Interview with Jonathan Brandt — Manager of ISACA’s Cybersecurity Practices
- Can you please introduce yourself to security Kaizen magazine readers (bio, experience, history, etc.)
As a cybersecurity practices manager for ISACA, Jonathan Brandt works across the organization as a subject matter expert aiding development of products and offerings that further ISACA’s Cybersecurity Nexus (CSX) portfolio.
Prior to joining ISACA, Brandt held various cybersecurity leadership roles within the U.S. Department of Defense throughout his 20 years of military service. Areas of professional focus include multi-discipline security, organizational leadership, project management, training and education, and workforce development.
2. Can you give us an overview about ISACA? What are the activities? What are the benefits for joining ISACA?
ISACA (isaca.org) helps global professionals by offering knowledge, standards, training, networking, credentialing and career development. Established in 1969, ISACA is a nonprofit association of 140,000 professionals in 180 countries. Its members include internal and external auditors, CEOs, CFOs, CIOs, educators, information security and control professionals, business managers, students, and IT consultants. ISACA has more than 200 chapters in more than 80 countries.
ISACA’s industry-leading certifications include:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified in Risk and Information Systems Control (CRISC)
ISACA offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource. The CSX program (https://cybersecurity.isaca.org) has many cybersecurity components, including cybersecurity certificate and certifications—Cybersecurity Fundamentals Certificate, CSX Practitioner Certification, CSX Specialist Certification (coming in 2016), CSX Expert Certification (coming in 2016), and CISM.
ISACA also provides and continually updates COBIT, a business framework to govern enterprise technology.
3. What are the types of memberships exist in ISACA?
ISACA offers individual memberships for professionals and students.
4. Recently, ISACA launched the CSX Certifications and Courses. Can you please give us more details about it? And why ISACA decided to create CSX ?
ISACA builds on its 45 years of global leadership in IT to do for cybersecurity professionals what we have done for professionals in IS auditing, control and governance over the past 45 years—and will continue to do. This was a natural evolution for ISACA to serve its 140,000 professionals worldwide.
As a global leader in cybersecurity, ISACA provides tools and training to help create a robust global cybersecurity workforce. ISACA launched the Cybersecurity Nexus (CSX) in 2014 to address the cybersecurity skills crisis through resources for every level of a cybersecurity career.
CSX Certifications and Training
CSX Practitioner—Demonstrates ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes.
CSX Specialist—Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover.
CSX Expert—Demonstrates ability of a master/expert-level cybersecurity professional who can identify, analyze, respond to, and mitigate complex cybersecurity incidents.
5. Can you give us any numbers, statistics or researches regarding the cyber security professionals shortage internationally?
According to ISACA’s 2015 Global Cybersecurity Status Report, 92 percent of respondents whose organizations will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates. Eighty-three percent believe cyberattacks are a top threat. Yet an alarming 86 percent say there is a global shortage of skilled cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack.
6. What differentiate CSX from other Cyber Security Courses in the market?
The CSX training and skills verification is an adaptive, performance-based cyber lab environment. ISACA is the first to offer PerformanScore, a learning and development tool that measures professionals’ ability to perform cybersecurity tasks based on their problem-solving approach. The tool is unique in its ability to recognize that there are multiple ways to respond to cybersecurity threats and it compares a professional’s actions against an adaptive scoring rubric in real time.
This is the first program to combine skills-based training with performance-based exams for certifications, and uses a virtual setting with real-world cybersecurity scenarios.
7. How do you see the future of cyber-attacks especially in the Middle East region? How CSX Courses will help employees to be prepared and ready for such attacks?
Cyber attacks will continue and increase in frequency globally. Cyber criminals do not take a holiday. Geopolitical conflicts will continue to spill over to cyberspace in the form of ideologically and politically motivated attacks.
Significant amounts of technology, both hardware and software, is imported globally to include cyber security tools. For that reason supply chain management is critical in thwarting hidden malwares, backdoors or flaws and other vulnerabilities.
However, there is always risk that translates to an urgent need for skills capable of critically inspecting them before deployment—especially in critical infrastructure and critical industry sectors.
Also, enterprises should strengthen cyber security with staff that is trained and certified in cyber security. Developing, and maintaining, strong cyber security skills is a critical part of the solution.
CSX certifications and training is designed to help professionals build the skills needed at every level of a career in cyber security. The performance-based training and exams prepare professionals for real-world scenarios and the evolution of the ever-changing threat vector.
8. What was the moral of CSX 2015 North America conference? Do you plan to have it as a yearly conference?
The CSX 2015 North America conference was sold out and attendees responded favorably in feedback throughout and after the conference.
The CSX conference will be held annually in North America and is expanding globally in 2016.
9. In 2016, do you expect higher investments in cyber security workforce?
According to a survey by ISACA and RSA Conference, State of Cybersecurity: Implications for 2015, 56 percent of organizations responded they will spend more on cybersecurity in 2015, and 63 percent say their executive team provides appropriate funding.
10. Finally, what is your advice for governments, users and organizations to stay secure?
It is uncommon for an organization to not have a security awareness program. The question is, is the security awareness program effective? 360-degree evaluations can be a useful tool to glean data about your security climate and make adjustments.
As threat environments evolve, so too should your security needs. The cybersecurity market is inundated with solutions that often carry expensive price tags. Cybersecurity should be infused into all facets of business and when a solution has exceeded its usefulness, you cannot be afraid to move on.
Lastly, it is critical to stop treating cybersecurity differently. It is technological risk and requires daily hygiene, similar to information, physical and operational security. Many would never leave sensitive information (e.g, salary data) in a common area, leave their doors unlocked at night or freely give out keys to their home. Yet, these are the exact things—in a digital world—that attribute to many incidents.