Skills Building: Mainstream Awareness NeededISACA's Hale on How to Help Address InfoSec Staffing Crisis
To stay relevant in information security today, practitioners need to stay connected to the profession - an area where organizations such as ISACA play an important role. However, the biggest roadblock seems to be that many people are unaware of the opportunities available in cybersecurity as a profession, says Dr. Ron Hale, ISACA's Chief Knowledge Officer. (Also See: ISACA CEO: Why an InfoSec Pro is Like a Doctor)
"There needs to be a lot more awareness, and I see a big role for governments and universities to do this," he says. "Some of the efforts that we see from governments are at the secondary school level. So future generations will be aware. However, the current generation does not quite know, what the opportunity is."
Speaking of trends today, Hale says business needs techno-competence, but is looking to translate that technology into business speak. There is a big need for people who have done security technology, risk management, forensics and can talk business at the same time.
In this regard, ISACA's transition from a fraternity of auditors to an organization that has over 50,000 members involved in the security profession is really a natural growth, he says. When business needed people to tackle security issues, the natural choice of people to call on turned out to be those that had technology background, plus the business experience - and those were the auditors.
It's important that the board have access to someone these days who understands cyber risk, he believes. But the person in the security role needs to know how to talk to these people and what is important to them, and then be able to take a complex issue and break it down. (Also see: New Strategy Needed to Address Skills Gap)
"There needs to be a dialog between security, risk management and business, as part of the governance process. That's how it should work - security cannot keep saying no to business," he says.
In this exclusive interview with ISMG, Hale shares insight on the trends he sees in the security job market, and where he expects the industry to go. He talks about:
- How ISACA develops its programs under the Chief Knowledge Officer's guidance;
- The hot items in the security career space today;
- How to tackle the skills gap issue and stay relevant.
Hale is a Certified Information Security Manager with more than 20 years security experience that touches almost every aspect of the security profession. He was the manager of security services for Northrop Corporation Defense Systems Division, responsible for developing and managing the security program for classified and unclassified systems, as well as corporate investigations, crisis management, technical surveillance countermeasures, executive protection and security awareness. As a research manager for Bank Administration Institute, Hale published research reports on bank security and fraud, and worked on the first study of ATM Security and Fraud.
Hale has also provided consulting services to many leading organizations as a Practice Director in the Enterprise Risk Management practice within Deloitte. In his current position with ISACA, he is responsible for knowledge creation and product development including ISACA frameworks, guidance and practices, professional standards and for the development of study aids for certification exam candidates. He is also responsible for the development of materials for academics in areas of governance, security, risk management and assurance.