As hackers and cybercriminals continue a seemingly endless offensive to crack and compromise computer networks, many companies are taking notice at great expense. The Petya ransomware attack that took place in June, for example, is still taking its toll on organizations around the world. Companies like Maersk, Reckitt Benckiser, FedEx and others were rattled by the outbreak that locked down systems and had a measurable impact on their operations.
Given the magnitude of attacks like Petya, companies are implementing more stringent cybersecurity measures to prevent or mitigate the damage of cyber threats. But their ability to respond to cyberattacks depends greatly on the core competencies of their IT organizations, and there just happens to be a shortage of qualified IT security, governance and audit professionals to keep pace with the cyber threat landscape. The ISACA advocacy group predicts a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool CyberSeek.
For IT organizations to take effective action, they must first bridge their current skills gap for security professionals that are trained to run and protect complex IT environments. Hiring Certified Ethical Hackers (CEH) is one great choice, but there are other key certifications that can prove invaluable to IT groups that are looking to hire qualified IT professionals, or even train and promote staff from within.
Here are three certifications that can help solve your cybersecurity skills gap.
The Certified Information Systems Security Professional (CISSP) certification is considered by many to be the gold standard in the field of information security. Governed by the International Systems Security Certification Consortium (ISC), this specialty empowers IT professionals to design and manage security controls in business environments, and it was the first information security credential to meet the strict conditions of ISO/IEC Standard 17024. Most IT security positions require or prefer a CISSP certification.
CISSP professionals are trained in all aspects of IT security, including architecture, design, management and controls, and they focus on the practical application of cybersecurity knowledge and tools in real-life IT job scenarios. CISSP experts can create and implement a security plan that protects IT infrastructure from hackers who attempt to disrupt network activities, steal or destroy data (as in the case of ransomware attacks).
From a security standpoint, the CISSP certification trains IT professionals in key domains, including governance and risk management, access control, security architecture and design, physical and environmental security, telecom and network security, cryptography, business continuity and disaster recovery, legal and compliance, software development security and security operations.
CISM (Certified Information Security Manager) is a key certification for information security professionals who manage, design, oversee and assess enterprise information security. It takes a comprehensive view of information security systems and provides a core understanding of how security programs contribute to broader business goals and objectives. Enterprises and government agencies increasingly expect their IT professionals to hold a CISM certification, and it is considered essential to ongoing education and career development.
CISM-certified professionals add value to an IT department’s cybersecurity protocol by:
- Defining the architecture and design necessary to managing the ongoing security of the organization.
- Identifying potential critical cybersecurity issues and customizing company-specific best practices to support the governance of information and related technologies.
- Focusing on IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework.
- Adding credibility to the IT organization and the role it plays to deliver more reliable service to customers and other internal and external constituents.
The Certified Information Systems Auditor (CISA) is trained to govern and control enterprise IT, particularly in performing an effective and efficient security audit on any IT organization. CISA certificate holders gain expertise in the acquisition, development, testing and implementation of information systems and learn the guidelines, standards and best practices of protecting them. The certification is usually aligned with ISACA standards. Driven by legal and regulatory requirements, CISA is one of the hottest areas in information security.
CISA professionals are able to perform key IT-security related duties, including:
- Identifying and assessing vulnerabilities and report on compliance and institutional controls.
- Applying information security audit and assurance guidelines, standards and best practices.
- Governing and controlling enterprise IT environments.
- Understanding the acquisition, development, testing, and implementation of information systems.
The ability for your IT organization to protect vital information assets and keep operations running during a cyberattack can be directly proportional to the skills of the IT professional that run your operations. Companies that invest in their people, both in terms of ongoing IT security skills training and in hiring professionals with the right certifications, will be well positioned to succeed in an increasingly precarious digital world.