This month has been a month for cyber security making the news. This type of month is becoming commonplace. Between WannaCry2 and Petya Ransomware attacks being discussed on the local and internet news and international updates on the global reach, this discussion is becoming the norm in board rooms, dinning rooms and congress/parliament rooms.
With the news making breaches and the need to prevent news making breaches, jobs opportunities are multiplying. As people focus on cyber security as a career opportunity, the metrics on cyber security opportunities continue to show promising new career opportunities and growth. The recent IBM Institute for business value study, “It’s Not Where You Start — It is How You Finish’ Study references 700,000 cyber security professors are coming into retirement age and, “Frost & Sullivan predicts that the growing gap between available qualified cybersecurity professionals and unfulfilled positions will reach 1.8 million by 2022” in the 2017 Global Information Security Workforce Study: Women in Cybersecurity. Frost and Sullivan March 2017. This news mean people and businesses skilled in cyber security are in high demand and that means it a great discussion for this month’s update. Let’s begin….
The X-Force Exchange is a industry asset for all to use to be able to have insight into cyber security threats, vulnerabilities and current details on the dynamic space of cyber security. This exchange is on of my favorite resources to introduce to faculty and students who are established or becoming cyber security experts. This exchange provides and a community to collaborate and share in a white hat network. Below is a snapshot of the X-Force Exchange:
New York Times: Hacking Attack Has Security Experts Scrambling to Contain Fallout Leer en español By MARK SCOTT and NICK WINGFIELD MAY 13, 2017
While everyone does not need to be a white hat subject matter expert, the press worldwide is increasing awareness of how broad the impact is from many of the new and rehashed cyber attacks. This article, similar to a speaker on a recent panel, discusses how some targets were excluded and considered off-limits in the past are now fair game for new attacks. This reflects how the attacks and the targets are now changing over time.
IBM Institute for Business Value Studies
The IBM Institute for Business Value studies are free industry research studies available to everyone. I recently used the IBM Institute for Business Value “It’s Not Where You Start — It is How You Finish” Study for metrics for a panel at the GlobalMindEd Conference. This study provides an understandable point of reference for why and how cyber security skills can be developed outside of traditional channels with a focus on leveraging new collar skills. In addition, below are several additional security studies from the IBM Research team. The study on using cognitive tools and machine learning as a why to find the threat in the forest is another example of how this research is and can be used by industry, enterprises, academics and governments to improve responding to and preventing attacks.
It’s not where you start – it’s how you finish: Addressing the cybersecurity skills gap with a new collar approach
Updated 09 May 2017
Many cybersecurity jobs can be filled through a new collar approach, with less emphasis on degrees earned and more on skills developed.
Cybersecurity in the cognitive era: Priming your digital immune system
Updated 01 Nov 2016
In the cognitive era, organizations face well-known security challenges that lead to gaps in intelligence, speed and accuracy when confronting threats and incidents.
Cyber and beyond: Insurance and risk in a digitally interconnected world
Updated Nov 2016
To navigate the risks of the digitally interconnected environment, insurers must build the right solutions and collaborate extensively.
Verizon Data Breach Report 2017
In addition to the X-Force Exchange plus the wealth of assets that community offers, faculty have shared with me another key report they use: the annual Verizon Data Breach Report. To enable faculty and students for continuous education having access to multiple key sources for consolidated data will help better prepare them as cyber experts. Here is a snapshot breaking out the industries of the victims targeted, from that report:
Cost of data breach calculator
“Companies face the constant, rising threat of data breaches each year. But the cost of a breach differs for every organization. How much would it cost yours? This interactive experience can help calculate.” Frequently companies acknowledge they know they have a risk but they are unsure how to establish a dollar value on that risk. While this is a basic tool, it does provide a good starting point to quantify the risk:
As students and family members ask me about hot skills and internships, this is one site I reference both family, friends and students I have just met for the first time. This week I have tweet out information on internship positions @NASA and @FBIJOBS. The FBI and other US government institutions are doing a much better job showing how soldiers (men an women) are fighting a very different type of battle in 2017. The recent new 20/20 program uses Rocky Carroll to share real-life NCIS stories: http://www.cbsnews.com/videos/narrator-rocky-carroll-on-special-crime-series-48-hours-ncis/
IBM Academic Initiative Security Assets
Now that we have gone from metrics to the real-life NCIS, it’s time to discuss how we get industry assets into the real hands of the established and coming cyber security workforce. Faculty and students at accredited academic institutions have free access to IBM resources to use for teaching/learning and non-commercial research. The IBM Academic Initiative provides faculty access to software, courseware (with hands-on labs), studies, white papers, redbooks, educator guides and more to enable students to be more real world ready. Students today can go to http://onthehub.com/ibm/ and use the Student tab and leverage the IBM Security Learning Academy, use the AppScan service in the Bluemix Cloud and more. Here is an example of courseware content and industry software tools for faculty to make the student experience more of a hands-on industry experience in their classroom:
Wired: Cyber Security Section
Wire Magazine has an entire cyber security section worth bookmarking. While we read the high profile articles this level of focus and discussion is more on the ripple effect of not having the right investment in cyber security.
IBM Skills Academy Security Assets
The newest program IBM has developed to expedite supporting the academic world to improve positioning for students for jobs in high demand skills is the IBM Skills Academy. With the focus on new collar jobs and key skills area, we are deploying the IBM Skills Academy in the US today.
This program focuses on 16 career paths with faculty face to face training, badges, labs, pre-tests and proctored tests as part of the training.
We are beginning this program in the US with a few flagship academic leaders in each state. The IBM Skills Academy focuses on enabling faulty in critical skills areas with face to face training, hands on labs with industry tools, badges and more to quickly bring key skills being sought by today and tomorrow’s employers into today’s curriculum. The faculty once trained have badge credentials recognizing them as having mastered the content to teach others–who can also receive badge credentials (Explorer and Mastery levels) to post onto electronic portfolios, social sites including LinkedIn, CV’s and other tools to highlight badge credentials.
There are 16 career path and below is a brief description on two security skill career paths:
Application Security Analyst
The Application Security Analyst career path prepares students to scan web applications against vulnerabilities and attacks. This will require skills in web application security such as scanning and testing applications in order to identify and analyze security vulnerabilities.
Training topics will include OWASP security standards, Glassbox scanning, cross-site scripting, broken authentication, cross-site request forgery and thread analysis and reports.
Security Intelligence Analyst
The Security Intelligence Analyst career path prepares students to learn to consolidate event logs from device endpoints within a network to identify threats. This will require skills in security intelligence and event management such as data security, event offenses, asset profile offenses and event rules. The Security Intelligence Analyst will use tools to investigate offenses that are generated from network logs and create rules that will prevent them from happening further.
As we wrap up this update it is a safe bet to say cyber security intelligence skills are heavily sought after in the market today on a global basis. Most reading this update know I am from West Virginia. The exciting news I read earlier this week in the New York Times was about another IBMer from West Virginia https://www.nytimes.com/2017/06/28/technology/tech-jobs-skills-college-degree.html. This article shows how we can provide great people employable skills in a job market screaming for the talent. Our faculty and students in high schools, community colleges, technical colleges and universities want to invest in themselves and careers with a future. When we have a skilled workforce across the cyber security spectrum of opportunity, everyone wins — except the bad guys!
LinkedIn: Valinda Kennedy