses on
the human element, addressing the human-technology tension. She believes many
people see technology alone as the “magic pill” to cyber-threats, which is a
dangerous mindset to have. “Technology is only going to be as good as the people
using it or the people providing input into it,” she emphasized. “So the
solution involves technology but it also involves people.”
The importance of focusing on people, despite the technical nature of
cybersecurity, was a constant theme of Infosecurity’s conversation with Rosso.
This is something industry professionals should not lose sight of as we prepare
for an era of unparalleled technical advances, such as artificial intelligence
and quantum. Such technologies will only be a force for good with the right
personnel and skillsets at the helm.
Related to This Story
* #CCSE22: The Latest Cybersecurity Workforce Trends
* #PrideMonth: Charles Britt Discusses LGBTQ Representation in Cyber
* Is the "Cyber Skills Shortage" a Misnomer?
* #BSidesSF2019: We Must Question Unintentional Biases to Fix the Cybersecurity
Diversity Gap
* Cyber Scholarship to Build Multicultural Workforce
WHAT’S HOT ON INFOSECURITY MAGAZINE?
* Read
* Shared
* Watched
* Editor's Choice
1
8 Jul 2021 News
NEW PRINTNIGHTMARE PATCH CAN BE BYPASSED, SAY RESEARCHERS
2
8 Jul 2021 News
CYBERCRIME COSTS ORGANIZATIONS NEARLY $1.79 MILLION PER MINUTE
3
8 Jul 2021 News
CTOS KEEPING QUIET ON BREACHES TO AVOID CYBER BLAME GAME
4
7 Jul 2021 News
OVER 170 SCAM CRYPTOMINING APPS CHARGE FOR NON-EXISTENT SERVICES
5
7 Jul 2021 News
MOST INSIDER DATA BREACHES AREN'T MALICIOUS
6
7 Jul 2021 News
KREMLIN HACKERS REPORTEDLY BREACHED REPUBLICAN NATIONAL COMMITTEE
1
26 May 2022 News
18 OIL AND GAS COMPANIES TAKE CYBER RESILIENCE PLEDGE
2
26 May 2022 News
MULTI-CONTINENTAL OPERATION LEADS TO ARREST OF CYBERCRIME GANG LEADER
3
26 May 2022 News
THREE-QUARTERS OF SECURITY PROS BELIEVE CURRENT CYBERSECURITY STRATEGIES WILL
SHORTLY BE OBSOLETE
4
26 May 2022 News
STATE OF CYBERSECURITY REPORT 2022 NAMES RANSOMWARE AND NATION-STATE ATTACKS AS
BIGGEST THREATS
5
25 May 2022 News
ORGANIZATIONS URGED TO FIX 41 VULNERABILITIES ADDED TO CISA’S CATALOG OF
EXPLOITED FLAWS
6
25 May 2022 News
MESSAGES SENT THROUGH ZOOM CAN EXPOSE PEOPLE TO CYBER-ATTACK
1
8 Jul 2021 Webinar
OVERCOMING 'SHADOW IT' NEED AND RISK
2
23 Sep 2021 Webinar
HOW TO RETHINK END-USER PROTECTION AND ELIMINATE PHISHING AND RANSOMWARE
3
21 Oct 2021 Webinar
MACHINE ID MANAGEMENT AND DIGITAL TRANSFORMATION: BUILDING A SECURE FUTURE
4
16 Sep 2021 Webinar
NEW STRATEGIES FOR MANAGING MACHINE IDENTITIES
5
7 Oct 2021 Webinar
THIRD-PARTY VULNERABILITIES: DEMYSTIFYING THE UNKNOWN
6
24 Jun 2021 Webinar
DEFINING THE ZERO TRUST AND SASE RELATIONSHIP
1
14 Feb 2022 Digital Edition
INFOSECURITY MAGAZINE, DIGITAL EDITION, Q1, 2022, VOLUME 19, ISSUE 1
2
24 Feb 2022 Webinar
HACKERS ARE STRIKING GOLD WITH YOUR EMPLOYEES' PII
3
3 Feb 2022 Podcast
INTOSECURITY CHATS, EPISODE 8: BRIAN HONAN, BROUGHT TO YOU BY HP
4
14 Feb 2022 News Feature
AS NATION-STATE AND CYBERCRIME THREATS CONFLATE, SHOULD CISOS BE WORRIED?
5
14 Feb 2022 Editorial
EDITORIAL: ONLY THE GOOD DIE YOUNG (Q1 2022 ISSUE)
6
17 Mar 2022 Webinar
THE JOURNEY BEYOND THE ENDPOINT
* The Magazine
* About Infosecurity
* Subscription
* Meet the Team
* Contact Us
* Cookies Settings
* Advertisers
* Media Pack
* Contributors
* Forward Features
* Op-ed
* Next-Gen Submission
* Copyright © 2022 Reed Exhibitions Ltd.
* Terms and Conditions
* Privacy Policy
* Intellectual property statement
* Cookie Policy
* Sitemap
*
Please wait…
COOKIE PREFERENCE CENTRE
We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.
You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.
Cookie Policy
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.
Cookies Details
UNCATEGORISED COOKIES
Uncategorised cookies
Uncategorised cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
Cookies Details
Confirm My Choices
Back Button
Back
PERFORMANCE COOKIES
Vendor Search Search Icon Filter Icon
Clear Filters
Information storage and access
Apply
Consent Leg.Interest
All Consent Allowed
Select All Vendors
Select All Vendors
All Consent Allowed
* HOST DESCRIPTION
View Cookies
REPLACE-WITH-DYANMIC-HOST-ID
* Name
cookie name
Confirm My Choices
We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy
Accept All Cookies
Cookies Settings