CISSP, SSCP and CISSP-ISSMP among suggested certifications for learning and development pathways in cybersecurity
(ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – has announced that (ISC)2 certifications have been recognised as relevant certifications for Incident Responders by the Australian Signals Directorate (ASD), the Australian Government agency that manages cybersecurity at a national level, as included in the publication of the second edition of the ASD Cyber Skills Framework.
The ASD Cyber Skills Framework is an iterative framework designed to be used to assess, maintain and monitor the skills, knowledge and attributes of the cybersecurity workforce employed by the Australian Government. The framework has been further designed to support the needs of public and private sector organisations across Australia, enabling targeted recruitment of cyber specialists, providing a development pathway for current and future cyber staff and aligning skills, knowledge and attributes with national and international industry standards.
The ASD Cyber Skills Framework is analogous to the NICE (National Initiative for Cybersecurity Education) Framework established by the U.S. Government’s NIST (National Institute for Standards and Technology). A differentiator to NICE, however, is that the Framework adds competency criteria to align with Australian Public Service (APS) seniority levels. The Framework defines nine distinct cyber roles (Cyber Threat analyst, Intrusion analyst, Malware analyst, Incident Responder, Operations Coordinator, Penetration Tester, Vulnerability Assessor, Cyber Security Advice and Assessment and Vulnerability Researcher) and details capabilities, skills and proficiency levels, digital career pathways, and recommended learning and development pathways for each role.
The Learning and Development Pathway section of the Framework illustrates cyber practitioners’ development of their professional and technical expertise, using the Incident Responder role as an example. In recognizing six distinct proficiency levels for the role, each with corresponding related certifications that are suggested as indicators of proficiency for professionals at that level, (ISC)2’s SSCP certification is suggested for Level 3 Practitioners, while the CISSP and CISSP-ISSMP (which is a concentration in the management aspect of security leadership) is suggested for Level 5 Principal Practitioners.
“What the ASD Cyber Skills Framework clearly outlines is a distinction that we consistently make about our certifications, and that is that different roles require different knowledge bases, and not every certification is meant for all cybersecurity professionals,” said Dr. Casey Marks, chief product officer and vice president, (ISC)2. “Our certifications are indicators of proficiency for different areas of concentration, and these kinds of frameworks can be a helpful guide for hiring organizations that are trying to determine which candidates have the necessary skills for the specific roles they are trying to fill.”
In addition to the recommendations listed in the ASD Cyber Skills Framework, the Framework further advises organisations that the nine defined cyber roles in the Framework are directly equivalent to nine defined roles contained within the NICE framework. The NICE validated and endorsed set of skills mappings between NICE roles and (ISC)2 certifications is currently being updated by NICE. More information is available via the NICE website.
The full ASD Cyber Skills Framework v2.0 can be downloaded at https://www.cyber.gov.au/acsc/view-allcontent/publications/asd-cyber-skills-framework.