Clar Rosso has more than two decades of experience helping global professional associations and certifying bodies grow and strengthen member value. As CEO of ISC2, she has established a forward-looking strategic framework and set bold goals for the future of the association. Under her direction, (ISC)² has established a Diversity, Equity, and Inclusion (DEI) program to support the profession’s growth, developed a global advocacy strategy to ensure members’ concerns are represented on a global stage, and has helped to shift the cybersecurity workforce shortage conversation to one that is focused on shrinking the gap.
Prior to joining ISC2, Clar served as the executive vice president, engagement and learning innovation for the Association of International Certified Professional Accountants (AICPA) where she led the development and execution of strategy to support global competency development and lifelong learning for the finance and accounting profession.
Previously, Clar worked as the Chief Operating Officer of the California Society of CPAs (CalCPA) and the CalCPA Education Foundation where she drove membership growth of more than 30 percent and developed and executed a strategic vision to transition the Education Foundation to a digitally focused business model. Prior to CalCPA, Clar worked as an educator, magazine writer and sports reporter. Clar holds a bachelor’s degree in rhetoric and communications from the University of California, Davis and a master’s degree in special education from San Francisco State University.
In this interview, Clar shares her perspectives on cybersecurity skills and the workforce, and how ISC2, a 34-year-old organization, aims to plug the gap with certifications ranging from entry-level to advanced, including the renowned CISSP.
Key cybersecurity skills
- While highlighting technical skills that are in high demand – cloud security, zero trust implementation, and expertise in cyber operations and threat analysis, Clar also notes the importance of soft skills – communication, problem-solving, critical thinking, and a passion for lifelong learning.
- Drawing on her personal experience throughout her career, Clar also offers skills that she developed outside of the cybersecurity industry – such as risk management skills and hands-on experience with technology projects – have given her valuable insights into cybersecurity.
Ecosystem and inter-governmental Initiatives
- To cultivate cybersecurity capabilities amongst the youth, Clar shares that ISC2 charitable nonprofit, “Center for Cyber Safety and Education” sends volunteers to schools to teach “Safe and Secure Online”, with the aim to build awareness of digital safety and cybersecurity principles from an early age.
- ISC2 also recently embarked on a “Certified in Cybersecurity” partnership with CSA (Cyber Security Agency of Singapore) to offer free education and exams to boost cyber literacy and address the skills gap, targeting 10,000 individuals in Singapore for potential cybersecurity careers.
Impact of AI on cybersecurity
- On how AI will transform the cybersecurity, Clar acknowledged that there are various aspects to consider.
- One key area in training is optimising the learning process. As an example, she points to how ISC2 is introducing adaptive learning using machine learning in their certification programs, which helps personalize the learning experience and save time.
- When it comes to related security risks, she highlights the importance of adopting existing security principles to the AI use case, to secure the technology underpinning AI systems.
- Another dimension is AI’s role in decision-making, and the need for us to evaluate the potential risks and validity of its recommendations. She points out this is where non-technical skills like analytical thinking and critical problem-solving become invaluable.
- Another risk is the potential compromise of AI by threat actors
- Wrapping up the interview, Clar offers that while AI may change the nature of some roles, it will not replace human cybersecurity professionals – and the key is to keep learning and staying prepared for the technological evolutions.
Recorded 17th October, 5.30pm, Singapore International Cyber Week 2023/ Govware 2023