ISACA Now Blog

Knowledge & Insights > ISACA Now

The Gap Within the Skills Gap: What Does Cybersecurity Really Need?

Panashe Garande, Cyber Security Recruitment Consultant - Contract/Freelance
Posted: 4/18/2019 2:55:00 PM | Category: Security | Permalink | Email this post

Panashe GarandeI recently took to LinkedIn to air my views on one of the most talked-about topics in the world of tech: the cybersecurity skills gap. The skill gap is often discussed in urgent terms and, given my job as a cybersecurity recruiter, I see how it plays out in practice. But information security is a broad discipline, and I think we need to be more specific when we talk about a “skills gap.” I believe the genuine talent shortage is in hands-on areas, like application security and DevSecOps.

Last year, Forbes released an article stating that the cybersecurity skills gap is an “industry crisis.” As attacks get worse and more commonplace, it noted that companies need cybersecurity professionals more and more. But because of a perfect storm of scarce skills and high demand, security jobs come with a high salary, meaning that businesses not only struggle to find the right people, they have to pay top-dollar to get them.

Why IT Teams Should Avoid Complacency

Ammett Williams, CGEIT, CISSP Telecommunication Team Leader – First Citizens
Posted: 4/17/2019 3:20:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Ammett WilliamsWe are in 2019, and have all witnessed the effects of disruptive start-up companies, the growth and stability of the cloud market, the emergence of CI/CD practices and the simple need for agility. Inversely, there are organizations where none of what I mentioned is happening.

There are times when companies become good at what they do, and they become comfortable. With that comfort comes something that leaders and employee may choose to ignore. What is that? Well, to put it mildly, that thing would be the need for change. A provocative question to yourself would be: If I am doing my job properly and getting good results, do I need to change? Some may argue, “No,” and some may argue, “Yes.” From an IT point of view, the question becomes even more complex. This is especially the case when IT has taken on a supportive operational role within an organization, and by doing so, becomes expert at what they do, but finds that innovation is lost and resistance to change grows larger.

The Challenge of Assessing Security for Building Automation Systems

Mario Navarro Palos, CISM, CISA, CISSP, C|CISO, OSCE, CEH, Information Security Officer, Portland State University
Posted: 4/16/2019 3:05:00 PM | Category: Audit-Assurance | Permalink | Email this post

Mario Navarro PalosBuilding automation systems (BAS) have many characteristics that differ from traditional information processing systems, including different risks and priorities. Furthermore, these types of automation systems are subject to different performance and reliability requirements, and often employ operating systems, applications and configurations that may be considered unusual IT practices.

BAS frequently encompass any electrical component or device that is used to control a building by managing security, safety and utility services, such as physical access, HVAC, heating, alarms, and lighting, among other electrical and mechanical controllers that automate the buildings.

Tips to Prepare for ISACA’s CRISC Exam

Adham Etoom, PMP ®, GCIH, Cybersecurity & Risk Management, Government Sector
Posted: 4/12/2019 2:59:00 PM | Category: Certification | Permalink | Email this post

Adham EtoomMy motivation to pursue ISACA’s CRISC certification was to improve my skills, knowledge and understanding of enterprise and IT risk management.

The CRISC exam is the most rigorous assessment available to evaluate the risk management proficiency of IT professionals, and CRISC is among the leading GRC certifications, according to CIO magazine.

ISACA Celebrates Volunteer Participation

Melissa Swartz, Volunteer Engagement Manager, ISACA
Posted: 4/11/2019 3:01:00 PM | Category: ISACA | Permalink | Email this post

Melissa SwartzIt’s my favorite week of the year at ISACA – Volunteer Appreciation Week. It is a time when we all reflect on the important and impactful contributions members of our professional community have selflessly made to advance our organization and our industry. It is also a time to invite those who have not yet joined our volunteer corps to participate in ways that align with their interests and availability.

In this, ISACA’s 50th year, we acknowledge all the volunteer leaders who have established and run the organization as national and then international leaders, expanding our business lines and knowledge base, and responding to an ever-changing landscape of technology and technology governance. Have you visited ISACA’s 50th anniversary webpage? The volunteer 50th Anniversary Advisory Panel and ISACA’s Strategic Communications team have created an array of resources to celebrate the anniversary and invite you to get involved, too.

About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.

To volunteer to write a blog or suggest a topic send an email here.