Getting in Front of the Cybersecurity Talent Crisis
|
|
- Baldwin Dale Daniel
- 8 years ago
- Views:
Transcription
1 CYBERSECURITY WORKFORCE Getting in Front of the Cybersecurity Talent Crisis how-to-build-a-cyber-dream-team-when-it-comes-to
2 CONTENTS INTRODUCTION Introduction... 3 What is Driving Demand: Data Breach Response... 4 Getting the Right People... 6 What We Are Doing to Address the Cybersecurity Workforce Crisis... 9 Conclusion There is a human capital crisis in cyber security. Demand for skilled professionals currently outweighs supply, and the growing sophistication of cyber adversaries coupled with our increasingly networked enterprises means that demand will grow. Unless we increase the number of trained professionals coming into the workforce and become better at identifying, nurturing and retaining workers with the necessary qualities, this crisis will progressively drain organizations bottom lines. Organizations have begun to realize that cybersecurity problems involve more than just technology. There is also a people and business problem. Effective technology solutions are needed to protect IT infrastructures, and automation can help free humans to do what they do best: analyze, understand, anticipate and respond to security incidents. But technology is only a tool; security requires having the right people with the right capabilities on the job. Effective cybersecurity is a core business requirement in today s global economy, and C-level executives are increasingly being held accountable for breaches. We re making progress professionalizing and institutionalizing cybersecurity. Ten years ago, security operations usually were underfunded and given low priority. The Chief Information Security Officer (CISO) did not exist. Today, however, cybersecurity is a high business priority, and among companies that employ a CISO, many are in the boardroom. But much remains to be done. Only 40 percent of Fortune 100 companies have a CISO, and organizations still struggle to build, recruit and retain a cybersecurity workforce. Competition for cybersecurity talent is fierce. According to a 2014 report from Burning Glass 1, cybersecurity job postings grew 74 percent from 2007 to 2013, to nearly 210,000 openings. This growth was more than twice that for all other IT-related job postings. Moreover, it is not enough to merely hire good people. Continual development and training are needed to ensure that employees keep pace with evolving threats and new technology. Getting in front of this manpower crisis requires: + + Increasing supply through outreach and partnering to support professional development programs in universities, high schools, and even earlier + + Reducing demand through resource sharing within and between organizations, improving the quality of the cybersecurity workforce, and supporting it with the right technology + + Developing new approaches to identifying available talent, including looking for it in non-traditional places
3 WHAT IS DRIVING DEMAND: DATA BREACH RESPONSE Cyber adversaries and threats are constantly evolving; while tried-and-true attacks and exploits will never die, newer and more sophisticated ones are always appearing. Given the growing complexity of IT enterprises, the response to data breaches and other security incidents is a complex, labor-intensive, and time-sensitive task. In a large private sector or government organization, the direct cost of response and mitigation can easily be millions of dollars. The costs of lost business and damage to reputation can be even greater. The first 24 hours following a breach are critical. To minimize damages and costs of a breach, pre-planning is essential. Without a strategy, you will spend the first days getting organized, identifying resources, and putting them into place. By this time you will be far behind the game, struggling to catch up with the intruder while simultaneously managing the ramifications with partners, customers, and the public. This demand on preparedness puts a premium on understanding your enterprise and available resources, as well as being able to quickly evaluate the extent and complexity of the attack. An effective response requires interior lines of communication for mobilizing resources throughout the organization, not just the IT shop and security operations center. To evaluate your readiness, ask yourself these questions: + + Do I have an up-to-date plan in place one that is more than shelfware? + + Have I tested this plan recently? + + Do I have the staff I need to respond to the incident or do I have access to surge support? + + Does my staff understand the threats, the adversaries they face, and their roles in the response plan? + + Is my CISO prepared to handle the threat to deal with the public, senior management, and the rest of the organization while directing the response? An effective, prepared workforce is needed to carry out your plan. Staff must include threat analysts who can combine outside sources of intelligence with data from enterprise sensors and logs to anticipate incidents and help direct the response. This can reduce the needed manpower. Many organizations, however do not have the necessary resources permanently on-staff, or know precisely how much manpower they will need when an incident occurs. They will need to be prepared to quickly surge their workforces to meet the need. Determining the right size of your cybersecurity staff is a matter of risk management. This will vary depending on an organization s size, IT enterprise, the threats it faces, the value of its assets (to itself and to adversaries), and the level of risk it chooses to accept. Response planning should include plans for mobilizing outside personnel, as needed. It is too late to begin assessing needs and looking for help after an incident has occurred. Your contact list, or calling tree, should already include the necessary points of contact, whether they are from other divisions within your organization, contractors and third-party service providers, or partner organizations. To quickly surge your workforce, you should know: + + What help you need. + + Who will you call for help? + + Are standing support agreements in place? 4 5
4 GETTING THE RIGHT PEOPLE Being prepared will help in managing and deploying a cybersecurity workforce, but you still must identify, recruit, and retain qualified people. This is not a simple job. Make sure that your human resources office understands the needs of cybersecurity and speak the same language as the IT departments. Cybersecurity is becoming professionalized, with a growing number of academic institutions offering degree programs at the undergraduate, graduate, and post-graduate levels. This is a positive development. But experience and professional certifications that demonstrate the ability to meet industry standards are proving to be just as important, if not more so, as academic degrees. A junior employee without a degree who has front-line, hands-on experience could be as valuable as a graduate from a university program. People can learn technology; in the end, personal characteristics that demonstrate the ability to perform on the job might be just as good an indicator as formal education. Striking the right balance between people and technology and determining the right size for your staff are just as important as getting the right people. Although technology cannot provide cybersecurity on its own, it is a valuable tool that enables staff to do their jobs more effectively. Investing in the right tools can help reduce the number of people required to provide the appropriate levels of security. But beyond this point, technology produces diminishing returns. A few good people with the right technical and leadership skills can become force multipliers, helping your team become greater than the sum of its parts. The proper balance of technology with the right people can let a cybersecurity team be lean, but still effective. To find the right people, you first need to understand what qualities are required for the job. What should you be looking for in a cybersecurity professional? Technical skills AND personality: + + People who are inquisitive, who like to take things apart to find out how they work or don t work + + People who are persistent, who continue working on tough problems until they are solved + + People who can collaborate and communicate across the organization, not just with other cybersecurity professionals + + People who demonstrate leadership, with the ability to create and direct multidisciplinary teams + + People who understand business and policy beyond IT and the impact that disruptive technologies have on business Finding all of these qualities in a single person is not easy. A master cyber Jedininja would be great, but even if found, he or she would likely be out of the price range of most organizations. You should look for someone with as many of the above qualities as possible, with the understanding that most of your cybersecurity workers will have specific technical strengths and areas of expertise that they can bring to the job. Teams of highly capable cybersecurity experts whose skills complement each other better enable organizations to meet their needs. This team-based approach can produce more innovative and creative solutions to challenging problems, and reduce the inherent risk in placing all of your organization s security in one all-encompassing expert. Identifying potential cybersecurity workers with these qualities can mean going outside the standard resume and interview process. One executive who wants to know what prospective employees are like outside of the workplace asks how many computers they have at home and how many are in working order. A candidate with two or three computers in pieces could indicate the kind of inquisitive, break-it-andfix-it mindset that the executive is looking for. If they re the kind who likes to take things apart, that s who I want. You can also gather insights from workplace style. Is the worker a cube-dweller, headdown and focused on the immediate task? Or is he or she working in an open environment with others, seeking help, sharing insights, and looking for answers? The latter might be the better pick for a cybersecurity team that needs to understand, collaborate, share, and respond quickly when an incident occurs. Finding these people could require looking beyond the usual recruiting environments. The Silicon Valleys and Silicon Alleys are obvious places to start, but they are full of companies looking for the same talent, and there is a lot of competition for qualified people. Moving upstream to the universities and colleges offering cybersecurity degree programs can be productive. The National Security Agency and the Department of Homeland Security have designated 55 institutions as National Centers of Academic Excellence in Information Assurance/Cyber Defense. 2 Universities in Arizona, Michigan, Kansas, New York, Maryland, Texas, and Oklahoma are making big investments in cybersecurity programs. And a growing number of schools, such as the University of Southern California Viterbi School of Engineering, Pennsylvania State University and The Johns Hopkins University have highly regarded online degree programs. Organizations can get needed talent into their recruiting pipelines by partnering with these institutions and others, helping to provide educational resources and ensuring that educators understand what the curriculum should include so that students are trained in the skills that organizations need
5 Some question the value of academic degrees for a hands-on, quickly evolving multidisciplinary field such as cybersecurity. While this is open to debate, it is true that on-the-job experience and professional certifications are proving to be just as important. Those without a four-year degree might not make the first cut in the traditional Human Resources recruiting process. But you shouldn t overlook professional experience, time spent in the trenches, and continuing technical training just because a candidate comes with an Associate s degree or a high school diploma. Finding these candidates can mean going to non-traditional settings. Every year there are gatherings of cybersecurity professionals and talented amateurs at events such as DEF CON, Black Hat Briefings, the RSA Conference, the Consumer Electronics Show, and numerous smaller hackathons and meetups. These can be rewarding venues for spotting less traditional talent. Because personal qualities can be important in making a successful cybersecurity practitioner, consider looking for these qualities in current junior level and non-technical employees. When you find workers with the right stuff, you can train them with the technical knowledge they need, creating an in-house source of professional talent. Booz Allen is meeting the human capital challenge head-on. We offer professional services to build cybersecurity capacity in government and the private sector, and partner with government and academia. We also are putting these practices to work within Booz Allen, developing and strengthening our own cybersecurity workforce. An example of Booz Allen s leadership in this area is in the development of the NICE-supported National Cybersecurity Workforce Framework. The National Initiative for Cybersecurity Education (NICE) is a public-private partnership focused on developing a technologically skilled and cyber-savvy workforce to help meet the exponential growth in demand. The initiative is led by the National Institute of Standards and Technology, [ gov/nice/index.htm] and includes partnerships with other government agencies and private companies. Booz Allen not only helped to develop the NICE-supported National Cybersecurity Workforce Framework, but it has been using it internally for five years. The framework provides a common taxonomy and lexicon to describe the cybersecurity workforce. It defines 32 specialty areas, their common tasks, required knowledge and skills, and specifies the necessary training and education. Although developed in part as a guide for federal workforce development, it can be a practical guide for any organization with cybersecurity priorities. WHAT WE ARE DOING TO ADDRESS THE CYBERSECURITY WORKFORCE CRISIS Workforce requirements identified by NICE include: + + Agility: the ability to shift between roles or needs should a threat warrant different support + + Multi-functional: the ability to maintain and execute a variety of activities at any given time + + Dynamic: the ability to provide for constant learning to effectively approach new endeavors and problems + + Flexible: the ability to move into new roles or environments quickly to increase knowledge and skills + + Informal: the ability to work in a nontraditional environment In addition to putting the National Cybersecurity Workforce Framework to work in our own organization, Booz Allen is working to develop talent before it is needed through outreach, identification of early talent, and by providing opportunities for training and education. Internally, Booz Allen has invested in the creation of a Cyber University where staff can gain access to training, certifications, information learning resources and academic programs to deepen their cybersecurity skills. This program was named Outstanding Training Initiative by Training Magazine in 2013 and has been instrumental in developing and retaining cybersecurity staff. 8 9
6 CONCLUSION Reciprocal research and development agreements with government agencies and partnerships with educational institutions support Cyber University. Booz Allen has partnered with academic institutions to create Cyber programs that are responsive to business needs. These partnerships focus on the design of curriculum and the integration of business insights into the courseware, making the content relevant to staff confronting challenges on the job. By working with our industry partners, we can create training for emerging technology solutions that are on the cutting edge. Cyber assessment and training tools such as CyberSim also support this effort. CyberSim provides assessment and learning exercises for cyber professionals, with content that can be geared to different skill sets and levels. Tailored and validated for the cyber needs of individual organizations, it helps identify internal employees ready to take on new roles, or those who need additional training in order to continue their growth. Utilizing gaming principles using a capture the flag format, organizations can use CyberSim as an ongoing program, or as an on-site event for training and team building. Booz Allen can help organizations develop cybersecurity capacity, both in government and the private sector. We can help develop organizational structure necessary to help the CISO during a crisis. We have the solutions to: + + Define the skills and competencies needed and map those skills to cybersecurity roles + + Forecast needs and develop a workforce plan + + Develop recruits to fill mission gaps + + Hire and retain skilled professionals + + Prepare workers to meet evolving mission requirements + + Cultivate leaders to continue the vision and carry it forward + + Provide recommendations on how cyber organizations should be structured and aligned within an organization With our blend of management/strategy consulting and technology, we are uniquely positioned to bring technology and human capital consulting to bear in planning for, developing, and maintaining the cybersecurity workforce an organization needs. The human capital crisis in cybersecurity is real, as illustrated by persistent data breaches and security incidents despite heightened attention to security. Organizations that cannot identify their needs and the people with the skills and qualities to meet them will find themselves increasingly at risk. The crisis must be addressed with a sense of urgency to deal both with current and future demand for skilled professionals. This requires immediate and long-term planning. Decision-makers should be ready now to look outside traditional recruiting avenues and be open to considering non-traditional candidates with the qualities needed to become cybersecurity professionals. At the same time, organizations can take steps to reduce demand by using the right technology, developing leadership skills in capable workers, and sharing resources to anticipate attacks rather than merely respond. Talent issues will define the foreseeable future of the cyber community. Organizations that can equip themselves to get ahead of these issues will position themselves for success. If we as nation can prioritize building a strong cyber talent base then our cybersecurity community will have a much better chance at beating bad guys in the future. About Booz Allen LORI ZUKIN PHD Principal zukin_lori@bah.com JAMIE LOPEZ PHD Senior Associate lopez_jamie@bah.com ERIN WEISS KAYA Lead Associate weiss_kaya_erin@bah.com ANDREW SMALLWOOD Lead Associate smallwood_andrew@bah.com
7 About Booz Allen Booz Allen Hamilton has been at the forefront of strategy, technology, and engineering for more than 100 years. Booz Allen partners with private and public sector clients to solve their most difficult challenges. To learn more, visit (NYSE: BAH) 2015 Booz Allen Hamilton, Inc. DSI how-to-build-a-cyber-dream-team-when-it-comes-to
Cybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationWhite Paper: Why We Need Veterans for Critical Infrastructure Security
White Paper: Why We Need Veterans for Critical Infrastructure Security Published By: SkillBridge, LLC November 8, 2013 Converging Factors There is a significant and growing challenge that currently faces
More informationEVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT. The Booz Allen Data Science Talent Management Model
EVERYTHING YOU NEED TO KNOW ABOUT MANAGING YOUR DATA SCIENCE TALENT The Booz Allen Data Science Talent Management Model Recently, Harvard Business Review branded data science the Sexiest Job in the 21st
More informationCybersecurity Capability Maturity Model
National Initiative for Cybersecurity Education Cybersecurity Capability Maturity Model White Paper Version.0 Last Updated: October 0, 0 0 0 Executive Summary Cybersecurity is one of the leading national
More informationThe National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015
The National Cybersecurity Workforce Framework 2015 Delaware Cyber Security Workshop September 29, 2015 Bill Newhouse NICE Program Office at the National Institute of Standards and Technology NICE is a
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationMEETING THE NATION S INFORMATION SECURITY CHALLENGES
MEETING THE NATION S INFORMATION SECURITY CHALLENGES TO ADDRESS SKILLS AND WORKFORCE SHORTAGES IN THE INFORMATION SECURITY INDUSTRY, THE NATIONAL SECURITY AGENCY AND THE DEPARTMENT OF HOMELAND SECURITY
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationCyber Information-Sharing Models: An Overview
PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents
More informationNational Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce
National Initiative for Cybersecurity Education Best practices for planning a cybersecurity workforce White Paper Version.0 Last Updated: October 0, 0 0 0 0 Executive Summary The Nation s cybersecurity
More informationISACA S CYBERSECURITY NEXUS (CSX) October 2015
ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration
More informationWHEN INDIVIDUALS SUCCEED ORGANIZATIONS WIN
WHEN INDIVIDUALS SUCCEED ORGANIZATIONS WIN THE WORKPLACE IS CHANGING There s a new dynamic in employee and employer relationships. Employees want to learn and grow throughout their entire careers. They
More informationCyber Risk to Help Shape Industry Trends in 2014
Cyber Risk to Help Shape Industry Trends in 2014 Rigzone Staff 12/18/2013 URL: http://www.rigzone.com/news/oil_gas/a/130621/cyber_risk_to_help_shape_industry_trends_i n_2014 The oil and gas industry s
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationTURNING THE RISING TIDE OF CYBERSECURITY THREATS
TURNING THE RISING TIDE OF CYBERSECURITY THREATS With cyber attacks on the rise, there s a growing need for digital forensic professionals with the knowledge and skills to investigate technology crimes
More informationCyberSkills Management Support Initiative
CyberSkills Management Support Initiative GROWING THE PIPELINE FOR CYBERTALENT THROUGH VOLUNTEER OPPORTUNITIES November 6, 2014 November 6, 2014 Background In June 2012, Secretary Napolitano announced
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationBridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement
Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement 2015 Burning Glass Technologies Cybersecurity has a Big Problem Attacks are rising Cyber incidents jumped
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationSITUATIONAL AWARENESS MITIGATE CYBERTHREATS
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
More informationWHITE PAPER: How to Tackle Industry Challenges?
WHITE PAPER: How to Tackle Industry Challenges? Introduction Human Resources (HR) teams came into existence, during the industrial revolution, for the purpose of manpower planning. HR professionals have
More informationNational Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog Training Provider Instruction Guide
National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Training and Education Catalog Training Provider Instruction Guide Overview During this presentation, you will: Learn about
More informationIn Brief. Just the Facts
In Brief Just the Facts N ardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including the FCPA/UK Bribery Act and other corruption-related investigations,
More informationSecurity and Privacy Trends 2014
2014 Agenda Today s cyber threats 3 You could be under cyber attack now! Improve 6 Awareness of cyber threats propels improvements Expand 11 Leading practices to combat cyber threats Innovate 20 To survive,
More informationSmall Business Checkup
Small Business Checkup How healthy is your business? www.aretehr.com TABLE OF CONTENTS The Four Keys to Business Health... 3 Management & Operations... 4 Marketing... 6 Financial & Legal... 8 Human Resources...
More informationNational Initiative for Cybersecurity Education. Best practices for planning a cybersecurity workforce. White Paper
National Initiative for Cybersecurity Education Best practices for planning a cybersecurity workforce White Paper Version 2.0 Last Updated: July 01, 2013 2 Executive Summary The Nation s cybersecurity
More informationRandstad Enterprise Healthcare Solutions. talent, strategic services, workforce management and technology solutions
Randstad Enterprise Healthcare Solutions talent, strategic services, workforce management and technology solutions Randstad Enterprise Healthcare Solutions talent, strategic services, workforce management
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationCyber Learning Solutions
Cyber Learning Solutions 2014 Extended Course Catalog Raytheon Cyber Solutions Inc. (RCSI) cyber-training@list.app.ray.com www.raytheon.com 1 Raytheon Cyber Learning Solutions 2014 Catalog CONTENTS The
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationThe New War for Talent in Analytics and Marketing Services
The New War for Talent in Analytics and Marketing Services The analytics and marketing services sector is experiencing explosive growth. Influenced by major trends such as big data, digital and data-centric
More informationCyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014
CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationHR STILL GETTING IT WRONG BIG DATA & PREDICTIVE ANALYTICS THE RIGHT WAY
HR STILL GETTING IT WRONG BIG DATA & PREDICTIVE ANALYTICS THE RIGHT WAY OVERVIEW Research cited by Forbes estimates that more than half of companies sampled (over 60%) are investing in big data and predictive
More informationDeveloping Market-Relevant Curricula and Credentials: Employer Engagement for Community Colleges in Partnerships
For more information please contact: Holly Parker VP, Economic Opportunity hparker@skilledwork.org 734.769.2900 x219 Developing Market-Relevant Curricula and Credentials: Employer Engagement for Community
More informationCybersecurity: A View from the Boardroom
An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationSeptember 24, 2015. Mr. Hogan and Ms. Newton:
Mr. Michael Hogan and Ms. Elaine Newton Office of the Director, Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive Mail Stop 8930 Gaithersburg, MD 20899-8930
More informationRecruitment Process Outsourcing:
Recruitment Process Outsourcing: What You Should Look for in an RPO Provider James F. McCoy Vice President & RPO Practice Lead It used to be that companies looked exclusively at cost and process to identify
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Evaluating and attracting your next CISO: More
More informationCyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationThe Aidspan Internship Programme
The Aidspan Internship Programme January 2015 Contents Who We Are... 3 Why Offer an Internship Program?... 3 What is an Aidspan Internship?... 4 Internship Processes and Policies... 4 Giving Our Interns
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationPwC Cybersecurity Briefing
www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationTalent Analytics. Compare Your Talent against the Best in Your Industry
Talent Analytics Compare Your Talent against the Best in Your Industry How Effective are Your People Strategies? The largest proportion of an organization s expenditure is on its people. But how effective
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationCYBERSECURITY RISK RESEARCH CENTRE. http://www.riskgroupllc.com. http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322
CYBERSECURITY RISK RESEARCH CENTRE http://www.riskgroupllc.com http://www.riskgroupllc.com info@riskgroupllc.com + (832) 971 8322 Cyber-Security Risk Research Centre In this era of interconnected and interdependent
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationBlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION
BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationThe Importance of Data Quality for Intelligent Data Analytics:
The Importance of Data Quality for Intelligent Data Analytics: Optimizing the Financial and Operational Performance of IT White Paper IT decisions are only as good as the data they re based on. And that
More informationVulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War
Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent
More informationThe Cyber Security Leap: From Laggard to Leader. April 2015
The Cyber Security Leap: From Laggard to Leader April 2015 How do some organizations achieve better security performance? We compared organizations that were able to leapfrog their security effectiveness
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationThe People Side of Strategy Why Closing the Gender Talent Gap Makes Sense for Business
ManpowerGroup Solutions Talent Based Outsourcing The People Side of Strategy Why Closing the Gender Talent Gap Makes Sense for Business a The People Side of Strategy A ManpowerGroup Solutions White Paper
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationAchieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce
Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce Benjamin Scribner Department of (DHS) National Cybersecurity Education & Awareness Branch (CE&A) October 2014 Mid-South
More informationNorthrop Grumman White Paper
Northrop Grumman White Paper Business Analytics for Better Government Authors: Patrick Elder and Thomas Naphor April 18, 2012 Northrop Grumman Corporation Information Systems Sector 7575 Colshire Drive
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationHow To Create An Insight Analysis For Cyber Security
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
More informationAn Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015
An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans NICE Annual Conference November 2015 Panelists David Brown, Director of CyberTalent at the SANS Institute, a new business unit
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationStatement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of
Statement for the Record by Dr. Donald M. Kerr Director, National Reconnaissance Office, Nominee for the Position of Principal Deputy Director of National Intelligence, before the Senate Select Committee
More informationSECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS
1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS Synopsis SPSP Project Overview Phase I Summary Phase
More informationHow to Catch em, How to Keep em
How to Catch em, How to Keep em IPMAAC Conference 2000 Rich Moonblatt AMG/RecruitCom Chevy Chase, MD Recruiters and Retention Should recruiters be involved in retention? Should recruiters focus on bringing
More informationThe 5 Cybersecurity Concerns You Can t Overlook
The 5 Cybersecurity Concerns You Can t Overlook and how to address them 2014 SimSpace Corporation The 5 Cybersecurity Concerns You Can t Overlook CONCERN 1 You don t know how good your cybersecurity team
More informationInternational Society of Exposure Science (ISES) Strategic Plan: Creating a Safer and Healthier World by Advancing The Science of Exposure 2008 2011
International Society of Exposure Science (ISES) Strategic Plan: Creating a Safer and Healthier World by Advancing The Science of Exposure 2008 2011 Executive Summary Changes in the field of exposure have
More informationImproving Cyber Security Risk Management through Collaboration
CTO Corner April 2014 Improving Cyber Security Risk Management through Collaboration Dan Schutzer, Senior Technology Consultant, BITS Back in March 2013, I wrote a CTO Corner on Operational and Cyber Risk
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationMANAGING THE EMPLOYEE LIFECYCLE
MANAGING THE EMPLOYEE LIFECYCLE Current Position Jose Laurel Experience & Expertise 16 years experience in management, operations, marketing and international commerce Prior to G&A, served as country manager
More informationOne similarity among most successful organizations is strong leadership with a topdown
THE HIGH PERFORMANCE PORTFOLIO: ORGANIZATIONAL APPROACHES TO ENERGY MANAGEMENT SUMMARY: Successful energy management requires that responsibilities for energy performance are clearly defined within the
More informationSystematizing selling: applying a framework for a more effective sales force
Article Systematizing selling: applying a framework for a more effective sales force 34 Volume 5 Issue 2 Getting people to part with their cash in these tough economic times is hard enough for successful
More informationINSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL
INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL BY 2 In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus
More informationDepartment of Defense Cyberspace Workforce Strategy. December 4, 2013. Approved for public release: distribution unlimited.
Department of Defense Cyberspace Workforce Strategy December 4, 2013 Approved for public release: distribution unlimited. DoD Cyberspace Workforce Strategy Introduction Cyberspace is acknowledged as a
More informationSecurity Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary
Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary 2 Security Technology Vision 2016 Empowering Your Cyber Defenders to Enable Digital Trust Fighter
More informationRoot Cause Analysis Concepts and Best Practices for IT Problem Managers
Root Cause Analysis Concepts and Best Practices for IT Problem Managers By Mark Hall, Apollo RCA Instructor & Investigator A version of this article was featured in the April 2010 issue of Industrial Engineer
More informationRe-Imagining the Cyber Warrior of the Future
CSO Vantage Point : Re-Imagining the Cyber Warrior of the Future Close The Gap Today, Win the Fight Tomorrow Jeff Schilling Chief Security Officer FireHost The War is Real Perhaps James R. Clapper, U.S.
More informationCybersecurity Education
Cybersecurity Education Issues & Approaches Derek A. Smith Director of Cybersecurity Initiatives at Excelsior College AFCEA November 18, 2014 Where we are now! Symantec: In a world of increased cybersecurity
More informationHearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission
Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government
More informationTHE EVOLUTION of Talent Management Consulting
Talent management consulting is the giving of professional, expert advice to executives who are put in charge of handling, directing, or managing those who have a capacity for achievement or success. THE
More informationAgile Cloud-Enabled Services (ACES)
Experience the commitment WHITE PAPER The future of public sector ERP: Agile Cloud-Enabled Services (ACES) The landscape for public sector enterprise resource planning (ERP) system deployments is changing
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationUsing Predictive Analytics To Drive Workforce Optimization. New Insights From Big Data Analysis Uncover Key Drivers of Workforce Profitability
Using Predictive Analytics To Drive Workforce Optimization New Insights From Big Data Analysis Uncover Key Drivers of Workforce Profitability Using Predictive Analytics To Drive Workforce Optimization
More informationCyberM 3 Business Enablement: Cybersecurity That Empowers Your Business with Comprehensive Information Security
CyberM 3 Business Enablement: Cybersecurity That Empowers Your Business with Comprehensive Information Security The Challenge Is Constant: Complex Operations Are Ripe for Cyber Attack Sophisticated, complex
More information