With security breaches on the rise, the need for qualified, skilled cybersecurity professionals is greater than ever. Eddie Schwartz, the chairman of ISACA’s Cybersecurity Advisory Council and president and chief operating officer of WhiteOps, said there is a shortage of more than a million professionals worldwide dating back several years that must be addressed immediately.
“The gap was actually developed probably over the last 15 years or so,” Schwartz said. “Way back when, when I got started in cybersecurity, it was basically a technical field. But what happened about 15 years ago or so is the entire industry – and when I say the entire industry I mean government, financial services, critical infrastructure, everybody that cares about security – became laser-focused on compliance with regulations.
“We had the advent of the Federal Information Security Management Act (FISMA) in the government space, which was the requirement for government chief information officers to focus their budgets on compliance with regulations. We had the deregulation of financial services, which entered a whole new slew of regulations.”
What once was a highly technical field had shifted to hiring people with regulation expertise to address all the new compliance requirements around cybersecurity.
“What we had was more of a focus on governance, risk and compliance and a lessening of emphasis on technical security,” Schwartz said.
Schwartz said the watering down of the cybersecurity skill set led to the emergence of advanced persistent threats, which included the rise of nation-state attackers, cyber terrorism and the strengthening of organized terror groups.
This left a world-wide shortage of expertise in technical skills such as incident response and cyber forensics to keep up with the demand in both government and the private sector to compete with the adversaries’ innovation.
One way to close the gap is to encourage more women and younger workers to pursue a career in cybersecurity, he said. ISACA participates in events that are focused on women in technology to help them understand that cyber is an attractive field one should consider.
“We have very successful women executives in security talk about their experience,” Schwartz said. “Talk about what a rewarding field it is, about how they rose up through the ranks; whether they’re in the military, government service, private sector and the value of working in that field, in terms of what it brings to the table, the financial rewards, what it’s like from a quality of life perspective.”
Schwartz also pointed to ISACA’s certification program for those looking to get into the cybersecurity field.
“We developed this program called CSX,” Schwartz said. “And CSX is designed to take you from the very basics all the way up to eventually over the course of your career – the idea of apprentice, journeyman, master – it starts with this idea of learning the fundamentals.
“Even if you’re in high school, you can take this fundamentals program,” he said. “You learn the basic technical premises behind cybersecurity. It’s based on the National Institute of Standards and Technology (NIST) cybersecurity framework, which is generally accepted not only in the U.S., but in a lot of places around the world as a really great framework for understanding the lifecycle of cybersecurity and the threats, vulnerabilities and assets that organizations need to deal with.”
From there, Schwartz said participants then prove their hands-on skills to become a practitioner by taking a series of tests and responding to situations in a live setting using open source technical tools to “prove your way out of it,” he said.
Jason Fornicola, Director of Custom Media, Federal News Radio
Jason Fornicola joined WTOP and Federal News Radio in February of 2014 as the Director of Custom Media, where he manages the stations’ sponsored and custom content initiatives. Fornicola provides clients with access to high-quality content consistent with the stations’ standard of excellence and works to solve clients’ needs through a multi-platform approach which includes on-air, digital, video and social media. His journalism and social media experience support the stations’ efforts to ensure the client message is conveyed in a way that will achieve their marketing campaign objectives.
Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, board director of ISACA, chair of ISACA’s Cybersecurity Advisory Council, and president and COO of WhiteOps, Inc.
Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP,is a member of ISACA’s Board of Directors, chair of ISACA’s Cybersecurity Advisory Council, and president and COO of WhiteOps, Inc.
Previously, he was vice president and chief information security officer (CISO) for RSA.
Schwartz has more than 25 years’ experience in the information security field. Prior to RSA, he was CSO of NetWitness (which he co-founded and which was acquired by EMC), CTO of ManTech, EVP and general manager of Global Integrity (acquired by INS), SVP of Operations of Guardent (acquired by VeriSign), CISO of Nationwide Insurance, a senior computer scientist at CSC, and a Foreign Service officer with the U.S. Dept. of State.
Schwartz is a recipient of the 2015 George Mason School of Business 20 Prominent Patriots in Business Award, and 2013 Computerworld Premier 100 IT Leaders Award. He is a Distinguished Fellow of the Ponemon Institute and an adjunct professor of Cyber Security at George Mason University. He serves on the advisory boards for Observable Networks and My Digital Shield, Inc. He also serves as the vice president and treasurer of the ISSA National Capital Chapter.
Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management
ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.