We feature training in the July 2020 print edition of Professional Security magazine. To take that topic further – because some people furloughed are taking the opportunity to do some learning, and even if they are at work, even during a lockdown and a pandemic, the need to keep learning doesn’t end; quite the opposite.
Recently The Chartered Institute of Information Security (CIISec), QA and APMG partnered to develop the Information and Cyber Security Foundation (ICSF), described as an entry level exam. Amanda Finch, CEO of CIISec, was featured in the September 2019 print edition of the magazine.
She said: “At this challenging time people will be looking to up-skill and display knowledge they have. If someone has taken an interest in the profession we want them to be able to validate this, the ICSF exam is the first stepping-stone in a cyber security career. The skills shortage is discussed a lot in our industry, so we wanted to collaborate to encourage more new joiners into the profession, to validate a foundational knowledge and help people stand apart at the beginning of their cyber security careers.”
The course offers, CIISec says, a basic level of knowledge in information security; those who pass the exam get Accredited Affiliate level membership of CIISec, a ‘digital badge’ and can add to their business cards the postnominal AfCIIS. The course is self-study; you have to take 100 multiple-choice questions in a two-hour online exam, with a pass mark of 65 per cent and distinction of 80pc.
That course is one of the ways that CIISec is looking to professionalise the infosec sector, and incidentally progressing it beyond general security management. The course might serve as an entry into infosec for security managers, or for understanding of that field for the generalist. Assuming that cyber is the go-to sector for anyone in security management – where the work, rewards and respect are? – how do you go about learning about it, and (not the same thing) gaining certificates as evidence?
For as Amanda Finch implied, it’s a given that the UK and world are short of cyber talent; and the infosec sector is debating how to bring in, and retain such talent. There are hitches that make it harder for entrants, whether college leavers or those already experienced in work. The truth is that there is no shortage of courses or institutions, academic and other, offering courses; but which are the right ones for each person? It depends where the individual wants to go.
Consider the doctoral research by CREST – the UK Government-funded Centre for Research and Evidence on Security Threats. Typical topics studied by academics in recent years have been phishing and insecure cyber behaviour; how terrorists become radicalised online; how to keep secrets online; the risks from ‘digital hoarding’. In other words, cyber can also be about criminology, computer science, international relations, law, management, politics and religion, and psychology. The academic and other course options in those fields are huge for undergraduate and postgrads alike.
