Presentation is loading. Please wait.

Presentation is loading. Please wait.

Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group

Similar presentations


Presentation on theme: "Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group"— Presentation transcript:

1 Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group Office –

2 Current Events Virus Du Jour: –Stopping trains! –Widespread infection Blackout Identity Theft = $1B a year in losses for banks

3 Organizational Challenges Same problems year after year: –Companies still vulnerable to “common” viruses –Vendors not securing their products –Security Professionals not working from standard set of knowledge Culture of the Hacker

4 Discussion Points The Fed’s are coming ! 3 distinct views: –Employers –Practitioners –Knowledge Development Centers

5 Personnel Challenges (One of the major barriers to improving cyber security is…) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems." The National Strategy to Secure Cyberspace - February 2003

6 The Fed’s are Coming! Cybersecurity takes a backseat: –FUD –9/11…..WMD No standards, yet… Legislation pending

7 FUD Zero-day Viruses and affinity worms will sunder business records….brokerage house trading records will be scrambled, corporate networks molten…CEO’s humiliated. Howard Schmidt, Vice Chairman, CIP Board

8 Accreditation Board Movement afoot to formalize security profession: –Board forming now –Body of practice needs to be defined –Licensing process designed –Standards, standards, standards

9 Employers

10

11 Hiring Trends… 47% report hiring increased in the past year 29% reported staffing levels remained unchanged 19% reported decreases in security staff levels Global Security Survey, 2003: Deloitte

12 ITAA Employer Survey 60% not satisfied they can hire “right” security talent: –40% said it was hard to quantify candidates –36% interview process not well defined 81% recognize security as a “separate” profession

13 ITAA Employer Survey CISSP = Most Important (57%) Security + Vendor Specific CFE Sans GIAC ITAA Workforce Study, 2003

14 Employee

15 Acquiring Knowledge How do I learn the fundamentals needed to secure my environment? How do I acquire the skills to become a valuable employee in the security field?

16 Certifications CISSP CISA CFE Sans Security + CIA CBCP Cisco CheckPoint ISS RSA Microsoft Verisign Entrust Industry Vendors

17 Which item is the most important for showing your security skills to a potential employer during an interview? a. Resume b. Non-vendor security certifications c. Formal education in security discipline d. Vendor-specific product certifications e. Presenting at security conferences / classes Audience Poll

18 KDC

19 Current State Training Programs –Boot camps –Certification factories Higher Education –Master’s Degree Programs –Certificate Programs Standards Movement

20 Higher Education Security Programs –Masters Degree –Undergraduate Degree –Certificate Programs –K through 12 !!

21 Education Trends Before - Mechanical - bits and bytes –Forensics programs –Intrusion-detection and prevention programs –Security technology standards development and other technical programs After - Business value and critical thinking –ROI –Business Process Analysis –Value Add –Business value and critical thinking. –ENABLEMENT

22 Security Education Less than 60 Phd candidates in INFOSEC / IA 17 Phd’s in IA granted so far (2003) 50 NSA COEs mostly focus on CIS- style programs Much more is needed…

23 National Training Standards Information Security Professionals –NSTISSI No Information System Security Officers – NSTISSI No Designated Approving Authority- NSTISSI No System Administrators –NSTISSI No System Certifiers- NSTISSI No Risk Analyst – NSTISSI No. 40xx Being UpdatedUnder voteMost RecentUnder vote

24 Faculty Development & Recruitment Issues Lack of program development and credentialing opportunities Universities and 15,000+ Faculty will be Affected Lack of “real world” Experience Traditional development model for educators is inadequate Tools and skills necessary

25 Local Excellence ? Walsh College (NSA COE) Eastern Michigan University University of Detroit Mercy (COE) Michigan State University Washtenaw Community College Independent Training

26 Closing… “An information War is coming someday…” –Richard Clarke, President’s Cyber security Czar, June 5, 2002.

27


Download ppt "Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group"

Similar presentations


Ads by Google