www.olympussecurity.com merit annual meeting preparing the security workforce of the future jeff...
TRANSCRIPT
www.olympussecurity.com
Merit Annual Merit Annual MeetingMeeting
Preparing the Security Workforce of the Future
Jeff RecorPresident, Olympus Security GroupEmail: [email protected] Office – 248-608-6784
www.olympussecurity.com
Current EventsCurrent Events
• Virus Du Jour:– Stopping trains!– Widespread infection
• Blackout• Identity Theft = $1B a year in
losses for banks
www.olympussecurity.com
Organizational Organizational ChallengesChallenges
• Same problems year after year:– Companies still vulnerable to
“common” viruses– Vendors not securing their
products– Security Professionals not working
from standard set of knowledge
• Culture of the Hacker
www.olympussecurity.com
Discussion PointsDiscussion Points
• The Fed’s are coming !• 3 distinct views:
– Employers– Practitioners– Knowledge Development
Centers
www.olympussecurity.com
Personnel Personnel ChallengesChallenges
(One of the major barriers to improving cyber security is…) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems." The National Strategy to Secure Cyberspace - February 2003
www.olympussecurity.com
The Fed’s are The Fed’s are Coming!Coming!
• Cybersecurity takes a backseat:– FUD– 9/11…..WMD
• No standards, yet…• Legislation pending
www.olympussecurity.com
FUDFUD
• Zero-day Viruses and affinity worms will sunder business records….brokerage house trading records will be scrambled, corporate networks molten…CEO’s humiliated.
Howard Schmidt, Vice Chairman, CIP Board
www.olympussecurity.com
Accreditation BoardAccreditation Board
• Movement afoot to formalize security profession:– Board forming now– Body of practice needs to be
defined– Licensing process designed– Standards, standards, standards
www.olympussecurity.com
Hiring Trends…Hiring Trends…
• 47% report hiring increased in the past year
• 29% reported staffing levels remained unchanged
• 19% reported decreases in security staff levels
Global Security Survey, 2003: Deloitte
www.olympussecurity.com
ITAA Employer ITAA Employer SurveySurvey
• 60% not satisfied they can hire “right” security talent:– 40% said it was hard to quantify
candidates– 36% interview process not well
defined
• 81% recognize security as a “separate” profession
www.olympussecurity.com
ITAA Employer ITAA Employer SurveySurvey
• CISSP = Most Important (57%)• Security + • Vendor Specific • CFE • Sans GIAC
ITAA Workforce Study, 2003
www.olympussecurity.com
Acquiring Acquiring KnowledgeKnowledge
• How do I learn the fundamentals needed to secure my environment?
• How do I acquire the skills to become a valuable employee in the security field?
www.olympussecurity.com
CertificationsCertifications
• CISSP• CISA• CFE• Sans• Security +• CIA• CBCP
• Cisco• CheckPoint• ISS• RSA• Microsoft• Verisign• Entrust
Industry
Vendors
www.olympussecurity.com
Which item is the most important for Which item is the most important for showing your security skills to a showing your security skills to a potential employer during an interview?potential employer during an interview?
a. Resumea. Resumeb. Non-vendor security b. Non-vendor security
certificationscertificationsc. Formal education in security c. Formal education in security
disciplinedisciplined. Vendor-specific product d. Vendor-specific product
certificationscertificationse. Presenting at security e. Presenting at security
conferences / conferences / classes classes
Audience Poll
www.olympussecurity.com
Current StateCurrent State
• Training Programs– Boot camps– Certification factories
• Higher Education– Master’s Degree Programs– Certificate Programs
• Standards Movement
www.olympussecurity.com
Higher EducationHigher Education
• Security Programs– Masters Degree– Undergraduate Degree– Certificate Programs
– K through 12 !!
www.olympussecurity.com
Education Trends Education Trends • Before - Mechanical - bits and bytes
– Forensics programs– Intrusion-detection and prevention programs– Security technology standards development
and other technical programs
• After - Business value and critical thinking– ROI– Business Process Analysis– Value Add– Business value and critical thinking.– ENABLEMENT
www.olympussecurity.com
Security EducationSecurity Education
• Less than 60 Phd candidates in INFOSEC / IA
• 17 Phd’s in IA granted so far (2003)
• 50 NSA COEs mostly focus on CIS-style programs
• Much more is needed…
www.olympussecurity.com
National Training National Training StandardsStandards
Information Security Professionals –NSTISSI No. 4011
Information System Security Officers –NSTISSI No. 4014
Designated Approving Authority- NSTISSI No. 4012
System Administrators –NSTISSI No. 4013
System Certifiers- NSTISSI No. 4015
Risk Analyst – NSTISSI No. 40xx
Being Updated
Under vote
Most Recent
Under vote
www.olympussecurity.com
Faculty Faculty Development & Development &
Recruitment IssuesRecruitment Issues• Lack of program development
and credentialing opportunities • 1800+ Universities and
15,000+ Faculty will be Affected• Lack of “real world” Experience• Traditional development model
for educators is inadequate • Tools and skills necessary
www.olympussecurity.com
Local Excellence ?Local Excellence ?
• Walsh College (NSA COE)• Eastern Michigan University• University of Detroit Mercy
(COE)• Michigan State University• Washtenaw Community College • Independent Training
www.olympussecurity.com
Closing…Closing…
• “An information War is coming someday…”
– Richard Clarke, President’s Cyber security Czar, June 5, 2002.