Podcast Summary: CyberWire Daily – "Putting a Dent in the Cybersecurity Workforce Gap"

Podcast Information:

• Title: CyberWire Daily
• Host/Author: N2K Networks
• Description: The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
• Episode: Putting a Dent in the Cybersecurity Workforce Gap
• Release Date: December 26, 2024

Introduction

In this special edition of CyberWire Daily’s Solutions Spotlight, N2K Networks’ President, Simone Petrella, engages in an insightful conversation with Claire Rosso, CEO of ISC². The discussion centers on strategies to address the persistent cybersecurity workforce gap, emphasizing diversity initiatives, professionalization, and the evolving landscape of cybersecurity standards.

Background of Claire Rosso

[02:53] Simone Petrella: Simone initiates the conversation by highlighting Claire Rosso’s pivotal role in ISC² and her initiatives that have significantly impacted the cybersecurity landscape. Petrella notes Rosso's efforts in promoting entry-level certifications, such as the Certified in Cybersecurity (CC) certification, which has garnered over 110,000 expressions of interest in the field within three months.

[04:00] Claire Rosso: Claire shares her extensive background in the accounting and finance profession, drawing parallels between risk management in accounting and cybersecurity. She emphasizes the similarities in required competencies, such as problem-solving, analytical thinking, and effective communication, underscoring the potential for cross-industry learnings to bridge workforce gaps.

The Cybersecurity Workforce Gap: Statistics and Insights

[11:24] Claire Rosso: Claire discusses ISC²’s latest cybersecurity workforce study, revealing that the global cybersecurity workforce has grown by 8.7% to 5.5 million professionals. However, the demand outpaces supply, with approximately 4 million unfilled roles worldwide—a 12% increase year-over-year. APAC regions exhibit the highest gaps, exceeding 2 million unfilled positions.

Notable Quote:

Claire Rosso [11:24]: "Our unfilled roles in cybersecurity now globally are around 4 million, which is huge. It was about a 12 point something percent increase year over year."

Addressing the Skills Gap

[14:11] Claire Rosso: Claire highlights the critical issue of the skills gap, noting that 92% of organizations report deficiencies in required areas. This gap not only affects workforce numbers but also the quality of cyber defense.

Notable Quote:

Claire Rosso [14:11]: "92% of organizations are saying they have skills gaps in one or more areas. And a significant number of professionals are saying if we could address the skills gap in our organization, it would lessen the impact of the workforce gap."

She stresses the necessity for organizations to identify essential skills, invest in professional development, and align training programs with strategic cybersecurity needs.

Professionalization of Cybersecurity

[08:16] Claire Rosso: The conversation shifts to the professionalization of cybersecurity. Claire emphasizes the need for standardized codes of conduct and global standards to elevate cybersecurity as a recognized profession akin to accounting.

Notable Quote:

Claire Rosso [08:16]: "We are an industry of professionals, but we haven't professionalized... We need a standardized code of professional conduct or ethics in the profession."

[20:23] Claire Rosso: Claire elaborates on ISC²’s role in advocacy, representation, and continuous professional development, ensuring that certified professionals are equipped to influence policy and uphold industry standards.

[22:51] Claire Rosso: Emphasizing the importance of continuous learning, Claire discusses ISC²’s initiatives to provide resources on emerging topics like AI security and supply chain risks, fostering a culture of perpetual growth and adaptation among cybersecurity professionals.

Diversity and Inclusion Initiatives

[22:51] Claire Rosso: Addressing diversity and inclusion (DEI), Claire outlines ISC²’s comprehensive DEI strategy aimed at increasing representation and retention of diverse groups within cybersecurity.

[23:09] Claire Rosso: Claire details the collaboration with various nonprofits focused on different underrepresented groups, emphasizing the dual approach of enhancing employability for individuals and improving employer practices.

Notable Quote:

Claire Rosso [23:09]: "We brought diverse individuals in and they don't stay. And it's the worst with women, right? We bring women in and they don't stay in cyber. And we need to change that."

She highlights initiatives such as DEI workshops, employer-focused best practices, pay equity discussions, and the promotion of inclusive workplace environments to foster retention and satisfaction.

Impact of DEI on Security Posture

[27:10] Claire Rosso: Claire presents compelling data linking DEI programs to improved security postures. Organizations with robust DEI initiatives report lower risks, demonstrating that inclusive environments contribute to enhanced problem-solving and reduced vulnerabilities.

Notable Quote:

Claire Rosso [27:10]: "Organizations that have DEI programs in place report that they are at moderate to severe risk, as opposed to those that do not have DEI programs."

She hypothesizes that DEI fosters diverse thinking and collaboration, which are critical in addressing complex cybersecurity challenges effectively.

Conclusion

The discussion between Simone Petrella and Claire Rosso underscores the multifaceted approach required to mitigate the cybersecurity workforce gap. By emphasizing professionalization, addressing skills shortages, and fostering diversity and inclusion, ISC² is spearheading initiatives that not only aim to fill the existing gaps but also enhance the overall resilience and effectiveness of the cybersecurity landscape.

[30:25] Simone Petrella: Simone wraps up the conversation by expressing optimism about the future of cybersecurity, thanks to the proactive measures and collaborative efforts highlighted by Claire Rosso.

Key Takeaways:

• The global cybersecurity workforce is growing but lags behind demand, with a significant gap in APAC regions.
• Addressing the skills gap is crucial, with 92% of organizations acknowledging deficiencies.
• Professionalization, including standardized ethical codes and global standards, is essential for the maturation of the cybersecurity field.
• DEI initiatives play a vital role in both expanding the workforce and enhancing security postures.
• Continuous professional development and advocacy are pivotal in bridging the workforce gap and strengthening the cybersecurity ecosystem.

Notable Quotes with Timestamps:

1. Claire Rosso [04:00]:

   "Accounting and finance has an underlying need to have a deep knowledge and understanding of risk management and if you think about what cybersecurity is, it's nothing but risk management."

2. Claire Rosso [08:16]:

   "We are an industry of professionals, but we haven't professionalized... We need a standardized code of professional conduct or ethics in the profession."

3. Claire Rosso [11:24]:

   "Our unfilled roles in cybersecurity now globally are around 4 million, which is huge. It was about a 12 point something percent increase year over year."

4. Claire Rosso [14:11]:

   "92% of organizations are saying they have skills gaps in one or more areas. And a significant number of professionals are saying if we could address the skills gap in our organization, it would lessen the impact of the workforce gap."

5. Claire Rosso [23:09]:

   "We brought diverse individuals in and they don't stay. And it's the worst with women, right? We bring women in and they don't stay in cyber. And we need to change that."

6. Claire Rosso [27:10]:

   "Organizations that have DEI programs in place report that they are at moderate to severe risk, as opposed to those that do not have DEI programs."

This comprehensive summary captures the essence of the conversation between Simone Petrella and Claire Rosso, highlighting the critical areas of workforce development, professional standards, and diversity initiatives necessary to fortify the cybersecurity field against evolving threats.