{"id":610418,"date":"2023-02-21T07:49:02","date_gmt":"2023-02-21T13:49:02","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/21\/accreditation-key-to-enterprise-security\/"},"modified":"2023-02-21T07:49:02","modified_gmt":"2023-02-21T13:49:02","slug":"accreditation-key-to-enterprise-security","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/21\/accreditation-key-to-enterprise-security\/","title":{"rendered":"Accreditation key to enterprise security"},"content":{"rendered":"<div id=\"content-header\">\n<h2>We look at how industry-recognised certification enables security chiefs to improve the strength of their security team<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Cliff-Saran-Sep-2022-140x180px.jpg\" alt=\"Cliff Saran\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Cliff-Saran\">Cliff Saran,<\/a><br \/>\n\t\t\t\t\t\t<span>Managing Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>20 Feb 2023<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>In July 2021, joint research from Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) found the area with the biggest shortfall in IT skills to be cloud computing security.<\/p>\n<p>The survey of 489 cyber security professionals revealed that the main ramifications of the skills shortage were an increasing workload for the cyber security team (62%), unfilled job requisitions (38%) and high burnout among staff (38%).<\/p>\n<p>Worryingly, the survey reported that 95% of respondents believe the cyber security skills shortage and its associated impacts have not improved over the past few years, with 44% saying the situation has worsened.<\/p>\n<p>Yet even with a serious shortage of cyber security professionals, skilled candidates say it can be very difficult to <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/Cybersecurity-career-path-5-step-guide-to-success\">begin a cyber security career<\/a>. When asked for recommendations on getting started in cyber security, nearly half (49%) of respondents suggested getting a basic cyber security certification, 42% proposed joining a professional industry organisation, and 36% <a href=\"https:\/\/www.computerweekly.com\/news\/252515284\/Executive-interview-Rajiv-Ramaswami-CEO-Nutanix\">recommended finding a mentor<\/a> who is willing to help develop skills and career plans.<\/p>\n<p>As more businesses adopt public cloud and hybrid services, there is also growing demand for people who know how to secure cloud configurations and have experience of DevSecOps. This is where security is \u201cshifted left\u201d and becomes embedded in a <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252523737\/How-CI-CD-pipelines-are-putting-enterprise-networks-at-risk\">continuous integration and continuous delivery (CI\/CD)<\/a> software development pipeline for introducing new software-enabled products and features.<\/p>\n<p>These skills are prerequisites for CIOs and CISOs delivering a cloud-native digitisation strategy. In a blog post discussing cloud-native security, <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/opinion\/5-ways-to-improve-your-cloud-security-posture\">Melinda Marks, a senior analyst at ESG<\/a>, wrote: \u201cIt\u2019s important to consider time and staff savings and invest in products that drive efficiency and reduce staff burnout.\u201d<\/p>\n<p><a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/10-cybersecurity-certifications-to-boost-your-career-in-2021\">Industry-recognised certification<\/a> is part of that toolset. It not only helps people take a step up the career ladder, but it also offers them a way to boost their earnings. From an IT leader perspective, certification programmes improve staff retention. People who have their training paid for by their employer are far less likely to be tempted to seek work elsewhere.<\/p>\n<p>The 17th edition of Skillsoft\u2019s<a href=\"https:\/\/www.skillsoft.com\/it-skills-and-salary-report\"><em> IT skills &#038; salary report 2022<\/em><\/a> found that 91% of the 7,952\u00a0 IT professionals polled hold at least one certification. The survey reported that respondents hold an average of four certifications in their field. Over half (56%) said the certification helped them improve their work, while 41% said it made them more engaged with their work.<\/p>\n<p>The survey found a correlation between professional, industry-recognised certification and the salary level employees can attain. It found that individuals with <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/answer\/What-CISO-certifications-are-the-most-important-to-have\">Certified Information Systems Security Professional (CISSP) certifications<\/a> were the top earners. According to Skillsoft, CISSP-certified IT professionals in the EMEA region earn around $104,863, while those with <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/The-who-what-why-and-challenges-of-CISM-certification\">Certified Information Security Manager (CISM) certifications<\/a> earn an average of $97,304.<\/p>\n<p>When Skillsoft looked at the top cyber security certification programmes among survey respondents, it found Microsoft was first, followed by ISACA, CompTIA, Cisco and (ISC)<sup>2<\/sup>. This should not come as a surprise given the dominance of Microsoft professional training, which is usually a prerequisite to becoming a Windows systems administrator.<\/p>\n<p>Microsoft also led the top five security, governance, compliance and\/or privacy-related certifications being pursued by the IT professionals surveyed by Skillsoft. It was followed by (ISC)<sup>2<\/sup>, Amazon Web Services (AWS), CompTIA and Cisco.<\/p>\n<p>It is no surprise Microsoft and AWS make the top five in security, governance and compliance certification, given the growth in enterprise public cloud deployments.<\/p>\n<p>According to Skillsoft, IT managers are investing in upskilling staff to address their current skills gaps. They cite the hardest-to-fill positions in the same areas: cloud computing (30%), analytics\/big data\/data science (28%), and cyber security (25%).<\/p>\n<blockquote>\n<div>\n<figure>\n   \u201cWhether your organisation plans to or already invests in helping your employees get certified, you\u2019ll see a boost to productivity, innovation potential and employee retention\u201d<br \/>\n  <\/figure><figcaption>\n   <strong>Maureen Lonergan, AWS<\/strong><br \/>\n  <\/figcaption><\/div>\n<\/blockquote>\n<section data-menu-title=\"Training benefits employer and employee\">\n<h3><i data-icon=\"1\"><\/i>Training benefits employer and employee<\/h3>\n<p>Certification also has a positive effect across the business and boosts staff retention. <a href=\"https:\/\/www.computerweekly.com\/opinion\/Improve-business-outcomes-by-developing-employees-skills\">Maureen Lonergan, vice-president of AWS training and certification<\/a>, says: \u201cWhether your organisation plans to or already invests in helping your employees get certified \u2013 and favourably regards candidates who hold industry certifications \u2013 you\u2019ll see a boost to your organisation\u2019s productivity, innovation potential and employee retention.\u201d<\/p>\n<p>Given that cyber security skills are in high demand, such investment in people can help CISOs build up a strong team.<\/p>\n<p>\u201cOffering opportunities for skills training can lead to higher employee satisfaction and retention. Additionally, when you take a step further and fund your employees\u2019 certification exam fees, employees are less likely to seek employment elsewhere,\u201d Lonergan adds.<\/p>\n<p>But while certifications are useful \u2013 even vital \u2013 for security professionals, <a href=\"https:\/\/www.ciisec.org\/White_Papers\">Piers Wilson, director of the Chartered Institute of Information Security (CIISec)<\/a>, says they should not exist in a vacuum.<\/p>\n<p>\u201cThey need formal accreditation to ensure individuals don\u2019t spend their time amassing irrelevant qualifications that look good on paper but don\u2019t improve their essential skills or prepare them for future roles. This is especially important given the ongoing cyber security skills shortage,\u201d he says.<\/p>\n<blockquote>\n<div>\n<figure>\n    \u201cFormal accreditation [is needed] to ensure individuals don\u2019t spend their time amassing irrelevant qualifications that look good on paper, but don\u2019t improve their essential skills or prepare them for future roles\u201d<br \/>\n   <\/figure><figcaption>\n    <strong>Piers Wilson, CIISec<\/strong><br \/>\n   <\/figcaption><\/div>\n<\/blockquote>\n<p>While a \u201csellers\u2019 market\u201d for skilled employees might seem great for individual careers, Wilson says there is a risk that someone will be appointed or promoted beyond their capabilities, which can have serious consequences both for the organisation and the employee when a real challenge arrives. He also urges CISOs to look beyond technical skills when assessing the level of cyber security training a team requires.<\/p>\n<p>\u201cProfessionals also need business skills to understand security\u2019s place in the business, and guide the organisation to improve its overall security posture,\u201d he says. \u201cThey need to have interpersonal skills to communicate with the wider business and colleagues at all levels, and present advice, guidance and best practices to the business. And they need analytical skills to identify and investigate new threats.\u201d<\/p>\n<p>For Wilson, such \u201cnon-technical\u201d skills offer IT security teams the best way to stay ahead of cyber attackers, as they allow the whole organisation to take a more proactive stance. \u201cSecuring accredited certifications for both technical and non-technical skills won\u2019t just help security professionals stay ahead of the risks. It will also help them plan and secure their own careers \u2013 for instance by identifying what skills they need at the next levels of the profession, and gaining those in advance,\u201d he adds.<\/p>\n<\/section>\n<section data-menu-title=\"Low-cost training\">\n<h3><i data-icon=\"1\"><\/i>Low-cost training<\/h3>\n<p>When looking at a training plan for IT security professionals, <a href=\"https:\/\/www.computerweekly.com\/opinion\/Security-Think-Tank-Getting-the-training-and-development-mix-right\">Rob Dartnall, CEO at SecAlliance<\/a> and chair of Crest\u2019s UK Council, believes CISOs should not necessarily just look at big, expensive courses for their staff, but subscriptions to platforms, academies, and even free online tutorials and webcasts. In his experience, training should not be a one-type-suits-all scenario. IT security leaders need to take into account that different people learn in different ways, and everyone benefits from variety.\u00a0<\/p>\n<p>Dartnall points out that there are some fantastic resources available \u2013 many free \u2013 for cyber security professionals to use to train more easily and hone their skills, with certified proof.<\/p>\n<blockquote>\n<div>\n<figure>\n    \u201cOne of the most important things we need to do as an industry is create the time, space, environment and budget to enable talent to continuously improve\u201d<br \/>\n   <\/figure><figcaption>\n    <strong>Rob Dartnall, SecAlliance<\/strong><br \/>\n   <\/figcaption><\/div>\n<\/blockquote>\n<p>\u201cOne of the most important things we need to do as an industry is create the time, space, environment and budget to enable talent to continuously improve. Where some industries push continuous development for people to become more senior or certified, we in cyber security must also do this \u2013 because the cyber threat landscape is continuously evolving,\u201d says Dartnall.<\/p>\n<p>Describing his own approach, Dartnall adds: \u201cPersonally, I love resources like <a href=\"https:\/\/www.computerweekly.com\/news\/252518039\/Cyber-accreditation-body-Crest-forges-new-training-partnerships\">Immersive Labs and Hack the Box<\/a>. Why? Because they can quickly reflect the real threat landscape, with practical labs that can test both defensive and offensive skills against the newest techniques, quickly aligning an individual\u2019s skills with real-life situations.\u201d<\/p>\n<p>In Dartnall\u2019s experience, many of these platforms also align to career development and certification pathways. \u201cThe work is mostly done for us,\u201d he says. But he also believes that, to add variety, there will always be a place for classroom-based, tutor-led, intensive training.<\/p>\n<p>The two most effective methods for learning cited by the IT professionals polled in the Skillsoft survey are formal, expert-led training sessions at work, and live, instructor-led, online training sessions. Skillsoft found that roughly 70% of IT professionals who participated in these types of training found them to be very to extremely effective.<\/p>\n<p>According to Skillsoft, the popularity combined with the effectiveness of online instructor-led training has led to a surge in learning, with 54% of respondents having participated in such courses. This method helps people balance work and home life with their training requirements, allowing them to learn effectively at a pace that suits them.<\/p>\n<p>Finally, when looking at which areas of security training to focus on, a recent CIISec survey of 135 IT security professionals found that over half (57%) saw analytical thinking and problem-solving skills as most important in the profession \u2013 compared with 24% who rated communication skills as the top priority. Only 18% rated technical skills as more important than other skills, which suggests that cyber security training and certification should emphasise areas such as analytical thinking and problem-solving over technical skills.<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on IT education and training<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/opinion\/Improve-business-outcomes-by-developing-employees-skills\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keyboard_g1140860048_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keyboard_g1140860048_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/keyboard_g1140860048.jpg 1280w\" alt ><\/p>\n<h5>Improve business outcomes by developing employees&#8217; skills<\/h5>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/opinion\/Security-Think-Tank-Getting-the-training-and-development-mix-right\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Security-Think-Tank-hero.jpg 1280w\" alt ><\/p>\n<h5>Security Think Tank: Getting the training and development mix right<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Rob-Dartnall-SecAlliance-CREST-CW-contributor.jpg\" alt=\"RobDartnall\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Rob\u00a0Dartnall<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/whatis\/feature\/15-highest-paying-IT-certifications\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g483411626_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g483411626_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g483411626.jpg 1280w\" alt ><\/p>\n<h5>15 highest-paying IT certifications in 2022<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/kerner_sean.jpg\" alt=\"SeanKerner\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Sean\u00a0Kerner<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchhrsoftware\/news\/252525325\/Workday-creates-universal-skills-translator\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g1146952109_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g1146952109_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/certification_g1146952109.jpg 1280w\" alt ><\/p>\n<h5>Workday creates universal skills translator<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/thibodeau_patrick.jpg\" alt=\"PatrickThibodeau\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Patrick\u00a0Thibodeau<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/feature\/Accreditation-key-to-enterprise-security\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Diego Buresh<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We look at how industry-recognised certification enables security chiefs to improve the strength of their security team By Cliff Saran, Managing Editor Published: 20 Feb 2023 In July 2021, joint research from Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) found the area with the biggest shortfall in IT skills to be<\/p>\n","protected":false},"author":1,"featured_media":610419,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[98530,38854,46],"tags":[],"class_list":{"0":"post-610418","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-accreditation","8":"category-enterprise","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/610418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=610418"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/610418\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/610419"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=610418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=610418"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=610418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}