ISACA is First to Combine Skills-based Cybersecurity Training with Performance-based Exams and Certifications to Address Global Cyber Talent Shortage

April 16, 2015

5 Min Read


Rolling Meadows, IL, USA (16 April 2015)—ISACA today introduced a portfolio of new cybersecurity certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. Global Knowledge, a leading IT and business skills training provider, is ISACA’s first authorized training provider for the CSX portfolio of courses, available in the third quarter of 2015.

The recently released State of Cybersecurity: Implications for 2015 study by ISACA and RSA Conference reveals that 82 percent of organizations expect to experience a cyberattack in 2015, yet more than one in three (35 percent) are unable to fill open cyber security positions. Less than half feel their current security teams are able to detect and respond to complex incidents. In addition, a million cyber security jobs around the world remain unfilled, according to the Cisco 2014 Annual Security Report. This gap between supply and demand is fueling a widespread vulnerability that has seen cyberattacks emerge as a top technology risk in the World Economic Forum’s Global Risks 2015 report.

Through CSX, a single resource for knowledge, tools, guidance and training at every stage in a professional’s career, ISACA is helping build a global cyber security workforce trained to combat advanced cyber threats and is providing a way for organizations to be confident that they are identifying and hiring employees with the right skills.

CSX training and certifications are now offered for skill levels and specialties throughout a professional’s career. ISACA already offers the Certified Information Security Manager (CISM) designation for those at the management level, and the Cybersecurity Fundamentals Certificate for those new to the field. Training is not required prior to taking an exam, but is recommended. The new certifications are:

  • CSX Practitioner—Demonstrates ability to serve as a first responder to a cybersecurity incident following established procedures and defined processes. (1 certification, 3 training courses; prerequisite for CSX Specialist)

  • CSX Specialist—Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. (5 certifications, 5 training courses; requires CSX Practitioner)  

  • CSX Expert—Demonstrates ability of a master/expert-level cybersecurity professional who can identify, analyze, respond to, and mitigate complex cybersecurity incidents. (1 certification, 1 training course; no prerequisites required)

All of the new certifications are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, NIST SP 800-53 Revision 4, ISO 27000, and the COBIT 5 framework.

“ISACA recognized the need for a different approach to cyber security training and certification because global businesses need more effective ways to identify and hire skilled professionals,” said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “In today’s threat environment, relying on technical staff who don’t have skills-based training and credentials is like relying on an army that has read a manual about strategy but has never engaged in combat.”

The CSX training and certifications were developed over a two-year period by a working group of global chief information security officers (CISOs) and other cyber security experts and went through a rigorous peer review by more than 100 experts. The innovative course delivery and testing components are the result of a collaboration with the Art of Exploitation® (AoE™) cyber security team of TeleCommunication Systems, Inc. (TCS) (NASDAQ: TSYS), a world leader in cyber security training and enterprise solutions.

Innovative Virtual Cyber Lab

A key feature of CSX’s training and skills verification is an adaptive, performance-based cyber laboratory environment. A professional’s skills and abilities are measured in a virtual setting using real-world cyber security scenarios.

PerformanScore®, a learning and development tool that measures a professional’s ability to perform cyber security job tasks, was specifically developed by TCS’ AoE team to allow trainers to provide exemplary guidance to professionals, based upon the professionals’ problem-solving approaches.  Recognizing that there are multiple ways to respond to cyber security threats, PerformanScore is unique in its ability to measure performance skills across the entire solution set of possibilities. The tool compares a professional’s actions to grading criteria, which is then referenced against an adaptive scoring rubric in real-time, enabling the instructor to provide specific feedback and allowing a professional to better learn and understand more efficient cyber security techniques. ISACA is the first organization to offer PerformanScore.

“The new CSX certifications will provide a benchmark that will help shape the future of cyber security hiring and career progression,” said Eddie Schwartz, CISA, CISM, chair of ISACA’s Cybersecurity Task Force and president and COO of WhiteOps. “Keeping cyber security skills current is a moving target, and by evolving with the industry and the adversaries they are facing, the CSX certifications will help ensure that our teams will have the most valuable and current skills, and organizations will know that candidates have the skills to address cyber security incidents from their first day on the job.”

Availability and CPE

CSX Practitioner training will be available in June 2015, with the exam available in July. Training and exams for the CSX Specialist series and CSX Expert certifications will be available during the second half of 2015. Continued professional education (CPE) will require certification-holders to annually demonstrate skills in a lab or other skills-based environment in addition to participating in knowledge-based learning. Certification-holders are required to re-test every three years at the highest level they have achieved.

More information about the new CSX certifications is available at and


A global association of 140,000 professionals in 180 countries, ISACA® ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for cybersecurity, and IS audit, assurance, risk, privacy and governance professionals. The association has more than 200 chapters worldwide.

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),   

Like ISACA on Facebook:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights