Re-Imagining the Cyber Warrior of the Future



Similar documents
An Accelerated Pathway to Careers in Cybersecurity for Transitioning Veterans. NICE Annual Conference November 2015

WRITTEN TESTIMONY OF

PENETRATION TESTING GUIDE. 1

Bridging the Cybersecurity Talent Gap Cybersecurity Employment and Opportunities for Engagement

CYBER SECURITY TRAINING SAFE AND SECURE

The Path Ahead for Security Leaders

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

PREPARE YOUR INCIDENT RESPONSE TEAM

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

RETHINKING CYBER SECURITY

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

Defending Against Data Beaches: Internal Controls for Cybersecurity

The Value of Automated Penetration Testing White Paper

The National Cybersecurity Workforce Framework Delaware Cyber Security Workshop September 29, 2015

Workforce Planning Benefits

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Uncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

ISACA S CYBERSECURITY NEXUS (CSX) October 2015

The True Story of Data-At-Rest Encryption & the Cloud

TRANSATLANTIC CYBER SECURITY SUMMIT

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Cyber Security Risks for Banking Institutions.

Nine Cyber Security Trends for 2016

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Overcoming Five Critical Cybersecurity Gaps

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

WRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET

El Camino College Homeland Security Spring 2016 Courses

Middle Class Economics: Cybersecurity Updated August 7, 2015

Top Fraud Trends Facing Financial Institutions

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Testing the Security of your Applications

Redefining Incident Response

The Sophos Security Heartbeat:

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Microsoft s cybersecurity commitment

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

SMALL BUSINESS REPUTATION & THE CYBER RISK

Fight fire with fire when protecting sensitive data

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends

CFO Changing the CFO Mindset on Cybersecurity

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Corporate Security in 2016.

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

The Next Generation Security Operations Center

Achieving Cybersecurity Excellence Through Evolution of the Nation's Cyber Workforce

The 5 Cybersecurity Concerns You Can t Overlook

AT A HEARING ENTITLED THREATS TO THE HOMELAND

Practical Threat Intelligence. with Bromium LAVA

Advanced Threat Protection with Dell SecureWorks Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cyber Learning Solutions

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

How to Reduce Web Vulnerability Scanning Times

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Odgers Berndtson Board Survey. Among CEOs in Denmark s largest corporations

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

BIG SHIFTS WHAT S NEXT IN AML

Building a Cyber Security Operations Center

The Four-Step Guide to Understanding Cyber Risk

Continuous Network Monitoring

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Transcription:

CSO Vantage Point : Re-Imagining the Cyber Warrior of the Future Close The Gap Today, Win the Fight Tomorrow Jeff Schilling Chief Security Officer FireHost

The War is Real Perhaps James R. Clapper, U.S. Director of National Intelligence, said it best in a February 2015 statement to the U.S. Senate Armed Services committee. Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact; the ranges of cyber threat actors, methods of attack, targeted systems and victims are also expanding, Clapper stated, as reposted by The Washington Times. To quantify the issue, the Ponemon Institute reported that the average cost of a data breach jumped 23 percent in 2014. The study, Cost of Cyber Crime Study, commissioned by HP, found that organizations worldwide spent $7.4 million, on average, cleaning up after a breach. These organizations also require more time to resolve a data beach, climbing to 45 days, up from 32 days in 2013. While that may be a conservative average, a successful breach can easily span into the hundreds of millions. For example, Target s breach recovery efforts have cost the Minnesota-based retailer more than $160 million. Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact; the ranges of cyber threat actors, methods of attack, targeted systems and victims are also expanding. James R. Clapper U.S. Director of National Intelligence (DNI) While attack types, vectors and enemies grow in scale, number and veracity, the tools to combat and defend are extremely limited. Most unsettling, the No. 1 asset in countering attacks is also the most scarce: cybersecurity professionals.

209,000 and Climbing This deficiency in cybersecurity talent has skyrocketed to more than 209,000 unfilled jobs in the United States alone (up 74 percent), according to a recent PBS story. This need was further reiterated during President Barack Obama s cybersecurity summit at Stanford in February 2015, where cybersecurity experts and government leaders cautioned many times the critical shortage of skilled cyber warriors. In a perfect world, CSOs would pick up the secure red phone for a direct line to the cybersecuritytraining factory. Instantaneously, 200,000 cybersecurity professionals would be produced to quickly meet demand. Most education programs, at colleges and universities, can t offer the experiencebased training required to fill the widening talent gap. Jeff Schilling CSO FireHost Would you be able to successfully train a doctor in a year? It may be a simplification of the issue, but good cybersecurity professionals require years of training. Given the current shortage, it s easy to see the dire nature of the situation. This will not be an easy or fast fix. Unfortunately, the current situation is dire. Many senior-level executives even experts who work in the cybersecurity field lack much-needed understanding of what traits are most important when recruiting or hiring cybersecurity talent. What compounds this challenge? Most education programs, at colleges and universities, can t offer the experience-based training required to fill the widening talent gap. So, what do you look for in cybersecurity talent? How can our educational system work with industry leaders to accelerate the output of trained security professionals?

Directing the Searchlight Cybersecurity vendors and agencies can t discover and hire talent fast enough particularly in the current threat landscape. At FireHost, we average 50 to 60 resumes each week from prospects wanting to join the FireHost security team. Of those, maybe 5 percent meet our standards. Why? In short, colleges and universities do not prepare students for success in the cybersecurity field. This is my opinion based on three-plus years of post-military cybersecurity recruiting. When I do find a talented prospect with the right skillset, I rarely notice if they even have a degree. I value talent and experience. Cybersecurity is a skills-based profession one that s rooted in capability, experience, practice and aptitude. From my experience, universities and to an extent technical schools fail to mimic complex security environments, even for small- to mediumsized businesses. So, where are the cybersecurity specialists of the future?

Decipher: 3 Critical Job Functions The obvious conclusion: Hire and recruit talent away from companies where they are currently and successfully performing on the job. This strategy, however, has driven up the cost of skilled labor. It s no longer an option for most security teams. As a result, many vendors and security-conscious organizations are opting to discover and train their own talent. There are three major functions for providing IT service: host and application administration; computer programming; and network engineering. All three IT functions can directly pivot to a cybersecurity discipline: host forensics; malware analysis; and network forensics, respectively. In fact, if I had to choose between a universityeducated cybersecurity graduate or an IT specialist who is strong in sys admin, networking or programming, I will pick the IT specialist every time. The ideal prospect is often an individual who oversees a small IT shop, where they manage and execute in all three functions. A model cybersecurity pro must understand how the IT infrastructure works before they can understand how to protect against and find threat activity. The critical data that a security analyst has to understand when detecting threat activity relates to these three IT and security functions. When I screen resumes for security prospects, I look for experience in one or more of these fields of work, either as an IT specialist or security specialist. Map the Roles Trouble filling cybersecurity jobs? Review this simple breakdown on how standard IT jobs map to cybersecurity disciplines. IT Function Cybersecurity Discipline Host & Application Administration Host Forensics Computer Programming Malware Analysis Network Engineering Network Forensics

Are Certifications Valuable? Are certifications a valid indicator of talent? Yes and no. When you re able to successfully align related certifications with relevant job experience then, yes, certifications are significant. It s not always that clear, however. Many security prospects possess certifications but no track record of real experience related to those certifications. In these cases, certifications are not a good judge of talent. My trick is to look at an applicant s experience, then see what level of certifications they have been able to achieve. In this way, I use certifications as a validation that the prospects not only have experience, but also have passed a benchmark to demonstrate their skills and abilities. A red flag may rise when someone has many certifications that don t inherently go together. We call these individuals badge finders. A model cybersecurity pro must understand how the IT infrastructure works before they can understand how to protect against and find threat activity.? Jeff Schilling CSO FireHost

Reform for Higher Education This first suggestion is actually quite provocative: Eliminate cybersecurity undergraduate programs. In my opinion, security should be required and integrated into all computer science and engineering undergraduate programs. As we train our future sys admins, programmers and network engineers, we need to remain diligent in teaching the principles of cybersecurity. This approach will provide future cybersecurity pros a vast understanding in how IT infrastructure works and before they decide to specialize. Teaching Technical Trades The second solution is not nearly as proactive. We are critically short on security personnel with hands-on technical skills in managing security infrastructure a skill that does not take four years to learn and does not require a live environment to become proficient. What does this entail? Typically, it s the management of devices in a security stack (e.g., firewall, IPS/IDS, WAF, etc.). These talents are great opportunities for vendor-managed training programs and technical schools. This change also will have the inverse effect of ensuring our IT service providers are better grounded in security. This gives cybersecurity directors, managers and leaders, who are looking for entry-level security professionals, a broader group to assess. When needed, we may then leverage graduate and doctorate programs for specialization in security. The programs exist today, but we are not placing enough students into proper courses. Could government grants drive more students to look for this opportunity? Perhaps. It would also be advantageous for more vendors to work directly with technical schools to provide equipment and training packages to facilitate producing more cybersecurity wrenchturners for gear they hope to sell. CS Computer Science

Return of the Apprentice My last suggestion is core to classic professional training models that date back to the middle ages: Establish a master-apprentice framework for cybersecurity. In fact, I set up this model when I wished to accelerate the progression of forensic college hires in an incident response practice. The good news? We severely underestimated the success we would achieve in this mentoring program. Our forensics specialists were doing advanced work within just six to eight months. These recommendations, however, are moot unless implemented in a timely manner. Until a thoughtful, strategic plan is employed to change how industries find, train, educate and pair professionals to appropriate security jobs, there will remain a major shortage of specialists with the skills to help defend the dynamic cyber landscape. Placing security training at the core of all computer science and IT tracks is the first step in evolving how we prepare to properly defend valuable assets, information and digital identities. But it s only a start. Jeff Schilling CSO FireHost

About Jeff Schilling Jeff Schilling (Ret. Col., U.S. Army) is FireHost s chief security officer and is responsible for the cyber and physical security programs for the corporate environment and customer-hosted capabilities. Schilling retired from the U.S. Army after 24 years of service in July 2012. In his last assignment, Schilling was the Director of the U.S. Army s global Security Operations Center under U.S. Army Cyber Command. In this position, he was responsible for synchronizing the global security operations/monitoring and incident response for over 1 million computer systems, on 350 wide-area networks, supporting all U.S. Army organizations in more than 2,500 locations. Previous to this position, Schilling was the Director of the Department of Defense s (DOD) global Security Operations Center with Joint Task Force Global Network Operations, where he managed security operations and global incident management for over 4 million globally connected computer systems.

www.facebook.com/firehost www.twitter.com/firehost www.linkedin.com/company/firehost-inc. US UK 2360 Campbell Creek Boulevard, Suite 525 Richardson, Texas 75082 Phone: +1 877 262 3473 268 Bath Road, Slough, Berkshire, SL1 4DX Phone: +44 800 500 3167

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information