Credit: Christina Morillo
Global cyber security membership association (ISC)2 has announced plans to pilot a new entry-level cyber security certification to validate the fundamental skills and abilities necessary for entry-level positions.
Aimed at addressing cyber security workforce shortages, the new certification will provide employers means to verify new entrants’ knowledge of foundational cyber security concepts and essential best practices, along with supporting industry newcomers with clear and attainable career pathways into the field.
The new qualification will also provide more clarity for candidates who aspire to obtain the CISSP credential.
“This approach underlines our commitment to making cyber security a more accessible, inclusive, and diverse profession,” commented Dr. Casey Marks, chief qualifications officer, (ISC)2. “This certification will give employers the confidence that newer entrants into the sector have a solid grasp of the right technical, ethical, and operational practices on which to build and learn.”
Cyber security sector asked to contribute to new certification
(ISC)2 has invited the cyber security industry to contribute to the development of its new entry-level certification, asking security professionals to complete a survey to help create an outline for the certification examination and establish which specific knowledge, skills and abilities that are to be included.
“Before a certification program becomes formally operational, a rigorous process of exploration, research and validation is necessary to ensure the qualification meets its intended purpose, as well as the demanding standards of the cyber security community,” the company wrote on its website. No publication date had been announced at the time of writing.
Are cyber security certifications necessary for entry-level roles?
(ISC)2 cites both need and demand for the certification in response to the growing trend of people entering the cyber security workforce without substantial prior IT experience. This is something it highlighted in its recent (ISC)2 Cybersecurity Career Pursuers Study, which revealed that half of newer cyber security professionals do not come from an IT background.
According to (ISC)2, the new certification will help address this issue by enabling practitioners to demonstrate to employers their familiarity with foundational cyber security concepts to set them on a pathway to more strategic and experience-driven roles.
Kevin Curran, professor of cyber security at Ulster University and senior member of the Institute of Electrical and Electronics Engineers, expects hiring companies to respect the certification as (ISC)2 itself is well regarded in the cyber security community.
“For growth industries like cyber security, there is not enough staff to meet demand – driving up wages now and into the foreseeable future. A certification like this should act as a motivation for any young person considering a career in cyber security,” he tells CSO.
Industry certificates will always play a role, with many of the larger companies having a vested interest in them, Curran adds. “These can be of high quality and very useful for those looking to pursue careers in cyber security.”
In contrast, Netenrich Principal Threat Researcher John Bambenek doubts whether another cyber security certification is the correct route to take. “Companies still view the CISSP as an entry-level certification even though it requires years of experience to acquire,” he tells CSO. “The mindless gatekeeping of requiring advanced degrees and then certifications just to get your entry level job isn’t going to be alleviated by swapping out the specific letters involved.”
Bambenek says that enterprises might send new hires for this certification for professional development, but to build a “true talent pipeline, enterprises should work with community colleges to develop cyber security programs. They should also be involved with their local Security BSides events with capture-the-flag or other security exercises.
