In an interview, Tara Wisniewski, EVP of Advocacy and Strategic Engagement at ISC2, explains how international certification standards and targeted training can help with threat mitigation.
Cybersecurity is one of the most demanding career fields in IT. Hardly any other IT segment combines technological innovation and constant pressure to act in a comparable way. On the sidelines of the Munich Cyber Security Conference, held just before the Munich Security Conference 2026, Tara Wisniewski, EVP Advocacy and Strategic Engagement at ISC2, talked about the international non-profit organization for cybersecurity professionals, talked about the current challenges in cybersecurity.
Ms. Wisniewski, technological innovations, the global economic situation, and geopolitical hotspots are pushing cybersecurity increasingly into the spotlight. The profession of cybersecurity experts has also changed significantly in recent years. How do you assess the current situation?
Tara Wisniewski:
We are in an era of change and growth. That applies both to the work of cybersecurity professionals and to the companies that must protect themselves and their data from attacks. And these attacks are becoming increasingly diverse and sophisticated. At the same time, as the level of digitalization in business and government continues to rise, protection against cyber threats is essential. By now, it’s hardly a question of if a company or organization will be hit, but only of when, in what form, and with what negative consequences.
That’s true. You regularly study how the cybersecurity profession is evolving. You recently completed another study. Have current conditions led to any changes – compared to last year, for example?
Tara Wisniewski:
The fact that we were able to survey more than 16,000 cybersecurity professionals worldwide in our latest study shows how large and relevant this sector has become globally. At the same time, our Workforce Study 2025 makes clear that engagement in cybersecurity is heavily dependent on the economic situation of individual organizations. Last year, the industry was still significantly shaped by layoffs, budget cuts, and hiring and promotion freezes. That trend has continued: 43 percent of German cybersecurity professionals report being confronted with budget cuts – an increase of 12 percentage points compared to 31 percent in 2024. Budgets play a central role here. The point is: it’s not just a lack of qualified specialists, but also a lack of the necessary financial resources to adequately compensate and retain them long-term.
You spoke with international cybersecurity experts at the Munich Security Conference. What topics were discussed?
Tara Wisniewski:
Here, too, the focus was on how to achieve maximum cybersecurity when there is a shortage of funding and reliable frameworks. For me, these conversations confirmed the need for international cybersecurity standards. It is essential that we continuously improve and evolve, because the challenges are already great today – and in the future, with generative AI and quantum computing, protection will become even more complex.
What role does the shortage of cybersecurity talent and skills play? Can you give us an all-clear for the future, or will the problem worsen?
Tara Wisniewski:
The shortage of qualified cybersecurity professionals – or the relevant skills – is causing significant problems for all of us. Making a reliable prediction is difficult. Looking at the numbers from our study: 43 percent of German respondents say they cannot find professionals with the necessary cybersecurity skills. A further 26 percent report that they cannot afford to hire enough staff. And 28 percent say they have difficulty retaining employees with in-demand skills, due to low wages or a lack of advancement opportunities.
That sounds sobering.
Tara Wisniewski:
Yes, it is problematic – especially since 93 percent of our study participants indicated that their organization has experienced at least one serious cybersecurity incident that was ultimately attributable to a lack of expertise or competence. And 77 percent even state that due to this situation, they have already had to deal with multiple security incidents.
Could AI provide some relief here – particularly generative AI?
Tara Wisniewski:
AI can certainly offer valuable support in cybersecurity at its current level of development. Already, 35 percent of German respondents are actively using AI in their security processes, and 77 percent are evaluating or testing relevant tools to improve their situation. However, one should not expect AI alone to solve all problems. Because one thing must not be forgotten: it takes specialized knowledge and skills to use AI successfully. 71 percent of German participants in the Workforce Study say that AI will increase the demand for more strategic roles and competencies in cybersecurity. The use of AI requires strong strategic thinking when it comes to cybersecurity. So it’s no surprise that 69 percent see a need for broader competencies within the IT workforce. This makes it clear that the qualifications of cybersecurity experts must continue to expand in order to fully leverage the potential of AI. This is where our globally recognized certifications come into play: they serve not only to equip professionals with the right knowledge and skills, and to train specialists, but also to set standards that companies can use as a benchmark for hiring and developing experts.
That sounds like there’s still a lot of work ahead.
Tara Wisniewski:
Absolutely. We will continue to advocate for ongoing professional development and certification, as the threat landscape, organizational structures, and security measures are constantly evolving. One decisive factor should definitely be mentioned – and this is important to me: the majority of cybersecurity professionals are highly motivated. In Germany, 84 percent say they are passionate about their work, and 69 percent are satisfied with their current job. This engagement must be encouraged and further developed. Because only a motivated team with solid skills and clear learning and career pathways can build long-term resilience and effectively protect organizations from cyber risks.
Thank you very much for these insights, Ms. Wisniewski.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de