New ISC2 CEO Scott Beale plans to leave an impression on the cyber community

And if you don’t know, now you know.

At least, that’s what new ISC2 CEO Scott Beale hopes to achieve with the cybersecurity certification organization’s members, who he said are largely unaware of the impact ISC2 has on the broader industry.

“ISC2 has been doing a lot of work around advocacy, working with national and state governments in the US and around the world to make sure that laws are being passed in a way that is informed by cybersecurity workers,” Beale said. “It is an incredible benefit to the world. It also benefits members, benefits governments and nonprofits, but it is not something that people even really know a lot about.”

Beale—who became ISC2 CEO in January, succeeding acting CEO Debra Taylor—has over 25 years of experience in government and nonprofits. However, he isn’t letting his non-traditional cybersecurity background hold him back from making an impact at the professional training organization. IT Brew caught up with Beale to discuss his top priorities for the organization and how he plans to win the hearts of its members.

Responses below have been edited for length and clarity.

How will your background in the government and nonprofit sector shape how you lead ISC2?

I’ve always taken roles that are mission-driven, that are trying to make the world a better place, and so that is 100% true here at ISC2…What matters to me is what is the purpose, what is the mission of the organization. And so leading mission-driven organizations, leading mission-driven teams is different than other aspects of leadership or executive leadership. I have a lot of experience in working with, especially, international teams, including remote teams—ISC2 is a remote-first organization. And so, I hope to bring that experience in, motivating teams and inspiring them, [and] setting clear goals.

For example, when I was at Peace Corps and I ran global operations, I started at the time when the agency had brought back all of its volunteers because of Covid, and there was a real forced mandate to reflect on how Peace Corps did its work, and what we should keep that was core to the work that Peace Corps had done for 60 years…And you know, in ISC2, I feel like there’s a little bit of the same, hopefully not as traumatic as Covid was in disrupting workforce trends…But there’s real concern about how the world is changing, and how we make sure that ISC2 remains the gold standard, the absolute best certification, best community, best training, to really prepare people for careers in cybersecurity, and to strengthen organizations for all of the cyber risks that exist out there.

How do you plan to build credibility with the cybersecurity community? I saw you already got your Certified in Cybersecurity (CC) credential from ISC2.

Yes, I did. I got my CC from ISC2, which I was quite proud of…A lot of building credibility comes from listening first. And that’s true, even if I was an expert in the field. I would really want to understand the organization and the community, especially a membership association, as fully as possible before really articulating ambitious goals or dreams or directions, even if they’re ones that are coming from the board. I would really want to understand the community itself.

So, getting the certification was an early first step for me, even before I got the job, and I’m definitely going through a listening tour, meeting with our staff around the world, our chapters around the world, [and] of course, the board, but even folks who aren’t members of ISC2, too. There are a lot of ways to do that. Conferences and events are certainly one of them, but I’ve been really active on LinkedIn and engaging folks and it’s just an incredible opportunity to even hear your critic and say, “Well, tell me more. Tell me more about that. Why are you upset about that aspect of ISC2? Why are you concerned about that aspect of cybersecurity?” Because I have this great position to be in where I can ask questions and I don’t need to be defensive. I don’t need to change their mind. I’m just in a learning process.

Are there any ways organizations should rethink hiring requirements to attract non-traditional talent as the industry juggles with a talent shortage?

Yes, there’s a talent shortage, but there’s also a skills shortage that a lot of organizations are facing right now in cybersecurity. So, from the candidates’ perspective, it’s even more important to be able to take certifications, take continuing education, pursue vehicles that demonstrate your knowledge, skills, and ability, like certifications from ISC2 or other ways you can demonstrate your skills and background. It’s really, really critical for the candidate, because organizations are going to want, when they’re sorting through people applying for jobs, to be able to really be able to focus on those people who have demonstrated their skills and competence.

Are there any changes that ISC2 members should look forward to under your leadership?

I hesitate to say “changes,” because I know there’s a lot of work that’s already been done over the over the last number of years, and and I’m really benefiting in joining ISC2 in a moment of strength, where the organization’s in a really strong position with excellent leadership and a strong staff, [and] really solid board and members around the world.

That being said, some of the areas that I hope to continue to focus on is really making sure that ISC2 remains very member-focused. What do our members need to continue to advance in their careers, to get promotions, to define new positions? How can we make sure that our continuing education and our certifications, and even certificates that we’re offering are relevant and helpful for them, as technology is changing between AI and quantum and other changes that exist kind of in the broader ecosystem? So, we are reaffirming our commitment to listening and to leading and really making sure that our members are getting real value for their membership. I’m not sure if that’s a dramatic change from the past, but it’s an important part of the leadership I hope to bring, and that the board and the staff are really very committed to.