Looking to the Millennials for Careers in Cyber-security

cybersecurity image

There is little argument that a severe shortage of information security professionals is the leading concern for employers looking to secure their data systems. In this “breach-a-day era”, where a new major cyber-security incursion is revealed nearly every day, it is impossible to deny the shortage of cyber-security professionals and the impact it is having on the effort to respond to the hacking war. And industry experts say it’s only likely to get worse.

At this year’s Black Hat USA 2014 conference the topic took center stage, and more often than not, the conference floor as well as more than one security firm openly sought resumes from anyone and everyone. The International Information Systems Security Certification Consortium has calculated that more than 300,000 cyber-security professionals are needed to maintain and manage business systems.

Just this week, the director of the National Security Agency announced that an additional 1,000 cyber-security professionals will be hired by his agency over the next three years to work on Department of Defense cyber-security initiatives. Demand for cyber-security professionals is growing 3.5 times faster than the overall IT job market and 12 times faster than the total labor market.

Industry leaders are looking to the next generation to fill the open positions but while Millennials, those who are aged 18 to 26, don’t understand the importance of system security as a profession. Among the age segment,  60 percent were unaware of the cybersecurity profession and what the job involves, making them less likely to pursue a career in the field. “There’s an information gap,” Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), has said.

Almost two-thirds of the respondents in a recent survey indicated that high school computer classes did not provide the skills needed to pursue a career in cybersecurity or a related degree in college. According to Jeff Jacoby, program engineering director of cybersecurity at Raytheon, “We have to develop programs and we have to develop curriculum and we have to have a mature conversation around career opportunities.”

The answer to filling most of the security jobs may not be found in advanced college degrees in cyber-security but rather with individuals, often called “computer geeks, who demonstrate a unique skill-set and experience with data systems and their inner-workings. Being a certified “Computer Geek” may just trump a Master’s Degree in Computer Science at a time when responding to a crisis and getting a solution implemented is more important than analysis.

Filling the demand in the future will require the union of efforts of secondary schools, technical educators, colleges and industry leaders. The vast majority of Millennials, 87 percent, are reported to believe they have a personal responsibility for keeping themselves safe online. We just have to convince many more of them to consider a career that will keep the rest of us cyber-safe as well.

Cost of Cyber-Crime Surging in a World Economy



Cyber Access Security

According to new research from the Ponemon Institute, the annual cost of cybercrime to U.S. organizations has topped 12.7 million, an increase of 96% in the past five years. The average cost to resolve a single company attack exceeds $1.6 million with a single incursion costing as much as $61 million. The average time to resolve a cyber-attack climbed to 45 days, up from 32 days in 2013.

The highest annual cost per organization was reported in the energy and utilities and defense industries, but major breeches involving the retail industry have more than doubled since 2009. More than 55% of all cybercrime costs per organization were caused by denial of services, malicious insiders and malicious code. The time it takes to detect and resolve a cyber-attack has increased by 33% or 170 days and once detected the average time to resolve a cyber-attack is about 45 days.

It is not just organizations in the United States that are bearing the increase in costs; the global costs associated with cybercrime could be even more staggering. A recent report, “Estimating the Global Cost of Cybercrime”, by McAfee reveals that the world economic impact of cyber insecurity could top $575 billion a year. The report warns that as more businesses and consumers move online and more devices connect to the internet of things, cybercrime will continue to grow. Intellectual property (IP) theft will also increase as those countries which acquire it become more adept at building a competitive advantage.

IP theft, performed almost exclusively by insiders, will costs U.S. businesses more than $250 billion a year. Business information such as billing records, price lists, source codes, proprietary software, customer information and proprietary data leads the list of favored, ill-gotten bounty. The majority of IP theft is committed by company engineers, scientists, managers, or programmers usually within 30 days of leaving an existing employer for greener pastures. The majority of inside criminals use a network email, a remote network access channel, or network file transfer to remove the stolen data. “Most organizations are aware of the security threats posed by outsiders, but the malicious insider within their own ranks may pose an even greater risk,” said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp.

Tony Caine, vice president and general manager for enterprise security at EMEA, said in a recent article in Infosecurity, “An infrastructure is only as secure as its weakest link and in many cases this is caused by human error and, no matter the complexity of the defenses in place, basic security procedure still needs to be carried out – secure passwords and increased workforce awareness.”

What steps is your business taking to protect against IP theft?

Image courtesy www.freeimages.com

Exercise Caution When Burning Bridges on Camera

Leaving image


It is no secret that leaving a job can be very stressful, which may be one reason so many employees today are managing to mess-up the process. Breaking up is full of emotions and left unchecked can often lead to memorable moments of poor manners, inappropriate personal conduct or career damaging behavior. Even with the current tight job market, some disgruntled employees are losing their senses when demonstrating their lack of ability and foresight to politely call it quits with a current employer.

Recently a TV news reporter for an Alaska television station quit her job with a very public and memorable sign-off.  After finishing a segment on a pro-pot organization dedicated to promoting legislation to legalize marijuana, the reporter boldly announced that she was resigning her reporter job immediately to focus on supporting the organizations efforts. The resignation, complete with expletives left no mindful doubt, either for the employer or the thousands of viewers who found themselves sharing the experience, about the employees intent.  Either the she felt like she would never again need a job or she was clearly sampling too much of the subject matter detailed in her report.

While it is tempting for an employee to blame an employer for an unhappy relationship, incompatibility is most often a shared responsibility of both sides to the equation and the hurt, disappointment and negative emotions can be felt on both sides of the employee/employer relationship. Not long ago leaving a company was thought to be the ultimate criticism of an employer and was considered a sign of disloyalty. Remarriage was usually out of the question.

But a study titled, “Gone Today but here Tomorrow: Extending the Unfolding Model of Turnover to Consider Boomerang Employees”, was recently published in Personal Psychology and indicates that “boomerang” employees, or workers who return to a company after leaving voluntarily, can make-up about 10 to 20 per cent of an organization’s new hires. Rehiring former employees can offer substantial cost benefits for employers and potential career advantages for the returning employee.

The study found that repeat workers tend to be more familiar with company policies, procedures and culture and often show a higher level of loyalty upon their return engagement. Some estimates indicate that a typical Fortune 500 company will save $12 million annual by hiring former employees and some returning workers have learned just how beneficial their once former employers were to their career interest. The experience an employee received from working for someone else usually results in a fresh perspective and new insights for both the employee and the company.

The process of leaving a current employer should be respectful, to the employer and the soon to be former colleagues, and sufficiently polite to garner a future invitation to return. Making an exit should not exclude the possibility that someday you may look favorably on an opportunity to return.

And remember, if demonstrating your technique for burning a bridge on camera, a video will capture a failing career performance that can last forever.

Photo courtesy of http://www.freeimages.com/

Does Failing to Secure Customers Data Constitute Criminal Negligence?


The vendor supplying point of sale systems to hundreds of restaurants has announced that it is the most recent victim of data stealing malware. Jimmy John’s chain of gourmet sandwich restaurants recently announced that they experienced a breach of customer credit card numbers, addresses and verification codes at 216 of their outlets located in 40 states. Signature Systems Inc. (SSI) is the vendor providing POS Systems for Jimmy John’s Restaurants and has stepped forward to say that, along with the Jimmy John’s locations, an additional 108 different restaurants have been compromised as well. Those stores impacted include local pizza restaurants, bakeries and bagel shops located in 18 states. The disclosure is the latest since the U.S. Secret Service recently announced that more than 1,000 small businesses could be affected by Backoff, a POS malware designed to capture customer credit card and personal information at the point of purchase.

This newest attack comes shortly after the release of a new study conducted by HyTrust which indicates that consumers are becoming increasingly frustrated and angered about the persistent violations of their personal information. The study revealed that more than half of the respondents indicated that they would take their business elsewhere after their information was breached and nearly as many felt that the company directors and management should be held criminally negligent for the breach of trust. The response should send chills through board rooms and executive suites throughout companies across America. Consumers are convinced that corporate management is not doing enough to stop the unwanted intrusions and loss of personal data.

Among all the different types of data being stolen, consumers reserve their biggest concern is for the loss of their social security number. While the loss of credit card numbers, emails and addresses can cause inconvenience and mayhem for consumers and companies alike, the social security numbers can lead to an individual losing their very identity.  Eric Chiu, president and co-founder of HyTrust, recently told eWEEK that, “This is the ultimate threat to consumers because it can ruin their finances and have serious, long-term impacts on their lives.”

Cybersecurity experts have been warning companies for some time now that the responsibility for securing their data systems needs to move up the management scale of and even into the board rooms. While large scale breaches are having a crippling effect on profits and operating costs for those who have fallen victim to a major breach in security, adding criminal liability to the experience would tend to have a compounding effect on company managers and officers who fail to heed the warning to beef-up their security efforts.

Drafting Cybersecurity Experts To Government Service

IR Blog 1001 GovtCyberSecuritycredit

The unrelenting wave of cybersecurity attacks across all sectors of business and governmental agencies is exacerbating an already challenging problem with the shortage of qualified cybersecurity professionals.  In an effort to address the serious shortage of IT professionals at the Department of Homeland Security (DHS), the US Congress is working on passing legislation that will make working for a government agency more attractive to qualified cybersecurity professionals.

The U.S. Senate passed the Border Patrol Agent Pay Reform Act of 2013, which includes the DHS Cybersecurity Workforce Recruitment and Retention Act. The Act would give additional authority and flexibility to the DHS Secretary to hire and retain an adequate IT security workforce. While the shortage is affecting the private sector as well, the problem is a greater struggle for the DHS and other governmental agencies that are not able to be competitive with the private sector in attracting and retaining the needed complement of cybersecurity professionals.

While the new effort provides for increased pay and benefits in order to improve government competitiveness, the one tactic legislators are best at – throwing more money at a problem – may not be enough to lure cyberexperts away from the private sector and into government service. “It’s always going to be difficult for the government to be competitive purely on the basis of pay,” says Franklin Reeder, co-founder and board member of the Center for Internet Security. “It may make a little bit of difference at the margin but, ultimately, folks of quality are drawn in for reasons other than pay. They can make a lot more money in the private sector, and they always will be able to. So, I’m a little bit skeptical of the claims that pay authority, in and of itself, will make a difference.”

The bill encourages the DHS to implement innovative ways to attract individuals with needed cybersecurity skills including appealing to IT candidates’ patriotism and government service.  A suggestion to develop a short term government service program where IT experts would volunteer for a two- or three-year paid stint in the service to their country is being floated, but absent a direct attack on the nation’s cyberinfrastructure, the voluntary aspect of such a program has many questioning its viability to attract much needed expertise.

The concern for the safety and security of the government’s massive information data systems is palatable across all agencies. A recent report issued by the Government Accountability Office showed that DHS had a 22 percent vacancy rate for cybersecurity skills. With state and nation-sponsored attacks on public and private sector systems on the rise, the shortage may have a more pronounced effect in months and years ahead. With recent mega-data breaches, allegedly originating from Eastern Europe and Asia, the size and scope of the criminals’ bounty begs heightened concern as to when and how the spoils will be used to influence government or private sector actions. In an interconnected world, being able to influence a nation’s utility infrastructure, financial institutions and economic viability can be a formidable weapon to counter.