Upload
omar-croson
View
213
Download
0
Embed Size (px)
Citation preview
www.olympussecurity.com
Merit Annual Merit Annual MeetingMeeting
Preparing the Security Workforce of the Future
Jeff RecorPresident, Olympus Security GroupEmail: [email protected] Office – 248-608-6784
www.olympussecurity.com
Current EventsCurrent Events
• Virus Du Jour:– Stopping trains!– Widespread infection
• Blackout• Identity Theft = $1B a year in
losses for banks
www.olympussecurity.com
Organizational Organizational ChallengesChallenges
• Same problems year after year:– Companies still vulnerable to
“common” viruses– Vendors not securing their
products– Security Professionals not working
from standard set of knowledge
• Culture of the Hacker
www.olympussecurity.com
Discussion PointsDiscussion Points
• The Fed’s are coming !• 3 distinct views:
– Employers– Practitioners– Knowledge Development
Centers
www.olympussecurity.com
Personnel Personnel ChallengesChallenges
(One of the major barriers to improving cyber security is…) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems." The National Strategy to Secure Cyberspace - February 2003
www.olympussecurity.com
The Fed’s are The Fed’s are Coming!Coming!
• Cybersecurity takes a backseat:– FUD– 9/11…..WMD
• No standards, yet…• Legislation pending
www.olympussecurity.com
FUDFUD
• Zero-day Viruses and affinity worms will sunder business records….brokerage house trading records will be scrambled, corporate networks molten…CEO’s humiliated.
Howard Schmidt, Vice Chairman, CIP Board
www.olympussecurity.com
Accreditation BoardAccreditation Board
• Movement afoot to formalize security profession:– Board forming now– Body of practice needs to be
defined– Licensing process designed– Standards, standards, standards
www.olympussecurity.com
Hiring Trends…Hiring Trends…
• 47% report hiring increased in the past year
• 29% reported staffing levels remained unchanged
• 19% reported decreases in security staff levels
Global Security Survey, 2003: Deloitte
www.olympussecurity.com
ITAA Employer ITAA Employer SurveySurvey
• 60% not satisfied they can hire “right” security talent:– 40% said it was hard to quantify
candidates– 36% interview process not well
defined
• 81% recognize security as a “separate” profession
www.olympussecurity.com
ITAA Employer ITAA Employer SurveySurvey
• CISSP = Most Important (57%)• Security + • Vendor Specific • CFE • Sans GIAC
ITAA Workforce Study, 2003
www.olympussecurity.com
Acquiring Acquiring KnowledgeKnowledge
• How do I learn the fundamentals needed to secure my environment?
• How do I acquire the skills to become a valuable employee in the security field?
www.olympussecurity.com
CertificationsCertifications
• CISSP• CISA• CFE• Sans• Security +• CIA• CBCP
• Cisco• CheckPoint• ISS• RSA• Microsoft• Verisign• Entrust
Industry
Vendors
www.olympussecurity.com
Which item is the most important for Which item is the most important for showing your security skills to a showing your security skills to a potential employer during an interview?potential employer during an interview?
a. Resumea. Resumeb. Non-vendor security b. Non-vendor security
certificationscertificationsc. Formal education in security c. Formal education in security
disciplinedisciplined. Vendor-specific product d. Vendor-specific product
certificationscertificationse. Presenting at security e. Presenting at security
conferences / conferences / classes classes
Audience Poll
www.olympussecurity.com
Current StateCurrent State
• Training Programs– Boot camps– Certification factories
• Higher Education– Master’s Degree Programs– Certificate Programs
• Standards Movement
www.olympussecurity.com
Higher EducationHigher Education
• Security Programs– Masters Degree– Undergraduate Degree– Certificate Programs
– K through 12 !!
www.olympussecurity.com
Education Trends Education Trends • Before - Mechanical - bits and bytes
– Forensics programs– Intrusion-detection and prevention programs– Security technology standards development
and other technical programs
• After - Business value and critical thinking– ROI– Business Process Analysis– Value Add– Business value and critical thinking.– ENABLEMENT
www.olympussecurity.com
Security EducationSecurity Education
• Less than 60 Phd candidates in INFOSEC / IA
• 17 Phd’s in IA granted so far (2003)
• 50 NSA COEs mostly focus on CIS-style programs
• Much more is needed…
www.olympussecurity.com
National Training National Training StandardsStandards
Information Security Professionals –NSTISSI No. 4011
Information System Security Officers –NSTISSI No. 4014
Designated Approving Authority- NSTISSI No. 4012
System Administrators –NSTISSI No. 4013
System Certifiers- NSTISSI No. 4015
Risk Analyst – NSTISSI No. 40xx
Being Updated
Under vote
Most Recent
Under vote
www.olympussecurity.com
Faculty Faculty Development & Development &
Recruitment IssuesRecruitment Issues• Lack of program development
and credentialing opportunities • 1800+ Universities and
15,000+ Faculty will be Affected• Lack of “real world” Experience• Traditional development model
for educators is inadequate • Tools and skills necessary
www.olympussecurity.com
Local Excellence ?Local Excellence ?
• Walsh College (NSA COE)• Eastern Michigan University• University of Detroit Mercy
(COE)• Michigan State University• Washtenaw Community College • Independent Training
www.olympussecurity.com
Closing…Closing…
• “An information War is coming someday…”
– Richard Clarke, President’s Cyber security Czar, June 5, 2002.