Upload
stephen-cobb
View
348
Download
1
Embed Size (px)
DESCRIPTION
I created this presentation, "Cyberskills shortage:Where is the cyber workforce of tomorrow" for a webinar to raise awareness of the need to educate more people about cybersecurity. The webinar recording is here: https://www.brighttalk.com/webcast/1718/106371
Citation preview
Cyberskills shortage:Where is the cyber workforce of tomorrow
Stephen Cobb, CISSPSecurity Researcher, ESET NA
What is on the agenda?
• Numerous studies show a serious shortage of qualified people to fill IT jobs of all kinds today
• Shortage even more dire for jobs requiring cyber security skills
• Discuss implications, look at ways to cope, while improving cyber security education & training
Cyber security skills
• Cyber security is the realm of problems arising from the use of digital technology
• Cyber security skills tackle those problems
Notes on language
• We take “cyber security” to mean all aspects of information system security
• We will be using “cyber” as short for “cyber security”
Question #1Is your organization experiencing a cyber skills shortage?
Yes No I’m not sure I don’t work for an
organization
What’s the problem?
• Cybersecurity jobs now represent nearly 10% of all IT jobs
• 209,749 postings for cybersecurity-related jobs in the U.S in 2013
• Burning Glass Technologies
Many of those cyber security postings are going unfilled
What’s the problem?
• Cybersecurity postings have grown 74% from 2007 - 2013.
• 2x faster than all IT jobs• Cybersecurity job postings took
24% longer to fill than all IT job postings 36% longer than all job postings
Burning Glass
Demand is outstripping supply
• In US, employers posted 50,000 jobs requesting CISSP, recruiting from a pool of 60,000 CISSP holders
Cyber security shortfall
• By 2014, the industry will still be short more than a million security professionals across the globe– Cisco 2014 Annual Security Report
• In my research/conversations:– Estimates of the shortfall of
qualified cybersecurity workers in the U.S. alone range from 50,000 well into six figures
What’s driving demand?
• Huge surge in demand across both private and public sectors
• Pentagon to triple cybersecurity personnel over next several years to bolster US national security
• Will have 1,800 cyber professionals end of 2014 but 6,000 by 2016– Defense Secretary Chuck Hagel
– Reuters, March 29, 2014
Organized cybercrime rolls on
• Organized crime and petty criminals diversifying into cyber
• Risks and barriers to entry are low• Lack of leadership hampers the
law enforcement response
Supply-side factors
• Not enough people have cyber security skills and many skilled cyber folks nearing retirement
• DHS reports– 80% of those currently working in
cybersecurity are 40 or older – Less than 6% are 30 or younger– 32% eligible for retirement now or
within the next three years
Improve supply
• We are not training enough (young) people in cyber security
• We are not good at hiring good cyber security people– I feel your pain!
How to increase cyber workforce
• Nurture• Educate• Train• Hire• Rent• Import• Rationalize• Go outside the
box
Nurture
• Get kids excited about cyber early • Not enough kids are “interested” • 82% of millennials (born between
early 1980s and early 2000s) say:– Careers in cybersecurity were
never presented
Nurture: STEM education
• Schools not offering compelling computer science classes
• Computer science courses often lack security component
• Only 9 statescount comp-scifor high school graduation
Nurture: going beyond
• Project Lead The Way• PLTW.org
Nurture: Partnerships
• Life Journey• LifeJourney.us
Nurture: Community
• Securing Our eCity• SecuringOureCity.org
Train
• Not all cyber security jobs require degrees (even though some firms do)
• Training and certification is a viable path to building knowledge and skillset
The training dilemma
• Company objects to training because “sometimes employees leave after training”
• But which is worse:– You train them and they leave– You don’t train them and they stay
Hiring
• You can train existing employees for cyber roles or hire fresh talent
• Hiring the right people is not as easy as you might think
• Many job postings are ridiculously long and demanding
• Many “requirements” are not really required
You need experts to hire experts
• Be honest, are your HR and managers capable of properly assessing cyber talent?
• If not, enlist help• Do not use degrees and massive
requirements to CYA• Because they won’t CYA if you
make a bad hire who has all the right paper requirements
Question #2Does your organization have “in-house” cyber security talent on staff or do you use outside experts?
Yes No I don't know I don’t work for an
organization
Rent
• Outsourcing your IT security is a viable option– All of cyber security – Or select functions
• Certified consultants• Managed Service Providers
You can’t outsource
• Your responsibility to protect data• And you still need all employees to
understand their roles in maintaining security of company data and systems
Import
• The H-1B visa problem
• More than half of science doctoralgraduates from U.S. schools have to leave the country
• Hostage to largerimmigration reform
Rationalize
• Are your security staff employed efficiently?
• Can you outsource or automate some of the busy work, like network monitoring or log file review?
• Be realistic and factor skills shortage into business plans
Question #3Does your organization offer internships in IT and/or IT security?
Yes No Not sure I don’t work for an
organization
Think outside the box
• Women!• Students!• Interns!• Sponsorship!• Community!
Resources
• CODE > code.org• STEM > ed.gov/stem• SOeC > securingourecity.org• ISSA > issa.org• CompTIA > comptia.org• (ISC)2 > isc2.org
The bigger picture
• What is driving demand?• Cyber crime and cyber conflict• Arrest more of the real cyber
criminals and give them harsher sentences
• Rein in nation state cyber forces
To recap
• The country needs more workers who “get” cyber security
• Multi-pronged strategy is required– Get better at identifying cyber
talent– Better training of more people,
across all age ranges, genders – Get tough on cyber crime– De-escalate cyber conflicts
Thank you!
• [email protected]• www.eset.com• WeLiveSecurity.com
Polling Question: I would like access to the following:
Request access to the Passmark Competitive Analysis Report
Request a custom business trial Subscribe to ESET’s global threat
report All of the above None of the above
Q&A Discussion