Addressing the Skills Crisis
ISACA's Allan Boardman on Building a Security Staff
What's it going to take to attract individuals to information security and develop the right skills required to tackle the profession's future needs? ISACA's Allan Boardman offers his insights on growing the field.
The current cybersecurity climate looks like this: Organizations struggle to find qualified staff to fill all the roles open in information security and risk management, and within the existing talent pool there's a lack of skills necessary to succeed in those roles, says Boardman, international vice president of ISACA.
Ensuring organizations have the necessary professionals with required skills to address their cybersecurity gaps means developing a new strategy, Boardman explains.
"Have a clear career path for those individuals so they can be motivated," he says in an interview with Information Security Media Group [transcript below].
"One of the main reasons people like working in this area is because it's an interesting [one] with ever-changing demands, needs and challenges around every corner," Boardman says.
Ensuring that motivation means having career progression, he notes. ISACA, through its career management taskforce, is looking at what resources are needed to provide existing professionals, and interested candidates, with a better idea on career paths, skills and requirements to fulfill the open positions.
In an interview, Boardman discusses:
- His focus at ISACA;
- What ISACA is doing to address the skills gap;
- How to grow the profession to meet future needs.
Boardman began his career with Deloitte in Cape Town, South Africa, and has more than 30 years of experience in IT audit, risk, security and consultancy roles at companies such as JPMorgan, Goldman Sachs, KPMG, PricewaterhouseCoopers, Marks and Spencer and the London Stock Exchange. He is a past president of the ISACA London Chapter and has served on the British Computer Society's Information Risk Management and Audit Committee. He has also served on and chaired ISACA's CISM Certification Committee and the Leadership Development Committee. He currently chairs ISACA's Credentialing Board and is a member of the association's Strategic Advisory Council.
Focus at ISACA
TOM FIELD: You've had a distinguished career in information security; you still have a distinguished career. Tell me a little bit about yourself, the work that you do and your role with ISACA.
ALLAN BOARDMAN: I guess I started life as an accountant, but I've moved into IT audits, security and risk management pretty early on. I've worked with some of the big organizations on a global scale, and my involvement at ISACA goes back over 15 years at a local chapter, but more recently at the international level working with ISACA in various committees and currently, as you mentioned, joining the career management board, which oversees the four main credentials within ISACA.
Shortage of Skills
FIELD: Let's talk a little bit about the situation that you see globally. We know that there's a shortage within information security, and my question for you is: are we looking at a shortage of individuals or are we looking at a shortage of particular skills?
BOARDMAN: I think it's more of the latter. There are a lot of people who work in the information security space, but I think what we see is there are specific skills, particularly with cybersecurity being very much on the forefront of everybody's minds right now, and it's clearly been identified that cybersecurity is one of the big gaps. In my opinion, it's across the whole range. These are very deep technical skills, architecture skills and security specialists, but also the business skills that are in short supply. That's one of the areas that ISACA has identified that we need to focus on.
Filling the Gaps
FIELD: Let's talk about gaps. Where do you see gaps and what's ISACA doing about that to fill those gaps?
BOARDMAN: Some of the gaps I would see specifically are around providing specific security guidance to organizations to address the issues in the current topical areas like big data, cloud security and mobile computing. Those are all topics where people need more detailed specific guidance and tools to be able to help them through that.
ISACA's Credentialing Program
FIELD: Let's talk about the credentialing program. You currently have four major credentials. How's the credential program evolving to help fill gaps and meet the needs that organizations have?