The cybersecurity landscape is evolving rapidly, driven by the increasing complexity of technology and the emergence of new threats.
Just as the world tackles these challenges, Isaca, a global association of IT and cybersecurity professionals, is at the forefront of addressing these issues. With over 180,000 members worldwide, Isaca plays a key role in shaping the future of the industry.
Groups fall into 55th It has been under the leadership of CEO Eric Prusch from 2023 and June 2023.
Just over a year ahead of his role as CEO, Prosch sat exclusively Infosecurity We discussed some of the organization's recent achievements, discussing the challenges AI brings to training, the workforce shortages and budgetary pressures placed on cybersecurity professionals.

Infosecurity Magazine: What have you achieved so far in your first year as CEO?
Erik Prosch: We did a huge amount of work. We are in 228 chapters and 188 countries. In particular, there is the Mongolian chapter, the Georgia chapter, and another chapter in Florida, USA. What we are doing is focusing on the areas of Ithaca and its members' opportunities.
There is a new strategy. This is about the members. That's what we offer to help meet some of the market gaps.
We have also successfully launched our products for a while in a faster and more relevant way than we think we have.
IM: We mentioned the launch of new products, particularly focusing on AI training and frameworks. What are some of the new products you've worked hard on?
EP: We have recently launched several new initiatives. One is the digital trust framework.
After committing capital to develop these capabilities, we are bringing this into the market. There aren't many good frameworks, especially for businesses of different sizes. We are more focused on very large companies. Frameworks can be adopted by small organizations.
They also announced seven new training modules related to AI. This not only meets the demand for more training in this field, but also ensures that it is from a reliable source. We build high quality products that we believe are extremely powerful from a technical insight perspective. Our training methods are based on 55 years of experience.
These seven new modules are important steps, ranging from AI Essentials to governance and policies. They allow our members and outsiders to have knowledge of the fundamentals of AI and expand their skill set to more technical applications.
When AI really came to light earlier this year, there were a lot of people who were adopting it, but not many people know how to control it.
Many people have strictness, and many have policies, but certainly there is a disconnect between what people think they understand and what they understand and what we are trying to narrow it down.
This means you need to go to the basics, build your capabilities and make sure you provide it in bite-sized parts to deepen your understanding.
IM: What is the greatest demand for knowledge and learning around AI?
EP: The knowledge you need to do around AI must come from a reputable source, and it must be within the domain you are trying to solve. When you think about AI and cybersecurity, or policy and governance, they are applicable to businesses.
If you don't understand the fundamentals of AI, there's no point in talking about governance. Anyone can put the policy, someone can copy the policy, but you can create a policy that is appropriate for your organization and how you deploy AI?
People can access AI through their mobile phones and through their home computers.
You have to build consciousness. You have to train everyone on the basics. How does AI work? How do large-scale language models work? Most organizations are trying to keep it within range, so they put their instances behind the filewall.
I support that 100%, but let's get a sense of where the vulnerabilities are. Let's think about what we should be discouraging and trying to create a mechanism for that.
Make sure you are working on the root of the problem, not the symptom of the problem.
“There's an incredible amount of money chasing AI, so there's a big grab for the money that's going on.”
IM: You mentioned making sure people get information from reputable sources. Why is this important and there is not much information in the market.
EP: In my view, there's an enormous amount of money to chase AI, so there's a huge grab for money that's going on. People who are in business hanging from AI will try to make some money whether they are a reputable source or not.
We have a lot of emphasis on ensuring that we qualify the sources of content to provide us and bring in or have disposable experts in this area.
We don't take it casually, as we know the model is widely leveraged. We go to 180,000 people in our current ecosystem alone, and then when we think about the companies we support, we expand past it.
We take our reputation very seriously. So we'll make that effort. I can't say the same thing in every organization. And there are some very good organizations that may be technically competent, but don't know how to train them. Behind them there are good trainers who don't have much technical expertise, and some people have both.
So we want to be that advisor. We want to be that coach. I want to be a guide to dealing with this.
IM: Isaca released his research early in 2024. 52% of cybersecurity experts feel their budgets are underfunded. What are your views when your budget stands today?
EP: There is a permanent lack of funds. I don't know there was a time when we were properly funded.
These pivot points or funding trajectory changes always occur when the issue arises.
Then all of a sudden, it's what money do you throw at it to fix it?' In contrast, make sure we are well protected, understand what best practices are, and try our methods as proactively as possible.
What we all have to be scared of is that over 50% of cyber experts believe they are underfunded. This is not insignificant.
It's not just us to 10 or 15% or around the edges. We are 50% of organizations who say they are underfunded. So that means even greater risk.
If you have many businesses that could support cybersecurity, there are serious problems.
IM: The lack of workforce and stress remain a major problem with cybersecurity. What more should we do to drive us out of this cycle of burnout and stress, as it is a theme within cybersecurity?
EP: It starts with ensuring that you have the right workforce.
They can't have a workforce gap and a budget gap, and they hope that people in their seats they are currently in will soon be free from that stress.
It will not cure the existential crisis we have overnight. The crisis is huge, and it is not understood. And new technologies are coming out around it very rapidly, increasing these needs and demands.
It starts with the workforce and makes sure we're filling our jobs. We have made modest advances over the last 15 months, but at this rate it will take years to solve it.
After that, you will be sure you have the right budget, the right skills and the right training.
It's not just people, you can't expect people to get into work and fix it. They must be trained. They must receive an education along the way.
We play a role in that and are proud of it. Early in that cycle, we encourage people to bring in and help people enter the profession, train them, and qualify for those professions.
And while that means we have an important role, we have to find a way to put more people and perhaps non-traditional people in the domain we serve.
