Security Buyer delves into cybersecurity and upskilling the industry with Seth Robinson, Senior Director, Technology Analysis at CompTIA
CompTIA specialises in upskilling the computing technology industry providing a vendor-neutral, independent source of information on a wide range of technology topics, including cybersecurity; education, training and certification of the global tech workforce; new and emerging technologies; legislation and policies affecting the industry and workforce data, development and trends.
Membership and certification holders span the full range of technology companies from established Fortune 500 leaders to small and medium-sized tech businesses that help customers solve problems around the world; and emerging tech-service innovators that support the implementation and management of the latest technology solutions.
What does CompTIA do?
CompTIA is a voice and advocate for the US$5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy and market research, CompTIA is the hub for advancing the tech industry and its workforce.
Has the pandemic enhanced the need for upskilling the industry?
CompTIA’s “2021 State of Cybersecurity” report revealed that the general state of cybersecurity in the economy is getting worse. In 2020, 80% of individuals in felt like the state of cybersecurity was improving. In 2021, only 69% feel the same. Several factors were all likely contributors to this more pessimistic sentiment – ransomware attacks on critical infrastructure, supply chain attacks rippling through the business landscape and prolonged uncertainty associated with the pandemic.
This uncertainty is reflected to a degree in organisations’ increased cybersecurity budget and new skills-building priorities. The pandemic is not the sole reason for either, but it is a significant contributing factor. For example, endpoint security is one of the skills that companies want to strengthen. Endpoint security is likely being revisited as the post-pandemic workforce opts for more flexibility. Whether employees are choosing full-time remote work or a hybrid approach with occasional days in the office, their equipment may need to be refreshed or reconfigured, and the security scheme needs to match the work style.
What is the new mindset needed to take on cybersecurity complexities?
With IT taking on strategic significance and cloud computing undoing the traditional notion of a secure perimeter modern security requires a completely different mindset. The new mindset that has emerged in response to digital transformation is zero trust, which exactly what it says it is. Rather than assuming that network traffic or user access is harmless due to origin or credentials, further verification is required at every step. In a zero-trust architecture, there are no assumptions made about the authenticity of data or access requests. Instead, each piece is examined individually and, in many cases, checked multiple times.