Getting in Front of the Cybersecurity Talent Crisis

Size: px
Start display at page:

Download "Getting in Front of the Cybersecurity Talent Crisis"

Transcription

1 CYBERSECURITY WORKFORCE Getting in Front of the Cybersecurity Talent Crisis how-to-build-a-cyber-dream-team-when-it-comes-to

2 CONTENTS INTRODUCTION Introduction... 3 What is Driving Demand: Data Breach Response... 4 Getting the Right People... 6 What We Are Doing to Address the Cybersecurity Workforce Crisis... 9 Conclusion There is a human capital crisis in cyber security. Demand for skilled professionals currently outweighs supply, and the growing sophistication of cyber adversaries coupled with our increasingly networked enterprises means that demand will grow. Unless we increase the number of trained professionals coming into the workforce and become better at identifying, nurturing and retaining workers with the necessary qualities, this crisis will progressively drain organizations bottom lines. Organizations have begun to realize that cybersecurity problems involve more than just technology. There is also a people and business problem. Effective technology solutions are needed to protect IT infrastructures, and automation can help free humans to do what they do best: analyze, understand, anticipate and respond to security incidents. But technology is only a tool; security requires having the right people with the right capabilities on the job. Effective cybersecurity is a core business requirement in today s global economy, and C-level executives are increasingly being held accountable for breaches. We re making progress professionalizing and institutionalizing cybersecurity. Ten years ago, security operations usually were underfunded and given low priority. The Chief Information Security Officer (CISO) did not exist. Today, however, cybersecurity is a high business priority, and among companies that employ a CISO, many are in the boardroom. But much remains to be done. Only 40 percent of Fortune 100 companies have a CISO, and organizations still struggle to build, recruit and retain a cybersecurity workforce. Competition for cybersecurity talent is fierce. According to a 2014 report from Burning Glass 1, cybersecurity job postings grew 74 percent from 2007 to 2013, to nearly 210,000 openings. This growth was more than twice that for all other IT-related job postings. Moreover, it is not enough to merely hire good people. Continual development and training are needed to ensure that employees keep pace with evolving threats and new technology. Getting in front of this manpower crisis requires: + + Increasing supply through outreach and partnering to support professional development programs in universities, high schools, and even earlier + + Reducing demand through resource sharing within and between organizations, improving the quality of the cybersecurity workforce, and supporting it with the right technology + + Developing new approaches to identifying available talent, including looking for it in non-traditional places

3 WHAT IS DRIVING DEMAND: DATA BREACH RESPONSE Cyber adversaries and threats are constantly evolving; while tried-and-true attacks and exploits will never die, newer and more sophisticated ones are always appearing. Given the growing complexity of IT enterprises, the response to data breaches and other security incidents is a complex, labor-intensive, and time-sensitive task. In a large private sector or government organization, the direct cost of response and mitigation can easily be millions of dollars. The costs of lost business and damage to reputation can be even greater. The first 24 hours following a breach are critical. To minimize damages and costs of a breach, pre-planning is essential. Without a strategy, you will spend the first days getting organized, identifying resources, and putting them into place. By this time you will be far behind the game, struggling to catch up with the intruder while simultaneously managing the ramifications with partners, customers, and the public. This demand on preparedness puts a premium on understanding your enterprise and available resources, as well as being able to quickly evaluate the extent and complexity of the attack. An effective response requires interior lines of communication for mobilizing resources throughout the organization, not just the IT shop and security operations center. To evaluate your readiness, ask yourself these questions: + + Do I have an up-to-date plan in place one that is more than shelfware? + + Have I tested this plan recently? + + Do I have the staff I need to respond to the incident or do I have access to surge support? + + Does my staff understand the threats, the adversaries they face, and their roles in the response plan? + + Is my CISO prepared to handle the threat to deal with the public, senior management, and the rest of the organization while directing the response? An effective, prepared workforce is needed to carry out your plan. Staff must include threat analysts who can combine outside sources of intelligence with data from enterprise sensors and logs to anticipate incidents and help direct the response. This can reduce the needed manpower. Many organizations, however do not have the necessary resources permanently on-staff, or know precisely how much manpower they will need when an incident occurs. They will need to be prepared to quickly surge their workforces to meet the need. Determining the right size of your cybersecurity staff is a matter of risk management. This will vary depending on an organization s size, IT enterprise, the threats it faces, the value of its assets (to itself and to adversaries), and the level of risk it chooses to accept. Response planning should include plans for mobilizing outside personnel, as needed. It is too late to begin assessing needs and looking for help after an incident has occurred. Your contact list, or calling tree, should already include the necessary points of contact, whether they are from other divisions within your organization, contractors and third-party service providers, or partner organizations. To quickly surge your workforce, you should know: + + What help you need. + + Who will you call for help? + + Are standing support agreements in place? 4 5

4 GETTING THE RIGHT PEOPLE Being prepared will help in managing and deploying a cybersecurity workforce, but you still must identify, recruit, and retain qualified people. This is not a simple job. Make sure that your human resources office understands the needs of cybersecurity and speak the same language as the IT departments. Cybersecurity is becoming professionalized, with a growing number of academic institutions offering degree programs at the undergraduate, graduate, and post-graduate levels. This is a positive development. But experience and professional certifications that demonstrate the ability to meet industry standards are proving to be just as important, if not more so, as academic degrees. A junior employee without a degree who has front-line, hands-on experience could be as valuable as a graduate from a university program. People can learn technology; in the end, personal characteristics that demonstrate the ability to perform on the job might be just as good an indicator as formal education. Striking the right balance between people and technology and determining the right size for your staff are just as important as getting the right people. Although technology cannot provide cybersecurity on its own, it is a valuable tool that enables staff to do their jobs more effectively. Investing in the right tools can help reduce the number of people required to provide the appropriate levels of security. But beyond this point, technology produces diminishing returns. A few good people with the right technical and leadership skills can become force multipliers, helping your team become greater than the sum of its parts. The proper balance of technology with the right people can let a cybersecurity team be lean, but still effective. To find the right people, you first need to understand what qualities are required for the job. What should you be looking for in a cybersecurity professional? Technical skills AND personality: + + People who are inquisitive, who like to take things apart to find out how they work or don t work + + People who are persistent, who continue working on tough problems until they are solved + + People who can collaborate and communicate across the organization, not just with other cybersecurity professionals + + People who demonstrate leadership, with the ability to create and direct multidisciplinary teams + + People who understand business and policy beyond IT and the impact that disruptive technologies have on business Finding all of these qualities in a single person is not easy. A master cyber Jedininja would be great, but even if found, he or she would likely be out of the price range of most organizations. You should look for someone with as many of the above qualities as possible, with the understanding that most of your cybersecurity workers will have specific technical strengths and areas of expertise that they can bring to the job. Teams of highly capable cybersecurity experts whose skills complement each other better enable organizations to meet their needs. This team-based approach can produce more innovative and creative solutions to challenging problems, and reduce the inherent risk in placing all of your organization s security in one all-encompassing expert. Identifying potential cybersecurity workers with these qualities can mean going outside the standard resume and interview process. One executive who wants to know what prospective employees are like outside of the workplace asks how many computers they have at home and how many are in working order. A candidate with two or three computers in pieces could indicate the kind of inquisitive, break-it-andfix-it mindset that the executive is looking for. If they re the kind who likes to take things apart, that s who I want. You can also gather insights from workplace style. Is the worker a cube-dweller, headdown and focused on the immediate task? Or is he or she working in an open environment with others, seeking help, sharing insights, and looking for answers? The latter might be the better pick for a cybersecurity team that needs to understand, collaborate, share, and respond quickly when an incident occurs. Finding these people could require looking beyond the usual recruiting environments. The Silicon Valleys and Silicon Alleys are obvious places to start, but they are full of companies looking for the same talent, and there is a lot of competition for qualified people. Moving upstream to the universities and colleges offering cybersecurity degree programs can be productive. The National Security Agency and the Department of Homeland Security have designated 55 institutions as National Centers of Academic Excellence in Information Assurance/Cyber Defense. 2 Universities in Arizona, Michigan, Kansas, New York, Maryland, Texas, and Oklahoma are making big investments in cybersecurity programs. And a growing number of schools, such as the University of Southern California Viterbi School of Engineering, Pennsylvania State University and The Johns Hopkins University have highly regarded online degree programs. Organizations can get needed talent into their recruiting pipelines by partnering with these institutions and others, helping to provide educational resources and ensuring that educators understand what the curriculum should include so that students are trained in the skills that organizations need https://www.nsa.gov/ia/academic_outreach/nat_cae/ 7

5 Some question the value of academic degrees for a hands-on, quickly evolving multidisciplinary field such as cybersecurity. While this is open to debate, it is true that on-the-job experience and professional certifications are proving to be just as important. Those without a four-year degree might not make the first cut in the traditional Human Resources recruiting process. But you shouldn t overlook professional experience, time spent in the trenches, and continuing technical training just because a candidate comes with an Associate s degree or a high school diploma. Finding these candidates can mean going to non-traditional settings. Every year there are gatherings of cybersecurity professionals and talented amateurs at events such as DEF CON, Black Hat Briefings, the RSA Conference, the Consumer Electronics Show, and numerous smaller hackathons and meetups. These can be rewarding venues for spotting less traditional talent. Because personal qualities can be important in making a successful cybersecurity practitioner, consider looking for these qualities in current junior level and non-technical employees. When you find workers with the right stuff, you can train them with the technical knowledge they need, creating an in-house source of professional talent. Booz Allen is meeting the human capital challenge head-on. We offer professional services to build cybersecurity capacity in government and the private sector, and partner with government and academia. We also are putting these practices to work within Booz Allen, developing and strengthening our own cybersecurity workforce. An example of Booz Allen s leadership in this area is in the development of the NICE-supported National Cybersecurity Workforce Framework. The National Initiative for Cybersecurity Education (NICE) is a public-private partnership focused on developing a technologically skilled and cyber-savvy workforce to help meet the exponential growth in demand. The initiative is led by the National Institute of Standards and Technology, [http://csrc.nist. gov/nice/index.htm] and includes partnerships with other government agencies and private companies. Booz Allen not only helped to develop the NICE-supported National Cybersecurity Workforce Framework, but it has been using it internally for five years. The framework provides a common taxonomy and lexicon to describe the cybersecurity workforce. It defines 32 specialty areas, their common tasks, required knowledge and skills, and specifies the necessary training and education. Although developed in part as a guide for federal workforce development, it can be a practical guide for any organization with cybersecurity priorities. WHAT WE ARE DOING TO ADDRESS THE CYBERSECURITY WORKFORCE CRISIS Workforce requirements identified by NICE include: + + Agility: the ability to shift between roles or needs should a threat warrant different support + + Multi-functional: the ability to maintain and execute a variety of activities at any given time + + Dynamic: the ability to provide for constant learning to effectively approach new endeavors and problems + + Flexible: the ability to move into new roles or environments quickly to increase knowledge and skills + + Informal: the ability to work in a nontraditional environment In addition to putting the National Cybersecurity Workforce Framework to work in our own organization, Booz Allen is working to develop talent before it is needed through outreach, identification of early talent, and by providing opportunities for training and education. Internally, Booz Allen has invested in the creation of a Cyber University where staff can gain access to training, certifications, information learning resources and academic programs to deepen their cybersecurity skills. This program was named Outstanding Training Initiative by Training Magazine in 2013 and has been instrumental in developing and retaining cybersecurity staff. 8 9

6 CONCLUSION Reciprocal research and development agreements with government agencies and partnerships with educational institutions support Cyber University. Booz Allen has partnered with academic institutions to create Cyber programs that are responsive to business needs. These partnerships focus on the design of curriculum and the integration of business insights into the courseware, making the content relevant to staff confronting challenges on the job. By working with our industry partners, we can create training for emerging technology solutions that are on the cutting edge. Cyber assessment and training tools such as CyberSim also support this effort. CyberSim provides assessment and learning exercises for cyber professionals, with content that can be geared to different skill sets and levels. Tailored and validated for the cyber needs of individual organizations, it helps identify internal employees ready to take on new roles, or those who need additional training in order to continue their growth. Utilizing gaming principles using a capture the flag format, organizations can use CyberSim as an ongoing program, or as an on-site event for training and team building. Booz Allen can help organizations develop cybersecurity capacity, both in government and the private sector. We can help develop organizational structure necessary to help the CISO during a crisis. We have the solutions to: + + Define the skills and competencies needed and map those skills to cybersecurity roles + + Forecast needs and develop a workforce plan + + Develop recruits to fill mission gaps + + Hire and retain skilled professionals + + Prepare workers to meet evolving mission requirements + + Cultivate leaders to continue the vision and carry it forward + + Provide recommendations on how cyber organizations should be structured and aligned within an organization With our blend of management/strategy consulting and technology, we are uniquely positioned to bring technology and human capital consulting to bear in planning for, developing, and maintaining the cybersecurity workforce an organization needs. The human capital crisis in cybersecurity is real, as illustrated by persistent data breaches and security incidents despite heightened attention to security. Organizations that cannot identify their needs and the people with the skills and qualities to meet them will find themselves increasingly at risk. The crisis must be addressed with a sense of urgency to deal both with current and future demand for skilled professionals. This requires immediate and long-term planning. Decision-makers should be ready now to look outside traditional recruiting avenues and be open to considering non-traditional candidates with the qualities needed to become cybersecurity professionals. At the same time, organizations can take steps to reduce demand by using the right technology, developing leadership skills in capable workers, and sharing resources to anticipate attacks rather than merely respond. Talent issues will define the foreseeable future of the cyber community. Organizations that can equip themselves to get ahead of these issues will position themselves for success. If we as nation can prioritize building a strong cyber talent base then our cybersecurity community will have a much better chance at beating bad guys in the future. About Booz Allen LORI ZUKIN PHD Principal JAMIE LOPEZ PHD Senior Associate ERIN WEISS KAYA Lead Associate ANDREW SMALLWOOD Lead Associate

7 About Booz Allen Booz Allen Hamilton has been at the forefront of strategy, technology, and engineering for more than 100 years. Booz Allen partners with private and public sector clients to solve their most difficult challenges. To learn more, visit (NYSE: BAH) 2015 Booz Allen Hamilton, Inc. DSI how-to-build-a-cyber-dream-team-when-it-comes-to

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

White Paper: Why We Need Veterans for Critical Infrastructure Security

White Paper: Why We Need Veterans for Critical Infrastructure Security White Paper: Why We Need Veterans for Critical Infrastructure Security Published By: SkillBridge, LLC November 8, 2013 Converging Factors There is a significant and growing challenge that currently faces

More information

EVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT. The Booz Allen Data Science Talent Management Model

EVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT. The Booz Allen Data Science Talent Management Model EVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT The Booz Allen Data Science Talent Management Model Recently, Harvard Business Review branded data science the Sexiest Job in the 21st

More information

Cybersecurity Capability Maturity Model

Cybersecurity Capability Maturity Model National Initiative for Cybersecurity Education Cybersecurity Capability Maturity Model White Paper Version.0 Last Updated: October 0, 0 0 0 Executive Summary Cybersecurity is one of the leading national

More information

The National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015

The National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015 The National Cybersecurity Workforce Framework 2015 Delaware Cyber Security Workshop September 29, 2015 Bill Newhouse NICE Program Office at the National Institute of Standards and Technology NICE is a

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

MEETING THE NATION S INFORMATION SECURITY CHALLENGES

MEETING THE NATION S INFORMATION SECURITY CHALLENGES MEETING THE NATION S INFORMATION SECURITY CHALLENGES TO ADDRESS SKILLS AND WORKFORCE SHORTAGES IN THE INFORMATION SECURITY INDUSTRY, THE NATIONAL SECURITY AGENCY AND THE DEPARTMENT OF HOMELAND SECURITY

More information

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting

More information

ISACA S CYBERSECURITY NEXUS (CSX) October 2015

ISACA S CYBERSECURITY NEXUS (CSX) October 2015 ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

The Path Ahead for Security Leaders

The Path Ahead for Security Leaders The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.

More information

CyberSkills Management Support Initiative

CyberSkills Management Support Initiative CyberSkills Management Support Initiative GROWING THE PIPELINE FOR CYBERTALENT THROUGH VOLUNTEER OPPORTUNITIES November 6, 2014 November 6, 2014 Background In June 2012, Secretary Napolitano announced

More information

Cyber Information-Sharing Models: An Overview

Cyber Information-Sharing Models: An Overview PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents

More information

TURNING THE RISING TIDE OF CYBERSECURITY THREATS

TURNING THE RISING TIDE OF CYBERSECURITY THREATS TURNING THE RISING TIDE OF CYBERSECURITY THREATS With cyber attacks on the rise, there s a growing need for digital forensic professionals with the knowledge and skills to investigate technology crimes

More information

National Initiative for Cyber Security Education

National Initiative for Cyber Security Education 2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women

More information

National Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce

National Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce National Initiative for Cybersecurity Education Best practices for planning a cybersecurity workforce White Paper Version.0 Last Updated: October 0, 0 0 0 0 Executive Summary The Nation s cybersecurity

More information

WHEN INDIVIDUALS SUCCEED ORGANIZATIONS WIN

WHEN INDIVIDUALS SUCCEED ORGANIZATIONS WIN WHEN INDIVIDUALS SUCCEED ORGANIZATIONS WIN THE WORKPLACE IS CHANGING There s a new dynamic in employee and employer relationships. Employees want to learn and grow throughout their entire careers. They

More information

National Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce. White Paper

National Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce. White Paper National Initiative for Cybersecurity Education Best practices for planning a cybersecurity workforce White Paper Version 2.0 Last Updated: July 01, 2013 2 Executive Summary The Nation s cybersecurity

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement

Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement 2015 Burning Glass Technologies Cybersecurity has a Big Problem Attacks are rising Cyber incidents jumped

More information

Security and Privacy Trends 2014

Security and Privacy Trends 2014 2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

Cyber Risk to Help Shape Industry Trends in 2014

Cyber Risk to Help Shape Industry Trends in 2014 Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s

More information

WHITE PAPER: How to Tackle Industry Challenges?

WHITE PAPER: How to Tackle Industry Challenges? WHITE PAPER: How to Tackle Industry Challenges? Introduction Human Resources (HR) teams came into existence, during the industrial revolution, for the purpose of manpower planning. HR professionals have

More information

In Brief. Just the Facts

In Brief. Just the Facts In Brief Just the Facts N ardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including the FCPA/UK Bribery Act and other corruption-related investigations,

More information

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events

More information

The New War for Talent in Analytics and Marketing Services

The New War for Talent in Analytics and Marketing Services The New War for Talent in Analytics and Marketing Services The analytics and marketing services sector is experiencing explosive growth. Influenced by major trends such as big data, digital and data-centric

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the

More information

National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog Training Provider Instruction Guide

National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog Training Provider Instruction Guide National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog Training Provider Instruction Guide Overview During this presentation, you will: Learn about

More information

Randstad Enterprise Healthcare Solutions. talent, strategic services, workforce management and technology solutions

Randstad Enterprise Healthcare Solutions. talent, strategic services, workforce management and technology solutions Randstad Enterprise Healthcare Solutions talent, strategic services, workforce management and technology solutions Randstad Enterprise Healthcare Solutions talent, strategic services, workforce management

More information

Small Business Checkup

Small Business Checkup Small Business Checkup How healthy is your business? www.aretehr.com TABLE OF CONTENTS The Four Keys to Business Health... 3 Management & Operations... 4 Marketing... 6 Financial & Legal... 8 Human Resources...

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

Talent Analytics. Compare Your Talent against the Best in Your Industry

Talent Analytics. Compare Your Talent against the Best in Your Industry Talent Analytics Compare Your Talent against the Best in Your Industry How Effective are Your People Strategies? The largest proportion of an organization s expenditure is on its people. But how effective

More information

Cybersecurity Awareness for Executives

Cybersecurity Awareness for Executives SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Evaluating and attracting your next CISO: More

More information

PwC Cybersecurity Briefing

PwC Cybersecurity Briefing www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

GEARS Cyber-Security Services

GEARS Cyber-Security Services Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments

More information

Cyber Security: Confronting the Threat

Cyber Security: Confronting the Threat 09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%

More information

Cyber Learning Solutions

Cyber Learning Solutions Cyber Learning Solutions 2014 Extended Course Catalog Raytheon Cyber Solutions Inc. (RCSI) cyber-training@list.app.ray.com www.raytheon.com 1 Raytheon Cyber Learning Solutions 2014 Catalog CONTENTS The

More information

The Importance of Data Quality for Intelligent Data Analytics:

The Importance of Data Quality for Intelligent Data Analytics: The Importance of Data Quality for Intelligent Data Analytics: Optimizing the Financial and Operational Performance of IT White Paper IT decisions are only as good as the data they re based on. And that

More information

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed

More information

HR STILL GETTING IT WRONG BIG DATA & PREDICTIVE ANALYTICS THE RIGHT WAY

HR STILL GETTING IT WRONG BIG DATA & PREDICTIVE ANALYTICS THE RIGHT WAY HR STILL GETTING IT WRONG BIG DATA & PREDICTIVE ANALYTICS THE RIGHT WAY OVERVIEW Research cited by Forbes estimates that more than half of companies sampled (over 60%) are investing in big data and predictive

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Cybersecurity: A View from the Boardroom

Cybersecurity: A View from the Boardroom An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief

More information

Developing Market-Relevant Curricula and Credentials: Employer Engagement for Community Colleges in Partnerships

Developing Market-Relevant Curricula and Credentials: Employer Engagement for Community Colleges in Partnerships For more information please contact: Holly Parker VP, Economic Opportunity hparker@skilledwork.org 734.769.2900 x219 Developing Market-Relevant Curricula and Credentials: Employer Engagement for Community

More information

Recruitment Process Outsourcing:

Recruitment Process Outsourcing: Recruitment Process Outsourcing: What You Should Look for in an RPO Provider James F. McCoy Vice President & RPO Practice Lead It used to be that companies looked exclusively at cost and process to identify

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

September 24, 2015. Mr. Hogan and Ms. Newton:

September 24, 2015. Mr. Hogan and Ms. Newton: Mr. Michael Hogan and Ms. Elaine Newton Office of the Director, Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive Mail Stop 8930 Gaithersburg, MD 20899-8930

More information

The Aidspan Internship Programme

The Aidspan Internship Programme The Aidspan Internship Programme January 2015 Contents Who We Are... 3 Why Offer an Internship Program?... 3 What is an Aidspan Internship?... 4 Internship Processes and Policies... 4 Giving Our Interns

More information

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS 1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS Synopsis SPSP Project Overview Phase I Summary Phase

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

One similarity among most successful organizations is strong leadership with a topdown

One similarity among most successful organizations is strong leadership with a topdown THE HIGH PERFORMANCE PORTFOLIO: ORGANIZATIONAL APPROACHES TO ENERGY MANAGEMENT SUMMARY: Successful energy management requires that responsibilities for energy performance are clearly defined within the

More information

Statement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of

Statement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of Statement for the Record by Dr. Donald M. Kerr Director, National Reconnaissance Office, Nominee for the Position of Principal Deputy Director of National Intelligence, before the Senate Select Committee

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

International Society of Exposure Science (ISES) Strategic Plan: Creating a Safer and Healthier World by Advancing The Science of Exposure 2008 2011

International Society of Exposure Science (ISES) Strategic Plan: Creating a Safer and Healthier World by Advancing The Science of Exposure 2008 2011 International Society of Exposure Science (ISES) Strategic Plan: Creating a Safer and Healthier World by Advancing The Science of Exposure 2008 2011 Executive Summary Changes in the field of exposure have

More information

CYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322

CYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL BY 2 In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Root Cause Analysis Concepts and Best Practices for IT Problem Managers

Root Cause Analysis Concepts and Best Practices for IT Problem Managers Root Cause Analysis Concepts and Best Practices for IT Problem Managers By Mark Hall, Apollo RCA Instructor & Investigator A version of this article was featured in the April 2010 issue of Industrial Engineer

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

The Cyber Security Leap: From Laggard to Leader. April 2015

The Cyber Security Leap: From Laggard to Leader. April 2015 The Cyber Security Leap: From Laggard to Leader April 2015 How do some organizations achieve better security performance? We compared organizations that were able to leapfrog their security effectiveness

More information

Systematizing selling: applying a framework for a more effective sales force

Systematizing selling: applying a framework for a more effective sales force Article Systematizing selling: applying a framework for a more effective sales force 34 Volume 5 Issue 2 Getting people to part with their cash in these tough economic times is hard enough for successful

More information

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and

More information

THE EVOLUTION of Talent Management Consulting

THE EVOLUTION of Talent Management Consulting Talent management consulting is the giving of professional, expert advice to executives who are put in charge of handling, directing, or managing those who have a capacity for achievement or success. THE

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many

More information

OBJECTIVES. To discuss what succession planning is. To discuss what succession planning is NOT. To discuss why is succession planning needed?

OBJECTIVES. To discuss what succession planning is. To discuss what succession planning is NOT. To discuss why is succession planning needed? SUCCESSION PLANNING OBJECTIVES To discuss what succession planning is To discuss what succession planning is NOT To discuss why is succession planning needed? To discuss the basics of succession planning

More information

Using Predictive Analytics To Drive Workforce Optimization. New Insights From Big Data Analysis Uncover Key Drivers of Workforce Profitability

Using Predictive Analytics To Drive Workforce Optimization. New Insights From Big Data Analysis Uncover Key Drivers of Workforce Profitability Using Predictive Analytics To Drive Workforce Optimization New Insights From Big Data Analysis Uncover Key Drivers of Workforce Profitability Using Predictive Analytics To Drive Workforce Optimization

More information

Department of Defense Cyberspace Workforce Strategy. December 4, 2013. Approved for public release: distribution unlimited.

Department of Defense Cyberspace Workforce Strategy. December 4, 2013. Approved for public release: distribution unlimited. Department of Defense Cyberspace Workforce Strategy December 4, 2013 Approved for public release: distribution unlimited. DoD Cyberspace Workforce Strategy Introduction Cyberspace is acknowledged as a

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Benjamin Scribner Department of (DHS) National Cybersecurity Education & Awareness Branch (CE&A) October 2014 Mid-South

More information

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014 www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday

More information

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc.

The Directors Cut. The power of data: What directors need to know about Big Data, analytics and the evolution of information. www.pwc. www.pwc.com/ca/acconnect The Directors Cut The power of data: What directors need to know about Big Data, analytics and the evolution of information December 201 This newsletter is brought to you by PwC

More information

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 EXECUTIVE SUMMARY In this digital age, social media has quickly become one of the most important communication channels. The shift to online conversation

More information

Northrop Grumman White Paper

Northrop Grumman White Paper Northrop Grumman White Paper Business Analytics for Better Government Authors: Patrick Elder and Thomas Naphor April 18, 2012 Northrop Grumman Corporation Information Systems Sector 7575 Colshire Drive

More information

An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015

An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015 An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans NICE Annual Conference November 2015 Panelists David Brown, Director of CyberTalent at the SANS Institute, a new business unit

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

HOTJOBS FORECAST OF TOP EXECUTIVE JOBS

HOTJOBS FORECAST OF TOP EXECUTIVE JOBS HOTJOBS FORECAST OF TOP EXECUTIVE JOBS 2015 A CTPartners Forecast of Top Executive Jobs in 2015 Even as companies continue to look for indicators of ongoing economic growth and stability that could boost

More information

How to Catch em, How to Keep em

How to Catch em, How to Keep em How to Catch em, How to Keep em IPMAAC Conference 2000 Rich Moonblatt AMG/RecruitCom Chevy Chase, MD Recruiters and Retention Should recruiters be involved in retention? Should recruiters focus on bringing

More information

The Role of Internal Audit in Risk Governance

The Role of Internal Audit in Risk Governance The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

The 5 Cybersecurity Concerns You Can t Overlook

The 5 Cybersecurity Concerns You Can t Overlook The 5 Cybersecurity Concerns You Can t Overlook and how to address them 2014 SimSpace Corporation The 5 Cybersecurity Concerns You Can t Overlook CONCERN 1 You don t know how good your cybersecurity team

More information

Improving Cyber Security Risk Management through Collaboration

Improving Cyber Security Risk Management through Collaboration CTO Corner April 2014 Improving Cyber Security Risk Management through Collaboration Dan Schutzer, Senior Technology Consultant, BITS Back in March 2013, I wrote a CTO Corner on Operational and Cyber Risk

More information

Anticipating the Breach

Anticipating the Breach Anticipating the Breach What to do before, during and after an attack. CONTENTS Before... 2 During... 3 After... 4 Conclusion... 5 Brought to you compliments of Security incidents may be inevitable, but

More information

Analyze Samples: Job Posting and Resumes Overview

Analyze Samples: Job Posting and Resumes Overview Analyze Samples: Job Posting and Resumes Overview Alberta Government job postings provide information about the job, work environment, and the qualifications needed for successful performance (education,

More information

MANAGING THE EMPLOYEE LIFECYCLE

MANAGING THE EMPLOYEE LIFECYCLE MANAGING THE EMPLOYEE LIFECYCLE Current Position Jose Laurel Experience & Expertise 16 years experience in management, operations, marketing and international commerce Prior to G&A, served as country manager

More information