What The Workforce Needs To Know
Equipping the workforce to buildand maintain cyber resilience systems.
Greg Jaeger, Senior Program MangerAdvanced Technology International
SSCA 2018 Spring Forum
July 2013 Event Analysis
39 17 11 30 302
patchdetect
CERT
first exploit
vendor alertexploit
shutdownrecoveryoperation
A Preventable Event – Must Self-Initiate Changes
••••
Team Challenge
“What can we do to use the existing data
and tools to become more aware of the
system’s cyber resilience in order to make
smart, risk-based decisions that best
utilize the finite resources?”
Situational Awareness
Action Decision Intelligence
System
Workforce
CybersecuritySDLCOperationsLeaders
Perception Comprehension Projection
Workforce & Situational Awareness*
* modified Endsley Model (1995)
Cross-Domain FeedbackCollab Code Build/Test Deploy Monitor
Continuous Collaboration → Proactive
Component Scans
Logging ChangesTriggers
Client Responses
Risk Repository
Situational Awareness
Action Decision Intelligence
Perception Comprehension ProjectionSystem
WorkforceCybersecuritySDLCOperationsLeadership
Cross-Domain Collaboration
Amplified Situational Awareness*
* modified Endsley Model (1995)
2013 vs 2017 Events vs Equifax
39 17 11 30 30
4 1 3 2 10
2
1
patchdetect
CERT
2013
2017
first exploit
Leadership Over Resources
5 DB: 75 (5/13-6/30)65 (3/8-5/12)Equifax
vendor alertexploit
shutdownrecoveryoperation
Who/How to Teach• Managers, IT (developers,
engineers, quality, testing, network, database, etc.), contracting, executive leadership
• Collaborative environment• Team facilitation and
elicitation• Rapid forensics and root-
cause analysis • Foreign system design, code,
components, • Risk decision making• Log dissection, correlation
and gap analysis• Limited tools for
resourcefulness
Education Gaps• Project Management with SDLC,
Operations, and DevOps• Real-world application of skills• Cross-domain collaboration• Team self awareness• Risk management• Data distillation and
normalization• System awareness• Library decomposition/analysis• Dataflow mapping• Software stack interface layers• Discerning valid / anomalous
traffic• Assessing vulnerability reports• Meaningful cybersecurity metrics
to senior leadership on system/program security posture
What Works• Engaged leadership
• Balance of all requirements
• System Knowledge
• Process feedback loops and refinement
• Quantitative, qualitative, and predictive analyses
• Actor, tactic, and component profiling
• Tactical and Strategic mitigation plans
• Repetitive team synthesis and experience is greater than individual roles (i.e., Bloom’s taxonomy of learning)
• Experience is a cross-domain multiplier
What Doesn’t Work• Waiting on alerts, patches, and
information sharing
• Compliance as the end-goal
• Disengaged Penetration Testing
• Software scans without context
• Awaiting third party and external one-directional communications
• Stovepipe stakeholders
• Regarding cyber reliance as an Information Technology, Developer, or Cybersecurity Division problem
• Contracts void of collaboration requirements
• Contract-mandated certifications
• Over-emphasis on tools, hacking, and compliance checklists
• Solicitations with inadequate emphasis of cybersecurity
QUESTIONS
?? ? ?
Greg JaegerSenior Program [email protected]
o: 843.760.3216c: 843.297.1341
Brian EleazerSenior System [email protected]
o: 843.760.3317c: 843.297.0740
Backups
Stakeholder Information Exchange
SystemOwner
HostProvider
System Manager
12
Recommended
