New certification aims to validate knowledge of foundational cybersecurity concepts and best practices to address skills gap. Is another cybersecurity qualification the answer? Credit: DNY59 / Getty Images Global cybersecurity membership association (ISC)2 has announced plans to pilot a new entry-level cybersecurity certification to validate the fundamental skills and abilities necessary for entry-level positions. Aimed at addressing cybersecurity workforce shortages, the new certification will provide employers means to verify new entrants’ knowledge of foundational cybersecurity concepts and essential best practices, along with supporting industry newcomers with clear and attainable career pathways into the field.The new qualification will also provide more clarity for candidates who aspire to obtain the CISSP credential. “This approach underlines our commitment to making cybersecurity a more accessible, inclusive, and diverse profession,” commented Dr. Casey Marks, chief qualifications officer, (ISC)2. “This certification will give employers the confidence that newer entrants into the sector have a solid grasp of the right technical, ethical, and operational practices on which to build and learn.”Cybersecurity sector asked to contribute to new certification(ISC)2 has invited the cybersecurity industry to contribute to the development of its new entry-level certification, asking security professionals to complete a survey to help create an outline for the certification examination and establish which specific knowledge, skills and abilities that are to be included. “Before a certification program becomes formally operational, a rigorous process of exploration, research and validation is necessary to ensure the qualification meets its intended purpose, as well as the demanding standards of the cybersecurity community,” the company wrote on its website. No publication date had been announced at the time of writing.Are cybersecurity certifications necessary for entry-level roles?(ISC)2 cites both need and demand for the certification in response to the growing trend of people entering the cybersecurity workforce without substantial prior IT experience. This is something it highlighted in its recent (ISC)2 Cybersecurity Career Pursuers Study, which revealed that half of newer cybersecurity professionals do not come from an IT background. According to (ISC)2, the new certification will help address this issue by enabling practitioners to demonstrate to employers their familiarity with foundational cybersecurity concepts to set them on a pathway to more strategic and experience-driven roles. Kevin Curran, professor of cybersecurity at Ulster University and senior member of the Institute of Electrical and Electronics Engineers, expects hiring companies to respect the certification as (ISC)2 itself is well regarded in the cybersecurity community. “For growth industries like cybersecurity, there is not enough staff to meet demand – driving up wages now and into the foreseeable future. A certification like this should act as a motivation for any young person considering a career in cybersecurity,” he tells CSO.Industry certificates will always play a role, with many of the larger companies having a vested interest in them, Curran adds. “These can be of high quality and very useful for those looking to pursue careers in cybersecurity.” In contrast, Netenrich Principal Threat Researcher John Bambenek doubts whether another cybersecurity certification is the correct route to take. “Companies still view the CISSP as an entry-level certification even though it requires years of experience to acquire,” he tells CSO. “The mindless gatekeeping of requiring advanced degrees and then certifications just to get your entry level job isn’t going to be alleviated by swapping out the specific letters involved.”Bambenek says that enterprises might send new hires for this certification for professional development, but to build a “true talent pipeline, enterprises should work with community colleges to develop cybersecurity programs. They should also be involved with their local Security BSides events with capture-the-flag or other security exercises. Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe