Cisco launched a $10 million scholarship program and enhancements to its security certification portfolio to address the cybersecurity skill shortage being felt by businesses and government organizations globally.
It takes companies as long as six months to find qualified security candidates, according to The Information Systems Audit and Control Association (ISACA). This comes at a time when businesses are struggling to keep pace with cyber attackers as exploits become more frequent, sophisticated, and damaging. These attacks are increasingly launched by well-funded organizations.
What’s more, industry reports estimate that it takes companies well over three months to determine that systems have been compromised, says Tejas Vashi, senior director of Cisco Services. According to the Cisco 2016 Annual Security Report, 59% of the security professionals surveyed said their organization’s security infrastructure was up-to-date and constantly upgraded. “But 41% are openly saying, ‘we are not ready,’” Vashi says.
Additionally, many organizations do not think they have enough qualified professionals to adequately deal with security threats, Vashi notes. According to the State of Cybersecurity; Implications for 2015, by ISACA and RSA Conference, 84% of the security executives surveyed said only half of applicants for security jobs are qualified. Additionally, they said only 45% can determine the scope of an attack and remediate the damage.
The goal of the Cisco Global Cybersecurity Scholarship program is to address the cybersecurity talent shortage, Vashi says. Cisco will invest $10 million in a two-year scholarship plan that will offer training, mentoring and certification that align with the security operations center analyst industry job role. The aim is to provide the on-the-job readiness required to meet current and future challenges of network security. The program will be delivered in conjunction with key Cisco Authorized Learning Partners, Vashi says. Scholarship awards are available from August 1, 2016, until the end of July 2017.
Cisco is looking to bring more diversity into the talent pool by attracting university students just starting in their careers, women in technology, and veterans. “We want to leverage folks coming out of the universities, who may have done internships and have some understanding of security and IT,” Vashi says. “A diverse workforce is critical because it allows you to think out of the box and come up with new perspectives.” That diversity could be based on culture, gender or other attributes, he says. In addition, every year many veterans leave active duty and come into the workforce. So the program will provide an ecosystem to identify and vet qualified candidates who would be interested, he says.
Additionally, Cisco is introducing a new Cyber Ops Certification to its portfolio of security certifications and revising its CCIE Security Certification. CCNA Cyber Ops focuses on the role of the security analyst working in a Security Operations Center (SOC), which monitors systems and detects attacks. It introduces IT personnel to some of the skills needed in a SOC, giving them an understanding of how responses are coordinated.
The CCNA Cyber Ops expands Cisco’s existing associate-level certification offerings. This includes the CCNA Security designation, which focuses on the network security administrator role, Vashi says.
The CCIE Security revision addresses new expert-level skills and education needed to prepare security personnel for evolving technologies and security threats, including Advanced Threat Protection, Advanced Malware Protection, Next-Generation IPS, Virtualization, Automation and Information Exchange. The certification also includes a new assessment approach focused on ensuring that candidates demonstrate knowledge and skills with evolving technologies, such as network programmability, cloud computing and the Internet of Things.
“IoT alone is generating more data than ever before and sensors are being put out into the network to drive new business outcomes for industry,” Vashi says. “Every time you add a new device and information, a new point of vulnerability opens up,” he notes.