The security profession is at a crossroads. The average age of today's practitioner is in the early forties, per industry figures. Consequently, even as demand for security increases, the profession is at risk of losing more people to retirement than it can attract through recruitment. Many in the industry dread that if the members of the community do not come together and address this issue, they are collectively digging themselves a deeper hole.
David Shearer , CEO of the International Information Systems Security Certification Consortium, believes that more needs to be done to bring younger minds into the profession. Shearer succeeded Hord Tipton as CEO of (ISC)Â² in 2015. As part of the older generation, Shearer believes the current crop of security professionals needs to lay the ground work to help younger pros be successful (see: New (ISC)Â² Head Tackles Staffing Crisis)
"We're seeing companies go under and CEOs lose jobs. But we haven't seen yet any major critical infrastructure attacks that have life, limb and property implications," he says. That's a clear possibility in the future, and so those that enter the profession today need to be groomed to be the defenders of the future, he says.
One of the ways (ISC)Â² is trying to make a difference and get youngsters interested is through its Safe and Secure Online program, Shearer says, through which volunteers spend time with parents, students and school administrators to show how children can be safe online. That's an opportunity to make them aware of cybersecurity at a very young age, he says. This program, by extension, is followed through in high school and then through to universities.
"We need more people," he reiterates. For every piece of technical convenience that is out there to help an average citizen use technology, the bad actors are finding a way to spin that into an attack vector. The attack surface is expanding exponentially, he says, even as practitioners today struggle to plug the holes, keep their heads down and deal with day-to-day security challenges. One big mistake the industry is making today is its faith in the latest and greatest tools, he says. The average company today can't afford some of these tools.
"It's easy to say the latest and greatest tools are available today, but there are thousands and thousands of companies out there just scratching and clawing, just to have some semblance of a perimeter security posture for their organization," he says.
In this exclusive audio interview with Information Security Media Group (see player link below image), Shearer shares the developments he has seen in the last year as the CEO at (ISC)Â². He speaks to some of the challenges facing the profession from a skills gap perspective and how this can be addressed, also touching upon:
- The U.S. DoD 85-70 standard, and how such models can be emulated elsewhere;
- The need for reskilling and constant training in security;
- Some forward-looking predictions for the profession as well as the threat landscape.
Shearer is the CEO at (ISC)Â². He has more than 27 years of business experience, including serving as chief operating officer for (ISC)Â²; associate chief information officer for International Technology Services at the U.S. Department of Agriculture; the deputy chief information officer at the U.S. Department of the Interior; and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. Shearer has been responsible managing and providing services via international IT infrastructures, and he has implemented large-scale SAP enterprise resource planning projects.