In the ever-shifting sphere of cybersecurity, where technology’s labyrinthine intricacies and emerging threats dance a never-ending waltz, ISACA stands as a beacon of innovation and guidance. A powerhouse comprised of over 180,000 members spanning the globe, this trailblazing association, marking its profound 55-year milestone, is helmed by Erik Prusch, who stepped into the CEO role in June 2024.
Barely a year into his tenure, Prusch sat down with Infosecurity Magazine for an exclusive dialogue, sharing insights into ISACA’s extraordinary strides, as well as navigating the tumultuous waters of AI-induced training dilemmas, the crippling workforce shortages, and the relentless financial pressures that batter cybersecurity professionals today.
A Year of Significance: ISACA’s Expanding Horizons
Infosecurity Magazine: In your inaugural year as CEO, what would you pinpoint as ISACA’s most significant achievements thus far?
Erik Prusch: We’ve made staggering advancements! With 228 chapters sprouting across 188 countries—including new ones in Mongolia, Georgia, and Florida—we’re focusing on leveraging opportunities to better serve our members. Our strategy is member-centric, concentrated on bridging gaps apparent in the marketplace.
Moreover, our ability to launch relevant products swiftly has significantly improved—perhaps more rapidly than we’ve experienced in quite some time.
Stepping Up with AI Innovations
IM: You hinted at exciting product launches, particularly concerning AI training and frameworks. Can you elaborate on these initiatives?
EP: Certainly! We recently unveiled several pivotal initiatives; foremost is our digital trust framework. This endeavor comes after a substantial investment on our part, as good frameworks—suitable for businesses of varied sizes—remain scarce. Many existing frameworks tend to cater only to larger enterprises.
Additionally, we have introduced seven new training modules focused on AI, crafted to meet escalating demands while maintaining high-quality standards. Drawing upon our 55 years of expertise, these modules—from AI fundamentals to governance—empower our members and external professionals to deepen their understanding of AI applications.
Interestingly, as AI surged into public discourse earlier this year, a gap became evident: many were eager to adopt it, yet few knew how to manage and control it effectively. Our mission is to refine this understanding, beginning with foundational knowledge, and progressively layering complexity in digestible increments.
Addressing the AI Knowledge Gap
IM: What do you perceive as the most pressing demand for knowledge and education related to AI?
EP: The urgency lies in acquiring knowledge from reputable sources. In the realms of AI and cybersecurity, for instance, understanding these intersections is crucial for the enterprise landscape. Without grasping the very basics of AI, discussions on governance fall flat. It’s not merely about duplicating policies—it’s essential to tailor them to your organization’s unique AI deployment strategies.
Awareness is key; we must educate everyone about AI fundamentals and the mechanics of large language models. Many organizations confine AI within their firewalls, and while that’s a worthy strategy, understanding vulnerabilities is equally vital. Addressing root causes rather than merely treating symptoms is imperative.
The Budget Myopia
IM: ISACA’s research indicated that 52% of cybersecurity professionals believe their budgets are underfunded. What’s your perspective on current budget realities?
EP: The chronic underfunding is a perennial challenge. There’s rarely an era when funding feels adequate. Funding typically surges post-crisis—an impulsive action rather than a calculated, preventive measure. Alarmingly, over 50% of cyber professionals deem their budgets insufficient. This isn’t a trivial issue; it signals a looming risk, as many organizations operate under financial constraints.
Navigating Workforce Struggles and Stress
IM: The persistent workforce shortage and stress cycle within cybersecurity seem unyielding. What measures can we consider to mitigate burnout in this sector?
EP: Tackling this issue begins with ensuring we have a robust workforce in place. You can’t bridge the workforce gap while simultaneously grappling with budgetary restrictions. There’s no instantaneous fix for this existential conundrum, exacerbated by the rapid emergence of new technologies.
It’s essential to prioritize staffing, and while we’ve made some headway in the past 15 months, the pace is painfully slow. Concurrently, we need aligned budgets, technology, and training. Simply placing people in jobs won’t suffice; they require comprehensive training and education.
We feel proud to foster this process, actively encouraging new talent to enter the field while providing the requisite training. However, it’s vital to devise strategies to attract a diverse array of candidates, particularly those from non-traditional backgrounds, into our discipline.
As the cybersecurity realm continues to evolve, ISACA’s role in fostering knowledge and addressing these pivotal challenges shapes the industry’s future—one informed strategy at a time.