Colley – who has been MD of the EMEA region for the association for four and half years – explained that the security professional needs to undergo an image change, as the current image of being an IT- focused black art (best suited to those interested in dissecting and/or hacking into complex systems) is hampering the ability to attract much needed talent.
In reality, he says that information security offers a diverse opportunity, influences all areas of business and features a career progression that can lead right up to executive and board-level management.
And, he notes, while there is room for the highly technical, some of the greatest opportunities are coming to the strategic thinkers with the ability to develop a vision for the changing dynamics in business today, exploring areas such as the impact of social networking, the proliferation of smart phones and tablets, and the rise of the cloud.
Back in the day when Colley took up his role as MD of the region in 2006/7, membership of the association stood at some 43,000. Today it stands at 79,000 – no mean feat in membership terms.
But Colley says he wants to expand membership further and, to assist in this, he told Infosecurity that a new type of linked membership is now available, driven by the fact that members of the association can now form local chapters, allowing security professionals and other interested parties to join.
“Generally speaking we're expecting between 10 and 15 people to join a local chapter, allowing them to become `members of an (ISC)² chapters'”, he said, adding that chapter membership is quite distinct from standard membership of the association.
As regards standard membership, Colley explained that it is now possible for IT security professionals who only fulfil the experience requirement of membership – or who only fulfil the academic requirements – are now able to become members, subject to the proviso that they meet the full requirements within a set time period.
Basically, he says, this allows IT security professionals who are planning to take their CISSP or SSCP exams at a later stage, or who might not have the direct experience in IT security that is required, to join the association, and gain those credentials within a four or five year time period.
Does this mean that an associate membership of the association is likely to happen?
That's a difficult one, says Colley, as any form of associate membership would have to be very carefully thought through and discussed with the existing membership, so as not to devalue the hard work that members have to undertake in order to achieve full membership.
One change that Colley - whose experience in the IT security industry stretches back many years – has been working on for some time, however, is the expansion of the regionalisation of ISC(2), supporting membership in Africa and the Middle East, where the membership, he says, is now booming.
As reported previously by Infosecurity, at the (ISC)² Congress 2011 last month, the association formed the (ISC)² Foundation – a new charitable organisation dedicated to delivering education and awareness programmes to communities around the globe to make the cyber world a safer place for everyone.
Colley says that this move is essential in order to move the association forward, and to clearly delineate its commercial and charitable functions. The foundation, he adds, is focused on three core areas: community/end-user education, scholarships and industry research.
These changes, he explained, are all part of the evolution of the association and the industry that IT security professionals now find themselves in.