Blog
#ISC2Congress 2022: Empowering the Cyber Community
(ISC)² CEO Clar Rosso opened Security Congress in Las Vegas today by revealing this year’s event theme – EMPOWER.
“Security Congress is about (ISC)² helping to empower you to strengthen your efforts against the bad guys, helping you to more effectively secure our information and our systems, and helping you to be more successful,” she said.
Clar told attendees at the event, taking place today through Wednesday, that they are stronger together. Drawing on the power of community, the community will create “a more safe and secure cyber world.”
Cybersecurity, she said, has taken center stage across the world. While in the past it was a luxury that only governments and big enterprise could afford, it is now a critical need for every business and household.
Despite how critical it is, Clar said, “it has been horribly under-resourced for far too long.” However, governments and regulators are waking up to the need. “They are talking about cybersecurity at a deeper level than they ever have before. They’re talking about the workforce and the skills gap. They’re asking, ‘What will it take for us to develop qualified professionals who can help you on your teams?’”
And while it may seem like it’s about time, Clar said, the current situation reminds her of when she and her husband invited their child’s entire kindergarten class to a birthday party.
“They all showed up, and their parents all went out for happy hour.”
She said more education is needed, as well as “positive, prudent, pragmatic smart public policy.” Noting there is a skills gap of 3.4 million cybersecurity professionals, Clar said the cybersecurity community needs a new way of thinking. This means working collectively to affect change, creating new pathways into the profession, and recruiting nontraditional applicants to the field.
“We need to look inside and outside our organizations for career changers and value the unique experiences and the perspectives that they bring to the table We need to build our teams from the ground up from the entry level to the CISO.”
To help bring change, (ISC)² is delivering solutions to enable the next generation of cybersecurity professionals. This includes a new entry-level certification called Certified in Cybersecurity, which the association is currently offering for free. “Since we launched the pilot in January, we’ve had about 60,000 people globally who have engaged in the program. Over 20,000 have signed up for their exams. And over 7,000 have already taken their exams.”
CEO Award
During the Congress opening presentations, Clar awarded Andrew Smeaton, CISO at Afiniti the (ISC)² CEO Award for his efforts to get the family of one of his co-workers out of Ukraine a few days after the Russian invasion started.
Andrew acquired a small hatchback that he drove from Poland to Ukraine to pick up the family, their dog and cat, and drive them back across the border to Poland. “I swear to God, if James Bond had an Aston Martin that day and was racing me in our little car, I would’ve won just out of fear,” Andrew said, recounting the rescue.
As a result of the experience, he said he learned four important lessons about readiness and business continuity:
- Stay abreast of current events.
- Respond early.
- Communicate early and often.
- Understand how people tend to response in a crisis.
Regarding the fourth point, Andrew said that some people in Ukraine were in denial about the Russian invasion right until it happened. Some people responded with bravado he said, while others “really froze” and yet others “broke down.”
Andrew thanked the cybersecurity community for their offers of help and money for people affected by the war once word got out about his rescue effort. He had wanted to keep the story a secret but it nevertheless got out.
Women in Cybersecurity
Another of the morning speakers was Mari Galloway, CEO and founding board member of the nonprofit Women’s Society of Cyberjutsu. Mari recalled her experience leading up to the organization’s creation.
It all started with disillusionment. She had taken a job as a network engineer. “I was like, yes, I’m going to be the best network engineer ever. Two months in, I hated it. I almost left the industry. I was the only female. I was the only minority on my team and my manager wanted me to be the secretary and do slides for meetings. And I was like, yeah, I don’t want to do that,” Mari recalled.
She eventually became interested in cybersecurity and earned the CISSP certification. After failing the exam on her first try, she talked to a friend who recommended joining a study group. “And when I went there, I was like, ‘Holy crap. There are other women studying for this wanting to learn, wanting to get educated in cybersecurity, wanting to be hackers and all these great things. And the rest is history.”