Presentation on theme: "Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group"— Presentation transcript:
www.olympussecurity.com Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group Email: email@example.com@olympussecurity.com Office – 248-608-6784
www.olympussecurity.com Current Events Virus Du Jour: –Stopping trains! –Widespread infection Blackout Identity Theft = $1B a year in losses for banks
www.olympussecurity.com Organizational Challenges Same problems year after year: –Companies still vulnerable to “common” viruses –Vendors not securing their products –Security Professionals not working from standard set of knowledge Culture of the Hacker
www.olympussecurity.com Discussion Points The Fed’s are coming ! 3 distinct views: –Employers –Practitioners –Knowledge Development Centers
www.olympussecurity.com Personnel Challenges (One of the major barriers to improving cyber security is…) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems." The National Strategy to Secure Cyberspace - February 2003
www.olympussecurity.com The Fed’s are Coming! Cybersecurity takes a backseat: –FUD –9/11…..WMD No standards, yet… Legislation pending
www.olympussecurity.com FUD Zero-day Viruses and affinity worms will sunder business records….brokerage house trading records will be scrambled, corporate networks molten…CEO’s humiliated. Howard Schmidt, Vice Chairman, CIP Board
www.olympussecurity.com Accreditation Board Movement afoot to formalize security profession: –Board forming now –Body of practice needs to be defined –Licensing process designed –Standards, standards, standards
Hiring Trends… 47% report hiring increased in the past year 29% reported staffing levels remained unchanged 19% reported decreases in security staff levels Global Security Survey, 2003: Deloitte
www.olympussecurity.com ITAA Employer Survey 60% not satisfied they can hire “right” security talent: –40% said it was hard to quantify candidates –36% interview process not well defined 81% recognize security as a “separate” profession
www.olympussecurity.com ITAA Employer Survey CISSP = Most Important (57%) Security + Vendor Specific CFE Sans GIAC ITAA Workforce Study, 2003
Acquiring Knowledge How do I learn the fundamentals needed to secure my environment? How do I acquire the skills to become a valuable employee in the security field?
www.olympussecurity.com Certifications CISSP CISA CFE Sans Security + CIA CBCP Cisco CheckPoint ISS RSA Microsoft Verisign Entrust Industry Vendors
www.olympussecurity.com Which item is the most important for showing your security skills to a potential employer during an interview? a. Resume b. Non-vendor security certifications c. Formal education in security discipline d. Vendor-specific product certifications e. Presenting at security conferences / classes Audience Poll
www.olympussecurity.com Education Trends Before - Mechanical - bits and bytes –Forensics programs –Intrusion-detection and prevention programs –Security technology standards development and other technical programs After - Business value and critical thinking –ROI –Business Process Analysis –Value Add –Business value and critical thinking. –ENABLEMENT
www.olympussecurity.com Security Education Less than 60 Phd candidates in INFOSEC / IA 17 Phd’s in IA granted so far (2003) 50 NSA COEs mostly focus on CIS- style programs Much more is needed…
www.olympussecurity.com National Training Standards Information Security Professionals –NSTISSI No. 4011 Information System Security Officers – NSTISSI No. 4014 Designated Approving Authority- NSTISSI No. 4012 System Administrators –NSTISSI No. 4013 System Certifiers- NSTISSI No. 4015 Risk Analyst – NSTISSI No. 40xx Being UpdatedUnder voteMost RecentUnder vote
www.olympussecurity.com Faculty Development & Recruitment Issues Lack of program development and credentialing opportunities 1800+ Universities and 15,000+ Faculty will be Affected Lack of “real world” Experience Traditional development model for educators is inadequate Tools and skills necessary
www.olympussecurity.com Local Excellence ? Walsh College (NSA COE) Eastern Michigan University University of Detroit Mercy (COE) Michigan State University Washtenaw Community College Independent Training
www.olympussecurity.com Closing… “An information War is coming someday…” –Richard Clarke, President’s Cyber security Czar, June 5, 2002.
Your consent to our cookies if you continue to use this website.