This week saw the 43rd EuroCACS conference from ISACA, a conference bringing together professionals into educational sessions on audit and assurance, cybersecurity, data analytics and governance, risk and compliance.
Whilst at the conference, Infosecurity got the opportunity to sit down with two of the directors – Jo Stewart-Rattray and Christos Dimitriadis. Stewart-Rattray is also director of information security and IT assurance at BRM Holdich and chairs ISACA’s Women’s Leadership Council.
Asked what she felt ISACA stood for in 2017, she said that it was in the process of reviewing content and having recently released its whitepaper on privacy and acquired CMMI Institute, it was working on how these fit into the rest of the offering.
“Our original core was IT audit, and we were working with the market and realizing there was more out there. Information and security is still really important, and information security has moved on to governance and enterprise IT and then we went to risk, but we’re still talking about risk and information control, so we have broadened our reach in the last 17 years.”
These days, ISACA counts a membership and certification holder number of 159,000. Asked what members come to ISACA for, Stewart-Rattnay said that many come in "looking for credentials", and once they have a credential they become a member and they remain a member for a long period of time.
Dimitriadis, who is chair of ISACA’s board of directors and group director of information security for INTRALOT, said that the belief is that cybersecurity, risk, compliance, audit and governance of IT cannot operate in silos, so it was focused on bringing these operations together, and bringing nodes from each profession into another to achieve completeness.
He said: “So developing an audit guide for cybersecurity, we are providing IT knowledge to security professionals on whether they are able to excel in their organizations to help them do their job better. We have been providing CIOs with more information on risk management, so this is a correlation of knowledge and technology.”
The issue of whether having certifications is better than experience has gone on for some time, and Dimitriadis said that there is an increase in the need for training, and from a career perspective it has seen an increased interest in certifications too.
“Companies require certifications for a certain position, because it is important for your career to prove to your employer that you have the skills, and not only the skills that you passed the exam but also as it proves that you are part of a greater family of international experts,” he said.
He went on to say that ‘"certification is also important for cybersecurity as you’ve proved that you’re ready to be a part of a security operations team" or in a position where you have proven your skills.
Is getting a certification a good starting point for new professionals? Dimitriadis said that during the first years of their career, where they need more assets for their CV it is useful, but ISACA has lately seen more interest from more senior professionals "as there is more transformation in several careers" now, as interest in cybersecurity and the audit profession changes, and there are new professions in risk management that we did not have in the past, such as chief risk officer.
What about the debate over certifications versus experience? Dimitriadis said: “As we grow as professionals, we need to be cautious with making sure that we continue to learn and accelerate learning as the world around us is changing.
“So the argument that ‘I don’t need a certification as I have experience’: experience is an important asset, but it is a dangerous asset as it may create the perception that you know things that you don’t.
“I’m all for continuous learning and communicating the message that if you want to remain a valued professional, you have to make sure you have a program for you to learn. Every six months the innovation trends and it impacts our daily lives.”
That debate will continue on, but so does the need for professional certifications, training and learning.