Citizens around the world are questioning more and more the surveillance and data gathering activities of government agencies. In order to have a strong understanding of what they are doing and if what they are doing is truly benefiting us, rather than them, we all need to become more educated on all all aspects of cybersecurity. (ISC)2® an international non-profit cyber-security membership association, is doing a lot of work in this space to help provide us with guidance and governments with recommendations on how to proceed in a fair and acceptable manner. Success will require a joint public-private effort and (ISC)2 is doing some good work in this space to make it happen.
(ISC)2® today announced a set of recommendations for the Trump Administration to consider as it approaches its 100th day in office.
These recommendations were delivered to White House Chief of Staff and others on President Trump’s team in an attempt to urge prioritization of workforce development within the pending cybersecurity executive order and beyond.
During a December 2016 gathering sponsored by the (ISC)2, U.S. Government Advisory Council (USGAC), participants, including former Federal Chief Information Security Officer (CISO) Gregory Touhill and federal agency CISOs and executives, discussed transition planning from the cybersecurity workforce perspective. The following is an abridged list of areas that (ISC)2 has now identified as being critical for the new administration to address. An expanded list can be viewed in today’s (ISC)2 blog post.
- Time is of the essence –The widespread and damaging effects of cyber threats are revealed on a daily basis. At the same time, the demand for skilled cybersecurity workers is rapidly increasing
- Consider the progress already made – Cybersecurity is a bi-partisan issue. Critical work has been done over the last eight years to advance the cybersecurity workforce
- Harden the workforce –Everyone must learn cybersecurity. We have to break the commodity focus of simply buying technology and stopping there, without focusing on training all users
- Incentivize hiring and retention – In today’s world, a sense of mission doesn’t always override good pay—incentives work
- Prioritize investment in acquisition, legal and human resources (HR) personnel – Acquisition, legal and HR professionals are essential players within the federal cybersecurity ecosystem
- Prevent getting lost in translation – The government needs effective communicators who can translate technical risk to business leaders
- Civil service reform –The civil service system is broken and does not meet the government’s needs
- Compliance does not equal security — embrace risk management – In the government’s quest for cyber resiliency, a risk management perspective will be essential
- A standard cyber workforce lexicon –Once finalized, the NICE Cybersecurity Workforce Framework should provide an excellent resource for workforce development
“In a recent congressional hearing, (ISC)2 had the opportunity to present these recommendations in an effort to advocate for our members and the broader cybersecurity profession during the presidential transition and beyond,” said Dan Waddell, (ISC)² managing director, North America Region. “Significant progress has been made over the past decade to advance the federal cyber workforce; our recommendations reflect the importance of building future cybersecurity policy — including the pending executive order — on the existing foundation.”
