Interview – Chris Green – (ISC)²
Interview Chris Green
DAN ASSOR [00:00:01] Okay. Hi and welcome back. So our next guest this morning is Chris Green from (ISC)2. Hi, Chris. How are you doing?
CHRIS GREEN [00:00:10] Hello Dan, I’m doing good.
DAN ASSOR [00:00:12] Excellent. Thank you for joining us today. So, Chris as for with the others, it would be great if you could just tell us a little bit about yourself and also about the organisation, please.
CHRIS GREEN [00:00:22] Yes, sure. About me. I’m the Head of PR and Communications here at (ISC)2 looking after EMEA. So now I’m responsible for all of our outward communications to the industry, to our members, as well as to the wider media and cybersecurity community about everything that we’re doing here in (ISC)2. For those who don’t know who (ISC)2 is, we are the world’s largest non-profit membership organisation for cybersecurity professionals. We represent more than 150,000 people worldwide who hold our certifications. We produce a number of certifications for cybersecurity professionals. We’re perhaps best known for the CISSP, the Certified Information Systems Secured Professional certification, which is one of the most recognised cybersecurity certs in the world.
DAN ASSOR [00:01:15] Thank you. Can you tell us a bit about the members? Is it quite a broad church in terms of the types of businesses?
CHRIS GREEN [00:01:21] It’s a very broad church you know, certified professionals come from large and small organisations, from the public and private sector and across a wide spread of verticals. It really is representative of the fact that cybersecurity challenges touch every facet of business, government and public service.
DAN ASSOR [00:01:40] Sure. Thank you. And in terms of the cybersecurity skills gap, how, can you tell us a bit about that? How do you think we can overcome it? So what are the current gaps, do you think?
CHRIS GREEN [00:01:52] Sure. Well, the ultimate challenge that we have in simple terms is that there is a huge supply and demand issue globally. We look at this on an annual basis as part of our annual cybersecurity workforce study. And our most recent data has shown that the global gap for cybersecurity skills has now increased to 2.9 Million globally. Now, that in itself is huge and is significantly up from the previous year. And it’s the fact that the demand for cybersecurity skills and capabilities has grown exponentially and continues to grow. And it’s far outpacing the number of new people coming into our organisation and in the industry. The number of people career changing into cybersecurity. So, you know, we have a huge issue. And in terms of how we plug that, there’s a number of things that that can be done. I mean, first and foremost, it’s about broadening the pool of talent. So organisations need time to actually think more widely about where they’re going to bring people in from. So that’s not only upskilling a multiskilling existing personnel, but it’s also about trying to find ways to encourage people to career change into cybersecurity and also looking at how they address issues of things like diversity and inclusion in order to again widen the pool and make a career in cybersecurity more appealing to a wider group of people. And then, of course, on top of that, once you’ve actually got the people, it’s about ensuring that the training, the education and the continuous learning is in place to actually equip them to be effective professionals.
DAN ASSOR [00:03:27] Sure, thank you. And is it still true, I mean, when we come to the issue of passwords that people put on their laptops and smart devices, is it still true people still use passwords like the word password?
CHRIS GREEN [00:03:41] I’m sad to say, yes, there is. As much as the industry is trying to sort of, I suppose, force that out by, you know, applying more stringent requirements on what passwords can be. You know, increasingly when you’re signing up on a website, there will be like a minimum threshold about what a password can be. And it must contain letters and numbers and symbols and lowercase and uppercase. Just to kind of force your way from the obvious ones, like password, one, two, three, four, and all those kind of things. But, you know, there are still those fundamental problems. You know, we see those across the workforce generally, you know. And, you know, it’s one of the biggest challenges that cybersecurity professionals face is really educating the rest of the workforce within their organisation about best practise.
DAN ASSOR [00:04:29] Sure. Now, that makes sense. And how is the recent pandemic impacted workplace I.T. security, do you think?
CHRIS GREEN [00:04:36] Well, it’s had a huge impact. I mean, from the outset of the lockdown, not just in the U.K., but globally, organisations increasingly found themselves having to take creative solutions in order to actually deliver the mass shift to remote working that was required. Not every company was set up to be able to just flip a switch and put 100% of their workforce into remote and dispersed working. In order to actually make that happen, some companies have to revisit and loosen some of their cybersecurity approaches and policies in order to facilitate that. I mean, that can be anything from now allowing individuals to work on their own machines at home, rather not company hardware, relaxing the requirements, things like VPN’s, letting people install their own software. All these kind of things is a lot of challenges that a lot of corners that had to be cut in order to do this, you know, on an overnight basis. As we now what, 3 and a half, 4 months into the lockdown and the pandemic in many places companies are now having to rethink, you know, one, their cybersecurity policies for the long term. How do we actually deliver distributed working for the long term in a secure fashion? Also, companies are having to start thinking about well, how do we roll back some of those concessions that we put in place in a hurry in order to do this? And how do we roll them back without actually impacting the workforce and our ability to function?
DAN ASSOR [00:06:07] That absolutely makes sense and how do you think the, do you think cybersecurity threats generally are understood by the mainstream population? I mean, they’re very more on vogue, they’re in the news or certainly the big ones that happen are with the bigger organisations?
CHRIS GREEN [00:06:24] Well, you touched on a great point there. One of the biggest challenges I think that we face in the industry is the perception of cybersecurity. And, you know, it’s arguable that those who work outside of cybersecurity, everyday workers, consumers, everything else you know, so much of their view of cybersecurity is influenced by the media that they consume. So that’s the news stories they’re reading about data breaches right the way through to the movies that they watched that feature cybersecurity issues. And that for cybersecurity professionals can be part of the challenge. Because, you know, the overblown Hollywood approach to cybersecurity is a definite problem that you have to overcome in terms of explaining to people that that’s not really how it works in the real world. As well as obviously dealing with the more exaggerated and often, you know, fear-mongering that we sometimes see in the mainstream press when, for example, there’s a data breach or a ransomware attack. You know, we rely on cybersecurity professionals to filter that noise and provide a sense of reason to what’s going on, but also, more importantly, to educate on the realities, you know, as people who are on the front line dealing with this stuff, cybersecurity professionals are far better placed to actually explain to the rest of their colleagues the realities of why we do what we do, and what to do if something happens like for example a virus finds its way onto a computer or you believe that there’s been a breach in the system and someone’s passwords details have got out.
DAN ASSOR [00:07:53] Sure, appreciate that. So, Chris, sadly, we’ve run out of time, but thank you for your time today. That’s Chris Green from (ISC)2 with some fascinating insights there into the world of cybersecurity. We’re just gonna go to a quick break and after the break, I’ll be joined by Ciaran Rafferty from Clearswift.