The demand for skilled cybersecurity professionals has never been greater, yet many organisations are struggling to find the expertise needed to safeguard their systems. Jon France, CISO at ISC2, discusses how ISC2’s comprehensive programmes are shaping the next generation of cybersecurity leaders and professionals. He also shares valuable insights into the evolving cybersecurity landscape and the critical role of continuous training in addressing today’s threats.
How does ISC2 support cybersecurity professionals in developing their skills and careers?
ISC2’s mission is to ensure a safe and secure cyberworld, advancing the cybersecurity profession. We focus not only on technical skills but also on softer skills. We’re known for certifications such as CISSP (Certified Information Systems Security Professional),and we believe in lifelong learning. Our members have access to training resources and our certifications require continuous professional education, like the CISSP, which mandates on-going education every three years. Additionally, we advocate for strong cybersecurity policies globally.
What are the biggest cybersecurity risks facing organisations today?
Ransomware remains a top threat due to its profitability and ease of execution through phishing, whaling and business email compromise. Emerging technologies, such as AI-powered deep fakes, make human exploitation easier. It’s easier to convince a human being to do something sometimes than it is to attack a well secured system. On the technical side, misconfigured systems represent a significant vulnerability as poorly secured systems can easily be exploited by attackers, increasing overall risk.
How can businesses address the cybersecurity skills gap?
To address the skills gap, businesses should focus on basic cyberhygiene, including proper patching and software updates. For companies with cybersecurity staff, it’s crucial they are properly trained and supported by leadership. From the leadership of the management down, a security culture is key. Our annual workforce study highlights high demand for technical skills in AI, cloud security, incident response and digital forensics. However, we’re also seeing an increasing need for traits like communication, critical thinking and business acumen, with leadership skills becoming more important.
What role does ISC2 play in advancing cybersecurity leadership?
ISC2 covers the full spectrum of cybersecurity roles, from entry-level certifications to CISO-level leadership programmes. Our certifications and courses help professionals progress through all stages of their careers, from core technical skills to leadership skills. We focus on business-centric skills, like communication with the board and executive teams, to complement technical knowledge. This allows professionals to lead more effectively in today’s business environment.
How important is certification in tackling cyberthreats efficiently?
Certifications are a core component of cybersecurity, as they combine theoretical knowledge with practical, competency-based assessments. Certifications like CISSP require real-world experience and knowledge application. Moreover, certifications involve continued professional education, ensuring that professionals stay current in a rapidly evolving field. Understanding the broader business context, not just technical aspects, is also crucial in addressing cyberthreats efficiently.
What emerging trends do you see in global cyberdefense strategies?
The increasing penetration of digital technologies in all businesses is a major trend. Even companies that aren’t purely digital rely heavily on digital tools. Emerging technologies like AI and Quantum Computing are expanding security challenges, while legacy systems still need to be protected. Geopolitical instability is also pushing cyberconflict into the spotlight, with cyber now considered a key component of modern warfare. Bullets and bombs only go so far. Bits and Bytes can go global.
Furthermore, regulators are addressing cybersecurity more rigorously, with new requirements for baseline security in sectors like finance and healthcare. The profession is also gaining prominence at the board level, with more business leaders recognising the need for cybersecurity expertise in decision-making. Cyber is now a talked-about component in every business, where a decade ago, it was an IT problem.
How can CISOs balance security innovation with budget constraints?
CISOs can balance innovation and budget constraints by focusing on risk management and protecting the most critical assets first. With limited resources, it’s important to prioritise and ensure that basic cyberhygiene is in place, like strong patching regimes. In times of constraint, this raises the overall security posture and ensures resilience. Also, education is key – businesses must remember that cybersecurity ultimately impacts people, and a people-first strategy can make a big difference.
What’s your take on AI in cybersecurity?
AI has significant potential in both offensive and defensive cybersecurity. While attackers are using AI to sharpen their campaigns, defenders are using it to improve threat detection and data analysis. AI helps cybersecurity professionals sift through large amounts of data, improving the signal-to-noise ratio and helping them reach decisions faster. However, AI isn’t a replacement for human judgment and can’t make executive decisions. AI gives us relevant, timely, context sensitive information like we haven’t had in the past, and then it’s up to us to act upon it. It’s part of an on-going arms race, it’s either going to solve the world’s problems or cause the world problems.
