• Home
  • /
  • Security
  • /
  • ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage

ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage

Business Wire via ITWeb,
Rolling Meadows, Illinois, 16 Apr 2015
Read time 5min 10sec

ISACA today introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers.

Global Knowledge, a leading IT and business skills training provider, is ISACA's first authorised training provider for the CSX portfolio of courses, available in the third quarter of 2015.

The State of Cybersecurity: Implications for 2015 study by ISACA and RSA Conference reveals that 82% of organisations expect to experience a cyber attack in 2015, yet 35% are unable to fill open cyber security positions. Less than half feel their current security teams are able to detect and respond to complex incidents. In addition, a million cyber security jobs around the world remain unfilled, according to the Cisco 2014 Annual Security Report. This gap between supply and demand is fuelling a widespread vulnerability that has seen cyber attacks emerge as a top technology risk in the World Economic Forum's Global Risks 2015 report.

Through CSX, a resource for knowledge, tools, guidance and training at every stage in a professional's career, ISACA is helping build a global cyber security workforce trained to combat advanced cyber threats and is providing a way for organisations to be confident that they are identifying and hiring employees with the right skills.

CSX training and certifications are now offered for skill levels and specialties throughout a professional's career. ISACA already offers the Certified Information Security Manager (CISM) designation for those at the management level, and the Cybersecurity Fundamentals Certificate for those new to the field. Training is not required prior to taking an exam, but is recommended. The new certifications are:

* CSX Practitioner - Demonstrates ability to serve as a first responder to a cyber security incident following established procedures and defined processes (one certification, three training courses; prerequisite for CSX Specialist).

* CSX Specialist - Demonstrates effective skills and deep knowledge in one or more of the five areas based closely on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover (five certifications, five training courses; requires CSX Practitioner).

* CSX Expert - Demonstrates ability of a master/expert-level cyber security professional who can identify, analyse, respond to, and mitigate complex cyber security incidents (one certification, one training course; no prerequisites required).

The new certifications are aligned with globally accepted standards and frameworks, including the NIST Framework for Improving Critical Infrastructure Cybersecurity, NIST SP 800-53 Revision 4, ISO 27000, and the COBIT 5 framework.

"ISACA recognised the need for a different approach to cyber security training and certification because global businesses need more effective ways to identify and hire skilled professionals," said Robert E Stroud, CGEIT, CRISC, international president of ISACA and vice-president of strategy and innovation at CA Technologies. "In today's threat environment, relying on technical staff who don't have skills-based training and credentials is like relying on an army that has read a manual about strategy but has never engaged in combat."

The CSX training and certifications were developed over two years by global chief information security officers and other cyber security experts, and went through a rigorous peer review by more than 100 experts. The innovative course delivery and testing components are the result of ISACA's collaboration with the Art of Exploitation (AOE) cyber security team of TeleCommunication Systems. (TCS) (NASDAQ: TSYS), a world leader in cyber security training and enterprise solutions.

Innovative Virtual Cyber Lab

A key feature of CSX's training and skills verification is an adaptive, performance-based cyber laboratory environment. A professional's skills and abilities are measured in a virtual setting using real-world cyber security scenarios.

PerformanScore, a learning and development tool that measures a professional's ability to perform cyber security job tasks, was specifically developed by TCS' AOE team to allow trainers to provide exemplary guidance to professionals, based upon the professionals' problem-solving approaches. Recognising that there are multiple ways to respond to cyber security threats, PerformanScore is unique in its ability to measure performance skills across the entire solution set of possibilities. The tool compares a professional's actions to grading criteria, which is then referenced against an adaptive scoring rubric in real-time, enabling the instructor to provide specific feedback and allowing a professional to better learn and understand more efficient cyber security techniques. ISACA is the first organisation to offer PerformanScore.

"The new CSX certifications will provide a benchmark that will help shape the future of cyber security hiring and career progression," said Eddie Schwartz, CISA, CISM, chair of ISACA's Cybersecurity Task Force and president and COO of WhiteOps. "Keeping cyber security skills current is a moving target, and by evolving with the industry and the adversaries they are facing, the CSX certifications will help ensure that our teams will have the most valuable and current skills, and organisations will know that candidates have the skills to address cyber security incidents from their first day on the job."

Availability and CPE

CSX Practitioner training will be available in June 2015, with the exam available in July. Training and exams for the CSX Specialist series and CSX Expert certifications will be available during the second half of 2015. Continued professional education (CPE) will require certification-holders to annually demonstrate skills in a lab or other skills-based environment in addition to participating in knowledge-based learning. Certification-holders are required to re-test every three years at the highest level they have achieved.

Details about the new CSX certifications are at and


A global association of 140 000 professionals in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. ISACA has more than 200 chapters worldwide.

View this news release online at:


Joanne Duffer


Deborah Oetjen

See also