(ISC)2 CISO: We aim to lower the barrier to entry in cybersecurity

29 Apr 2022

Jon France. Image: (ISC)2

(ISC)2’s Jon France discusses the importance of having the right people in cybersecurity and the need for more education in this space.

Jon France is an information security professional and CISO at the International Information System Security Certification Consortium, or (ISC)2. This is a non-profit organisation that specialises in training and certifications for cybersecurity professionals.

France is a certified information systems security professional (CISSP) with more than 25 years of experience building and leading diverse technology and security teams. Prior to joining (ISC)2, he led the industry security function at GSMA, the member-led organisation representing mobile operators and the wider telecommunications industry.

There, he was responsible for ensuring that the mobile sector anticipated and addressed security and fraud threats across the mobile ecosystem by working closely with operators, vendors, governments, regulators, standards bodies and industry leadership.

France is the first chief information security officer for (ISC)2 and was appointed to the role in January 2022.

In this position, his responsibilities include advocating for cybersecurity professionals and narrowing the skills gap, working with the organisation’s leadership and IT teams to ensure its operations are secure, and highlighting the wider cybersecurity profession and the value of training, skills and development.

‘Good security is effective, great security is seamless’

What are some of the biggest challenges you’re facing in the current IT landscape?

The complexity of systems and the volumes of data that systems now process, store and move, along with the nature of distributed systems. Technology stacks are diverse and complex, as well as geographically distributed, involving many vendors.

Coupled to this is ensuring appropriate controls, which requires the right skills and leadership. As a result, we have a few challenges such as systems complexity and diversity. The solution to these is risk management, ensuring you have the right people to address and a voice at the right level.

What are your thoughts on digital transformation in a broad sense within your industry?

The continued rapid digitisation of many industries, especially those that traditionally have not had to rapidly adopt deep digital business methods, but now must due to Covid-19, is driving demand for a broad diverse skilled IT and cybersecurity workforce.

At (ISC)2, our mission is to be a pivotal champion in developing and accrediting these skills, contributing to closing the workforce gap as well as building a pathway for people to get into cybersecurity.

More directly for our business, we have moved even more of our learning and services online to support our members and those pursuing a certification, building capability and capacity to support those changes.  

How can sustainability be addressed from an IT perspective?

The collective response to Covid-19 has demonstrated that many aspects of industry and services can deepen their digital footprint, gain efficiency and reduce the need for movement of people, so in one sense IT is helping in both dimensions.

Communications connect people globally to each other and to services with minimal effort – saving not only distance travelled but also the time taken to travel.

Movement of goods and physical items of course still happens, but is far more efficient through exploiting digitising logistics chains, using digital twinning to generate data and insights that can be used in modelling, and leveraging machine learning, etc.

Part of ensuring resilience in this area is also the ability to maintain and secure digital components, as well as having an appropriately skilled workforce.

What big tech trends do you believe are changing the world and your industry specifically?

There are many to choose from, but three are front of mind right now.

Machine learning and artificial intelligence are doing a great job at getting answers from large datasets, reducing the amount of time to get to insights. They’re also highly effective in the cybersecurity world for sifting through large logs and getting to possible internet of computing and internet of things issues.

Hyperconnectivity – all things connected to all things, again bringing us back to the IoT. This is really driving the world of efficiency and capability, as well as producing some of the key data that can be mined using ML/AI.

For the (ISC)2 mission, it’s about lowering the barrier to entry for people to get into and involved with cybersecurity at all levels.

How can we address the security challenges currently facing your industry?

Education, awareness, voice at leadership level and good risk management are all essential. Most of the security challenges are well known and already have proven solutions to the problem they pose. We just need the knowledge, understanding and discipline to implement and carry them out.

Good security is effective, great security is seamless. It is part of the engineering conversation, not applied to it. In operation, the basics – patching, removing defaults, knowing where your assets are, knowing what’s in your footprint – do make a significant positive difference. Importantly, stay curious and don’t ever think you have anything 100pc solved.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.