Monday, October 9, 2017

Beyond criticisms

As Bill Gates said "We all need people to let us have feedback. That's how we can improve”. It's easy to say but criticism, while constructive, is not always as easy to hear as it sounds. However, the best way to grow and improve is to know how to fit the contributions of others. In the interview of the week we talked about David Shearer, CEO in (ISC) 2. For those who don´t know it (ISC) 2 is the world's leading institute dedicated to the education and certification of professionals in Information Security and Cybersecurity. Being a great institution is not surprising that they also face criticism, the difference is that they know how to manage it correctly.

In the networks they are still talking about the Annual Congress held by the (ISC) 2 from 25 to 27 September. The event has been a success but, not everything is great and it has faced numerous criticisms during the last few years. The main reproach lies in the repetition of themes, becoming for some a repetitive and redundant event. But Shearer doesn´t flatter himself and despite being clear about success, his voice doesn´t shake when he says he knows there are things to be improved: "We have to build better bridges between CTO and CIO communities, which are not considered as such in the cybersecurity sector. We have to get ahead of their vision by learning how things are done. We need to start taking part in your conferences". And today, the size of the audience is not as important as its diversity.

If all these criticisms exist, it is, in fact, because the cybersecurity sector is on everyone's lips. It has become, or should be converted if it has not already done so, into one factor to take into account within the companies. (ISC) 2 is aware of this evolution and, to adapt to the new reality, is committed to decentralization, establishing a director of cybersecurity in each region. This allows regional managers to focus on the more functional side of their work. In Shearer's words, "The new regional directors will be more like a CEO for that region, focusing on projecting and motivating members both internally and externally"

A large part of the (ISC) 2 investments are based on employee training. In this way it offers opportunities to members and gives them the most up-to-date information of the moment. According to Shearer: "Regarding vocational training opportunities, we focus mainly on events, but when we measure the number of members reached, they are only 5% or less, which is not a good result. We need to evolve as to ways to reach more members. We belong to the information technology sector and we need to leverage current organizational tools so our members are trained at all times. "

But not only the Annual Congress lives (ISC) 2, its CISSP high level certifications are also world famous. But these titles are also going through a time of turbulence and criticism centered especially on the great breadth of the CISSP certification, because it is already known that "sometimes which has bitten off more than it can chew." But Shearer argues: "A CISSP is not about setting up a network. I myself would not even be able to configure my home network, for that I would use a manual. The CISSP is about understanding the holistic nature of corporate security. One company knows that by hiring someone with a CISSP, it hires someone who has proven the ability to measure the vast nature of cybersecurity. "

Although the cybersecurity industry is booming, there is an invisible barrier that makes it difficult to reach new generations. Shearer says: "We need to talk to them in their own language because they are the new generation for all disciplines. We need to know what they want". Shearer believes that the problem in attracting young people to the sector is their perception of cybersecurity, in their own words, it´s seen as "a restrictive sector". This is not appealing to millenials as they are resourceful and creative and we like the concept of limitation and restriction. "Currently less than 6% of the sector is below 30 years. This is not something that can be solved overnight.”

Aware of the changes and improvements needed to move forward David Shearer is one of the most influential people in cybersecurity. The easy access to the concerns and concerns of the directors of the main companies and institutions of the sector gives us the opportunity to move ahead and take action before that reality knocks at our door. But in addition to serving to see which can fall on us, also serves to learn how to extract the best of each critic. After all, one is as exposed to criticism as the flu.


Post a Comment