ISC² presents itself as the largest non-profit cybersecurity membership association in the world. The organisation has more than 140,000 members and provides nine cybersecurity certifications. Techzine recently spoke with the non-profit organisation to find out exactly what role ISC² plays in the IT world. During the conversation, we noticed not only that the organisation offers useful services, but also that their non-profit character is deeply rooted.

ISC² claims to be the largest non-profit cybersecurity membership organisation in the world. This simply means that they are a non-profit organisation that provides members with education and training in the field of cybersecurity. With more than 140,000 members and nine different certificates to obtain, ISC² is a major player. The certifications provide companies and other organisations with clarity about the skills of their employees, or potential employees. ISC² can also help companies to keep their employees’ skills up to date by offering training courses, more about which can be found below.

Certifications

There are, in fact, five different certifications that can be obtained with ISC²: CISSP, SSCP, CCSP, CAP, CSSLP and HCISSP. It is also possible to obtain an associate certificate for participants with less experience, as well as three specialisations for CISSP. Successively, these specialisations include Leadership & Operations, Security Administration, Cloud Security, Authorization and Healthcare. The specialisations come on top of the CISSP-certificate, where you can choose from Security Architecture, Security Engineering or Security Management. In total, there are eight different certificates that can be obtained, plus a certificate for associates.

The CISSP certificate is seen as the ‘gold standard’ for cybersecurity certificates, according to ISC². Companies regularly require certification in order to be able to apply for certain positions at all. In order to obtain a certificate, an exam of several hours must be taken. Depending on the certificate, participants must also have a number of years of work experience in the appropriate field. Then, if someone has obtained a certificate, an annual maintenance fee must be paid, and the certification is regularly checked and kept up to date. In the first instance, it is no small feat to obtain an ISC² certificate, but there is also a solid example of maintenance involved in order to remain certified.

Of course, which certificates are applicable is depending on the tasks of specific employees.

Training

The training courses available to the enterprise are basically the same, but with a number of additional services. The certificates to choose from are the same, but business players are advised on the requirements for their specific situation. This means that a company’s budget, agenda, employee level, and IT solutions are involved in the picture so that they can ultimately offer tailor-made training to employees. The training is then given by experts who have also obtained the relevant certifications. In short, with business training, companies can ensure that their employees obtain the same highly valued cybersecurity certificates as members who do so individually.

Non-profit character

The above sounds as if ISC² simply offers services for a fee, but their charitable arm is not an underprivileged child, according to our conversation. ISC²’s non-profit character is guaranteed because the organisation has a sub-division that is purely aimed at charitable work. This means, among other things, offering basic cybersecurity training for several age groups, from primary school classes that have yet to learn how to use IT safely, to older people who want to keep up with the times and therefore simply have to learn to do so as well.

ISC² also regularly conducts research on the status of certain relevant subjects in cybersecurity. For example, the non-profit organisation informed us that a recent study of the Dutch IT sector clearly showed that (multiple forms of) diversity contribute to a strong position for companies in terms of security. For example, about three-tenths of the respondents indicated that diversity could be used to attract talent and to retain it. Approximately the same number of participants in that study stated that diversity promotes innovation within their organisation. With this kind of research, and through their charitable activities, ISC² shows that they are not only working to improve the world of cybersecurity with their certificates but also by actively addressing this issue in several places in society.

In summary, ISC² is an organisation that provides knowledge to individuals, but also clarity to companies and other organisations. The certificates at once show the level of expertise that a person brings with them. On the other hand, our conversation showed that the real passion of ISC² is not necessarily focused on the business market or the private market, but that will use all opportunities to improve cybersecurity knowledge in general. That being said, the main benefit about ISC² regarding the business market, is that as a company, you can easily turn to them if your employees need proper training in (a certain facet of) cybersecurity.