(ISC)2 CISO: We aim to lower the barrier to entry for cybersecurity

(ISC)2’s Jon France discusses the importance of having the right people in cybersecurity and the need for more education in the space. The post (ISC)2 CISO: We aim to lower the barrier to entry for cybersecurity appeared first on Silicon Republic.

(ISC)2 CISO: We aim to lower the barrier to entry for cybersecurity

Jon France is an information security professional and CISO at the International Information System Security Certification Consortium, or (ISC)², a non-profit organisation that specialises in training and certifications for cybersecurity professionals.

France is a certified information systems security professional (CISSP) has more than 25 years of experience building and leading diverse technology and security teams. Prior to joining (ISC)², he led the industry security function at GSMA, a member-led organisation representing mobile operators and the wider telecommunications industry.

There, he was responsible for ensuring that the mobile sector anticipated and addressed security and fraud threats across the mobile ecosystem by working closely with operators, vendors, governments, regulators, standards bodies and industry leadership.

France is the first chief information security officer for (ISC)², having been appointed in January 2022.

‘Good security is effective, great security is seamless’
– JON FRANCE

In his role, is responsibilities include advocating for cybersecurity professionals and narrowing the skills gap, working with the organisations leadership and IT teams to ensure its operations are secure, and highlighting the wider cybersecurity profession and the value of training, skills and development.

What are some of the biggest challenges you’re facing in the current IT landscape?

The complexity of systems and the volumes of data systems now process, store and move, along with the nature of distributed systems. Technology stacks are diverse and complex, as well as geographically distributed, involving many vendors.

Coupled to this is ensuring appropriate controls, which requires the right skills and leadership. As a result, we have a few challenges such as systems complexity and diversity. The solution to these is risk management, ensuring you have the right people to address and a voice at the right level.

What are your thoughts on digital transformation in a broad sense within your industry?

The continued rapid digitisation of many industries, especially those that traditionally have not had to rapidly adopted deep digital business methods but now must due to Covid-19, is driving demand for a broad diverse skilled IT and cybersecurity workforce.

At (ISC)2, our mission is to be a pivotal champion in developing and accrediting these skills, contributing to closing the workforce gap as well as building a pathway for people to get into cybersecurity.

More directly for our business, we have moved even more of our learning and services online to support our members and those pursuing a certification, building capability and capacity to support those changes.  

How can sustainability be addressed from an IT perspective?

The collective response to Covid-19 has demonstrated that many aspects of industry and services can deepen their digital footprint, gain efficiency and reduce the need for movement of people, so in one sense IT is helping in both dimensions.

Communications connect people globally to each other and to services with minimal effort – saving not only distance travelled but also the time taken to travel.

Movement of goods and physical items of course still happens but is far more efficient through exploiting digitising logistics chains, using digital twinning to generate data and insights that can be used in modelling and control leveraging machine learning, etc.

Part of ensuring resilience in this area is also the ability to maintain and secure digital components, as well as having an appropriately skilled workforce.

What big tech trends do you believe are changing the world and your industry specifically?

There are many to choose from, but three that are front of mind right now are:

  • Machine learning (ML) and artificial intelligence (AI) – doing a great job at getting answers from large datasets, reducing the amount of time to get to insights. They’re also highly effective in the cybersecurity world for sifting through large logs, etc and getting to possible internet of computing and internet of things issues.
  • Hyperconnectivity – all things connected to all things, again bringing us back to the IoT. This is really driving the world of efficiency and capability, as well as producing some of the key data that can be mined using ML/AI.
  • For the (ISC)2 mission, lowering the barrier to entry for people to get into and involved with cybersecurity at all levels.
How can we address the security challenges currently facing your industry?

Education, awareness, voice at leadership level and good risk management are all essential. Most of the security challenges are well known and already have proven solutions to the problem they pose. We just need the knowledge, understanding and discipline to implement and carry them out.

Good security is effective, great security is seamless. It is part of the engineering conversation, not applied to it. In operation, the basics – patching, remove defaults, knowing where your assets are, knowing what’s in your footprint – do make a significant positive difference. Importantly, stay curious and don’t ever think you have anything 100pc solved.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

The post (ISC)2 CISO: We aim to lower the barrier to entry for cybersecurity appeared first on Silicon Republic.