The non-profit IT security trade group polled 700 information security professionals and found that close to a majority of respondents said there is a gap between existing certification programs and specific cybersecurity skills needed in the workplace.
However, 69% of respondents opposed a proposal by the Center for Strategic and International Studies (CSIS) to establish a Board of Information Security Examiners to enforce certification requirements designed to close the skills gap.
In a draft report, the CSIS Commission on Cybersecurity for the 44th Presidency recommended that a licensing system be implemented for information security professionals, similar to the one for CPAs and medical professionals.
A full 48.7% of survey respondents opposed imposing a licensing system on information security professionals, more than double the number who supported the proposal. Instead, respondents favored working within the current system to improve information security certifications.
“Many of the respondents had concern about the proposal that the US government should establish a licensing board for information security professionals”, said W. Hord Tipton, (ISC)² executive director and former chief information officer of the Department of the Interior.
Tipton told Infosecurity that the draft report was prepared by a closed group of experts who did not vet the report with information security professionals. (ISC)² and other certification and educational organizations communicated to the commission that the existing information security certification programs are adequate to close the cybersecurity skills gaps in the federal government.
The executive director said that setting up a government-run licensing board would result in unnecessary time and expense to certify the hundreds of thousands of current information security professionals who already have the skills needed to get the job done.
In the draft report, the commission also recommended an emphasis on technology-specific certifications as a means of replenishing the current shortage of qualified professionals in the federal government and a shift in focus in training and certification from security principles and best practices to technical skills.
A majority of respondents opposed these two proposals: 52% opposed technology-specific certifications and 53.7% opposed a shift in focus of training and certification toward technical skills.
Instead, the federal government needs to determine what specific types of certifications are needed to improve the skills of the workforce that is already on the front-lines, said Tipton. “This is not a one-size-fits-all situation. Part of the thing that creates the impression that the existing system is not working is because many of the organizations that have used certifications historically have not put those people in the appropriate positions”, he said.
“There is no silver bullet. There is no one credential that will meet all of your needs….We need a combination of good, solid technology hardware and monitoring equipment and we need people trained to operate that equipment, along with a good training program for the end users; these are really the keys to this whole puzzle”, Tipton concluded.
The commission’s final report, titled A Human Capital Crisis in Cybersecurity, toned down some of its recommendations in response to information security industry feedback. However, the commission did retain the proposals to set up a Board of Information Security Examiners as a long-term goal.