(ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages

New certification aims to validate knowledge of foundational cybersecurity concepts and best practices to address skills gap. Is another cybersecurity qualification the answer?

certificate / gold seal certification
DNY59 / Getty Images

Global cybersecurity membership association (ISC)2 has announced plans to pilot a new entry-level cybersecurity certification to validate the fundamental skills and abilities necessary for entry-level positions. Aimed at addressing cybersecurity workforce shortages, the new certification will provide employers means to verify new entrants’ knowledge of foundational cybersecurity concepts and essential best practices, along with supporting industry newcomers with clear and attainable career pathways into the field.

The new qualification will also provide more clarity for candidates who aspire to obtain the CISSP credential. “This approach underlines our commitment to making cybersecurity a more accessible, inclusive, and diverse profession,” commented Dr. Casey Marks, chief qualifications officer, (ISC)2. “This certification will give employers the confidence that newer entrants into the sector have a solid grasp of the right technical, ethical, and operational practices on which to build and learn.”

Cybersecurity sector asked to contribute to new certification

(ISC)2 has invited the cybersecurity industry to contribute to the development of its new entry-level certification, asking security professionals to complete a survey to help create an outline for the certification examination and establish which specific knowledge, skills and abilities that are to be included. “Before a certification program becomes formally operational, a rigorous process of exploration, research and validation is necessary to ensure the qualification meets its intended purpose, as well as the demanding standards of the cybersecurity community,” the company wrote on its website. No publication date had been announced at the time of writing.

Are cybersecurity certifications necessary for entry-level roles?

(ISC)2 cites both need and demand for the certification in response to the growing trend of people entering the cybersecurity workforce without substantial prior IT experience. This is something it highlighted in its recent (ISC)2 Cybersecurity Career Pursuers Study, which revealed that half of newer cybersecurity professionals do not come from an IT background. According to (ISC)2, the new certification will help address this issue by enabling practitioners to demonstrate to employers their familiarity with foundational cybersecurity concepts to set them on a pathway to more strategic and experience-driven roles.

Kevin Curran, professor of cybersecurity at Ulster University and senior member of the Institute of Electrical and Electronics Engineers, expects hiring companies to respect the certification as (ISC)2 itself is well regarded in the cybersecurity community. “For growth industries like cybersecurity, there is not enough staff to meet demand – driving up wages now and into the foreseeable future. A certification like this should act as a motivation for any young person considering a career in cybersecurity,” he tells CSO.

Industry certificates will always play a role, with many of the larger companies having a vested interest in them, Curran adds. “These can be of high quality and very useful for those looking to pursue careers in cybersecurity.”

In contrast, Netenrich Principal Threat Researcher John Bambenek doubts whether another cybersecurity certification is the correct route to take. “Companies still view the CISSP as an entry-level certification even though it requires years of experience to acquire,” he tells CSO. “The mindless gatekeeping of requiring advanced degrees and then certifications just to get your entry level job isn’t going to be alleviated by swapping out the specific letters involved.”

Bambenek says that enterprises might send new hires for this certification for professional development, but to build a “true talent pipeline, enterprises should work with community colleges to develop cybersecurity programs. They should also be involved with their local Security BSides events with capture-the-flag or other security exercises.

Copyright © 2021 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline