Laying Foundation for Next-Gen WorkforceRSA's Eddie Schwartz Describes ISACA Task Force Plans
Schwartz leads ISACA's recently formed cybersecurity task force that's taking stock of the current environment by identifying gaps - shortages of qualified personnel and effective technology, for instance - and will make recommendations by early fall to the international standards organization to address current and future IT security needs.
In an interview with Information Security Media Group, Schwartz emphasizes the need to establish the groundwork today to build the cybersecurity workforce of the future without ignoring current challenges.
"If you're looking to increase the workforce by 20 percent or 30 percent over the next few years, as well as add sets of skills that don't exist today, that's not something you can do immediately; that's something that's going to take you years to do the right way," Schwartz says.
The IT security community must help high schools and colleges shape their cybersecurity curricula to train the next generation of professionals, he says.
"The things that you are going to do today at the high school and university levels are going to have impacts on the graduates of 2018, 2019, 2020," Schwartz says. "What do you want it to look like when you're done here? That's why it is a combination of things that are going to be impactful now in terms of reframing this problem, but also things that are going to be game changers."
The task force that Schwartz chairs for ISACA, a not-for-profit organization that produces the COBIT IT management and governance framework, includes seven other information security leaders from the United States, Australia, Britain, Mexico and Spain.
In the interview, Schwartz:
- Assesses how the IT security field has rapidly evolved in the two years since RSA named him its first chief information security officer after the IT security provider experienced an advanced-persistent-threat breach targeting its SecurID two-factor authentication [see RSA to Get Its First Chief Security Officer and RSA CSO Tells Why He Took the Job];
- Discusses how the growing awareness of cyberthreats reflects an attitude shift by businesses toward IT security;
- Outlines the task force goals, which the panel hopes to present to ISACA in the third quarter.
Before joining RSA as CISO, Schwartz served as chief security officer at NetWitness, another EMC-owned unit that provides real-time network forensics and automated threat analysis. Previously, Schwartz served as chief technology officer of ManTech Security Technologies, senior vice president of operations of Guardent and executive vice president of operations for Predictive Systems. He also served as CISO at Nationwide Insurance, Schwartz, a senior computer scientist for CSC and a Foreign Service officer with the U.S. State Department.