A new study illustrates the need for and potential benefits of a membership association dedicated to cybersecurity professionals. The organization could help consolidate and create professional standards, close the industry skills gap, and provide ongoing training, researchers noted.

It seems like every other week there is news of a new cyber breach or attack. Even the head of the American Medical Association has warned that an attack within the medical industry is not a matter of if but when.

Associations have been front and center in the effort to tighten data security measures across industries—calling for greater private-public collaboration, launching collaborative efforts to help improve information-sharing and credit card security, and, recently, developing an information clearinghouse for possible security threats.

But the authors of a new report from the Pell Center for International Relations and Public Policy at Salve Regina University want to take those efforts a step further: They’re calling for the creation of a professional association dedicated to serving the cybersecurity industry.

In their report, “Professionalization of Cybersecurity” [PDF], Francesca Spidalieri, a cyber leadership fellow, and Lt. Colonel Sean Kern, a cyberspace operations officer at National Defense University, acknowledged both the shortage of highly trained cybersecurity professionals and the difficulty of recruiting, training, and hiring them.

“The cybersecurity industry in this country is highly fragmented and characterized by a fog of competing requirements, disjointed development programs, conflicting definitions of security roles and functions, and many different competing and often confusing commercial certifications,” Spidalieri said in a statement. “In short, the present reality is inadequate to address the threat at hand.”

A dedicated professional association could help assess and close the cybersecurity skills gap, create ongoing training and professional development programs, develop professional standards, and help leaders throughout society mobilize the right people with the skills to match specific challenges.

“Achieving cybersecurity is far more than a technical problem: It is fundamentally a people problem,” Spidalieri said. “And since cybersecurity is a people problem, there must be a people solution.”

Kern acknowledged that creating a professional association would take time, most likely several years. But he expressed hope that the Pell Center report would serve as an important first step toward a more consolidated approach to cybersecurity.

“We hope that this work catalyzes additional research and efforts to unify this complex ecosystem under a common purpose, seek ways to mobilize commitment to change, develop a shared vision, foster consensus, and institutionalize a commonly accepted approach,” Kern said.

(iStock/Thinkstock)