Re-Assessing the Skills GapISACA's Eddie Schwartz on Why We Need a New Strategy
Enough talk about the cybersecurity skills gap; it's time for a new strategy for filling it, says ISACA's Eddie Schwartz. The new CSX Practitioner certification is a step in the right direction, he says.
ISACA has just unveiled this CSXP certification, aimed at individuals either looking to start or re-start their careers with practical experience in information security. It's described as "the first-ever vendor-neutral, performance-based certification for cybersecurity professionals," and cybersecurity veteran Schwartz is encouraged by its potential to help organizations fill the skills gap.
"The practitioner certification is really what I consider to be the baseline certification," says Schwartz, international VP of ISACA and President/COO of WhiteOps. "It's designed to expose the candidate to a broad range of knowledge and information that's mapped to the NIST cybersecurity framework across these five domains of identify, protect, detect, respond and recover, and then put them in real-world scenarios where they're actually asked to show that they understand how to apply those competencies."
Schwartz says the new CSXP certification will be attractive both to individuals just starting their careers, as well as to those who want to make a mid-career shift into cybersecurity.
"I think this a great way to enter the field and demonstrate to prospective employers that not only have they taken a course where they've been afforded the knowledge that is comprehensive and valuable, but they've also demonstrated the skills and can hit the ground running."
In an interview about addressing the skills gap, Schwartz discusses:
- How recent breaches and emerging technologies are influencing the profession;
- Why previous approaches to the skills gap have been flawed;
- Why ISACA is the right organization to drive this new strategy.
Schwartz, CISA, CISM, is international vice president of ISACA and president and COO of WhiteOps. Previously, he was vice president and CISO for RSA. Schwartz has more than 25 years of experience in the information security field.