The New Frontier of Cyber Security

Technological advances are constantly transforming the cyber security landscape with emerging threats and risks.  We are now entering a period of innovation enabling the interaction between cyber, such as smartphones and the Internet, and physical systems, such as electricity distribution, automobiles, and the human body.  These new advancements span a large breadth of industry sectors including transportation, healthcare, building and construction, manufacturing, and utilities.  The Internet of Things makes consumer level cyber physical systems a reality with smart phone connectivity for home automation and automobiles.  Cyber physical systems and the Internet of Things are founded in the collecting and sharing of data, thus creating a plethora of opportunities in big data and predictive analytics.  While cyber physical systems advances solve problems and create efficiencies through improved performance and functionality, they also open up systems to new vulnerabilities and attacks.

We are on the verge of the perfect storm of rapid modernization, workforce shortages, and aging approaches that is driving cyber security into uncharted territory.  This new era of connectivity through cyber physical systems and the Internet of Things is creating unprecedented demand for cyber security professionals.  A Stanford University study estimated 209,000 unfilled cybersecurity jobs in the U.S., up 74% over the past 5 years.  Cisco warns that the worldwide shortage of cybersecurity professionals has exceeded 1 million.  The Bureau of Labor Statistics expects the demand for cybersecurity professionals to grow by 53% by 2018.  Industries that traditionally haven’t required positions for cyber security professionals are now creating dedicated cyber security teams.  The cybersecurity workforce shortage will lead to increased exploits of networks and data, many of which can be prevented with new security practices.  We’ve already seen examples of cyber attacks in this new territory including Target, Jeep Cherokee, and Bowman Dam with reactive responses instead of proactive approaches.  There is a need for cyber security professionals to create and support new approaches and models for securing cyber physical systems.  Additionally, there is a need for cyber security professionals with an understanding of big data and the analytics to process the wealth of cyber information generated by these new technologies.

The new frontier of cyber security is creating a revolutionary cyber security professional.  New roles in cyber security are emerging and will continue to grow as technology adoption increases.  These roles include data science and cyber data analytics, which involve machine learning and data mining tools such as Splunk, Hadoop, and Python.  The new cyber security professional will use data science and analytics skills to harness the vast amount of data to create new insights and stronger proactive cyber defenses.  In addition to a strong data science skillset, the new cyber security professional will possess a variety of interdisciplinary skills across technology, computer science, policy, leadership, and psychology.  Softer skillsets include communications, problem solving, creative thinking, adaptability, and autodidactism.

As we embark on this exciting new adventure of technology innovation, we are presented with a field for discovery and the opportunity to expand the boundaries of our knowledge in the new frontier of cyber security with the avant-garde cyber security professionals as our pioneers.

 

Originally published in the University of Virginia Thoughts from the Lawnhttp://alumni.virginia.edu/learn/2016/05/09/the-new-frontier-of-cyber-security/

2016: The Year of Epic Cybersecurity Workforce Shortages

I’ve seen dozens of 2016 information technology and security predictions over the past few weeks – ranging from possible to probable to occurring. Many center around 2016 becoming the year of IoT attacks and the cyber criminal’s ever-evolving arsenal of exploits. Regardless of whether any of these 2016 predictions are realized, a highly probable concern for 2016 is the widening cybersecurity skills shortage.

In 2015 we saw high profile attacks on organizations such as OPM, JP Morgan, and Anthem and thousands of other less high profile attacks. During this time we also saw unprecedented demand for cybersecurity professionals. A Stanford University study estimated 209,000 unfilled cybersecurity jobs in the U.S., up 74% over the past 5 years. Cisco warns that the worldwide shortage of cybersecurity professionals has exceeded 1 million. The Bureau of Labor Statistics expects the demand for cybersecurity professionals to grow by 53% by 2018.

As we move in to 2016 we will continue to see the demand for cybersecurity professionals outpace the supply. This cybersecurity workforce shortage will lead to increased exploits of organization’s networks and data, many of which could be prevented with common security practices. There just aren’t enough cybersecurity staff to implement, maintain, and monitor the organization’s security protections. It’s easy to see that gaps in cybersecurity workforce = gaps in enterprise security.

Why aren’t more people pursuing cybersecurity careers? Especially since U.S. News and World Report ranked a career in information security eighth on its list of the 100 best jobs for 2015. It’s likely due to poor communication of the types of cybersecurity careers available and paths to pursue them. When many people think of cybersecurity careers they think of the hardcore technical roles that require in-depth computer science and programming skills. However, many of the positions in demand span a breadth of technical and non-technical capabilities. Cybersecurity roles extend beyond the core technology aspects of security to include risk, legal, business, and other non-technical cybersecurity needs. Many people moving into cybersecurity careers have diverse backgrounds including law enforcement, psychology, legal, game development, and management to name a few. Skillsets for those seeking careers in cybersecurity include excellent written and verbal communications, problem solving skills, creative thinking, adaptability, leadership, and mentorship ability. Due to the ever-evolving nature of technology and security, cybersecurity professionals should also have a passion for continued learning and possess strong self-learning skills.

For those interested in pursuing a cybersecurity career, I suggest that you first build a foundation of knowledge through education and certification. There are a number of universities that offer undergraduate and graduate programs in cybersecurity. The University of Virginia’s School of Continuing and Professional Studies offers a Certificate in Cybersecurity Management – an online, part-time, 6 course, graduate level certificate for those interested in the strategy, policy, assessment, ethics, legal, and regulatory aspects of cybersecurity. There are also a number of commercial companies that offer cybersecurity certification including ISC2, EC-Council, and SANS.

Let’s make 2016 the year we start closing the cybersecurity workforce shortage. I am happy to speak with anyone interested in pursuing a career in cybersecurity to provide advice and guidance on your career path. Please feel free to reach out to me and have a happy and secure new year!