ISSA International to Solve “Missing Generation” of Cybersecurity Professionals with Launch of Industry-Wide Cybersecurity Career Lifecycle (CSCL) Program

Share Article

ISSA drives the future of the cybersecurity profession with comprehensive professional development framework

ISSA International Conference


The Information Systems Security Association (ISSA) today launched an industry-wide program to solve the global cybersecurity workforce gap. The ISSA Cybersecurity Career Lifecycle (CSCL) is a comprehensive professional development framework that maps all five stages of the cybersecurity career lifecycle and empowers cybersecurity professionals - from students to Chief Information Security Officers (CISOs) - to identify where they are in their career, where they want to go, and how to accelerate their growth.

The ISSA will also establish an International Consortium for Cybersecurity Education (ICCE), bringing together for the first time key stakeholders from the public and private sectors around the world to find a common solution for this shared problem. The CSCL and the ICCE will be announced today at the annual ISSA 30th Anniversary International Conference (#ISSAConf) in Orlando, FL.

The “Missing Generation”
The information security profession, which evolved largely in reaction to threats, is now paying the price of an entire “missing generation.” An estimated 300,000-1,000,000 cybersecurity jobs are vacant, and demand will likely rise as the private sector faces unprecedented numbers of data breaches and cybersecurity threats. The U.S. Bureau of Labor Statistics is predicting 22 percent growth in employment in cybersecurity by 2020.

One study shows the lack of qualified security talent is approaching a state of critical mass, where organizations are vulnerable to serious risk exposure (i). A recent Ponemon Institute study found that the lack of a strong security posture is directly related to the lack of sufficient security expertise (ii). Economists even predict the gap affects the effective adoption of key technologies in the enterprise and the public sector - and will, in turn, inhibit enterprise growth and economic expansion.

Despite the spotlight on cybersecurity skills as a national priority, widely accepted career definitions are still evolving. This lack of concensus makes it difficult for organizations to attract new entrants; for professionals to evolve their careers; and costly for organizations that often reinvent the wheel on job descriptions or hire for the wrong role.

The Cybersecurity Career Lifecycle Framework
As the only independent global organization for cybersecurity professional development, the ISSA is in a unique position to bring the industry together to address these critical issues. The CSCL is driven by a steering committee of industry influencers who provide guidance to task forces and assist with outreach to industry partners. It was developed in collaboration with chief information security officers and cybersecurity experts from leading companies, agencies and from universities from around the world. Seventy-five experts participated in the first development phase of the CSCL framework development.

The CSCL framework defines and maps the five stages of a cybersecurity professional’s career:

  •     Pre-professional (students, young adults, etc.)
  •     Entry level
  •     Mid-career
  •     Senior level
  •     Executive level

For each stage, the framework provides a common definition of the required Knowledge, Skills, and Aptitudes (KSAs) and responsibilities; how to be successful in each level; and how to get from one career stage to the next. Each level can have multiple tracks and path options.

The second phase of the CSCL will focus on an Assessment Tool. This tool will offer a skills and career level analysis, and it will recommend career plans tailored to each individual professional. The CSCL Assessment Tool initially will be made available to ISSA members.

The ISSA will also offer guidance and resources for professionals to achieve their career goals and will work with other service delivery providers to offer security education programs that support the stages of the CSCL framework.

Supporting Quotes

“A good workforce is about diversity and not limiting oneself.. It is about aptitude, curiosity and creativity - and a commitment to training and education over time,” said Admiral Michael S. Rogers, Commander, US Cyber Command, Director, National Security Agency and Chief, Central Security Service, in his keynote address at the ISSA International Conference, noting that degrees alone don't always reflect potential or talent. He added, “The way forward is that we first need to come to consensus on professional standards. As an example, the medical practice has over 100 specialties. This is a good model. We need to take the lead from the private sector. We hope for this consensus on an initial set of structures and standards that will evolve over time.”

“This problem cannot be addressed by one single entity, it is a global problem that the profession needs to address as a whole. ISSA is uniquely positioned to lead this effort for the profession, since we are the profession. The CSCL is an example of how ISSA is enabling cybersecurity professionals to drive their own destiny.”
-“Candy” Alexander, CISSP, CISM, Towerwall Inc.; ISSA Hall of Fame; and Distinguished Fellow and Director, ISSA International

“Companies are having a hard time finding the security professionals with the right combination of business and technical savvy that they need to combat growing threats, and schools are not graduating enough students with the necessary skills or experience for entry-level positions. It is imperative that we attract new talent and that new entrants, as well as those further into their careers, have a path to follow to accelerate their success. With the introduction of our Cybersecurity Career Lifecycle, we are creating a structured approach to career growth within this unique and rewarding profession.”
-Stefano, Assistant Professor, Politecnico di Milano; Director, ISSA International; and Chair, ISSA International Conference

"We have parallel problems in the UK. A recent study we conducted shows that nearly a third of professionals progress to their current positions from general IT or non-IT roles. The window of entrants is narrowing, and there are limited opportunities for candidates with generalist IT qualifications. There is a real need for better entry routes into cyber security specific careers and for more defined career paths in order to build a bigger and more diverse pool of skilled professionals that organizations can choose from. As the largest international association of cybersecurity professionals, the ISSA is perfectly poised to develop this process worldwide.”
-Geoff Harris, CEO, Alderbridge Consulting; and Director, ISSA International

“The CSCL is an important ISSA program aimed at defining career paths for the international cybersecurity workforce based upon a common, agreed upon body of knowledge, skills and abilities that define cybersecurity roles, and responsibilities to meet the ever-increasing security needs of government and business.”
-Patricia Myers, CISSP-ISSMP, CRISC; Co-Chair, ISSA CSCL Program; Past President, ISSA International and Distinguished Fellow, ISSA

“The development of the CSCL is a demonstration of our leadership for building the profession to ensure qualified professionals for our future.”
-Bill Danigelis, CISSP; ISSA Honor Roll; and ISSA International COO

“Without a program like the CSCL the level of breaches we are seeing at businesses such as Home Depot, Shellshock, Target, Staples and more will continue to escalate. To keep pace with the changing threat landscape we need to mature the cybersecurity profession into a proactive, not reactive, model."
-Kevin Spease, CFO, ISSA International

To learn more about the CSCL or to inquire ICCE qualifications, please visit:

About the ISSA
The Information Systems Security Association (ISSA)® is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. ISSA members and award winners include many of the industry’s notable luminaries and represent a broad range of industries - from communications, education, healthcare, manufacturing, financial and consulting to IT - as well as federal, state and local government departments and agencies. Through regional chapter meetings, conferences, networking events and content, members tap into a wealth of shared knowledge and expertise. Visit ISSA on the web at and follow us on Twitter at @ISSAINTL.

(i) TEKsystems. (2013). Study Reveals Cyber Security Teams are Bogged Down with Tactics Not Strategy. [Press release]. Retrieved from
(ii) Ponemon Institute LLC. (2013). “The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations”

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Leslie Kesselring
Kesselring Communications, LLC for ISSA
+1 5033581012
Email >
since: 05/2008
Follow >
Visit website