The non-profit IT security trade group polled
700 information security professionals and found that close to a
majority of respondents said there is a gap between existing
certification programs and specific cybersecurity skills needed in the
However, 69% of respondents opposed a proposal by the
Center for Strategic and International Studies (CSIS) to establish a
Board of Information Security Examiners to enforce certification
requirements designed to close the skills gap.
In a draft report, the CSIS Commission on Cybersecurity for the 44th Presidency recommended
that a licensing system be implemented for information security
professionals, similar to the one for CPAs and medical professionals.
full 48.7% of survey respondents opposed imposing a licensing system on
information security professionals, more than double the number who
supported the proposal. Instead, respondents favored working within the
current system to improve information security certifications.
of the respondents had concern about the proposal that the US
government should establish a licensing board for information security
professionals”, said W. Hord Tipton, (ISC)² executive director and former chief information officer of the Department of the Interior.
Tipton told Infosecurity
that the draft report was prepared by a closed group of experts who did
not vet the report with information security professionals. (ISC)² and
other certification and educational organizations communicated to the
commission that the existing information security certification programs
are adequate to close the cybersecurity skills gaps in the federal
The executive director said that setting up a
government-run licensing board would result in unnecessary time and
expense to certify the hundreds of thousands of current information
security professionals who already have the skills needed to get the job
In the draft report, the commission also recommended an
emphasis on technology-specific certifications as a means of
replenishing the current shortage of qualified professionals in the
federal government and a shift in focus in training and certification
from security principles and best practices to technical skills.
majority of respondents opposed these two proposals: 52% opposed
technology-specific certifications and 53.7% opposed a shift in focus of
training and certification toward technical skills.
federal government needs to determine what specific types of
certifications are needed to improve the skills of the workforce that is
already on the front-lines, said Tipton. “This is not a
one-size-fits-all situation. Part of the thing that creates the
impression that the existing system is not working is because many of
the organizations that have used certifications historically have not
put those people in the appropriate positions”, he said.
no silver bullet. There is no one credential that will meet all of your
needs….We need a combination of good, solid technology hardware and
monitoring equipment and we need people trained to operate that
equipment, along with a good training program for the end users; these
are really the keys to this whole puzzle”, Tipton concluded.
The commission’s final report, titled A Human Capital Crisis in Cybersecurity,
toned down some of its recommendations in response to information
security industry feedback. However, the commission did retain the
proposals to set up a Board of Information Security Examiners as a