1 / 23

Building the Security Workforce of Tomorrow

Building the Security Workforce of Tomorrow. Allan Berg University of Dallas Graduate School of Management. Information Assurance and Infrastructure Protection.

bburris
Download Presentation

Building the Security Workforce of Tomorrow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management (c) 2004 Allan Berg

  2. Information Assurance and Infrastructure Protection … is a national priority as well as a complex and critical challenge. One that requires a true partnership between all stakeholders, government, public, private, and academe. (c) 2004 Allan Berg

  3. Certification, Education, and Training in Information Assurance People involved in IA must be able to understand and systematically employ and manage IA concepts,principles, methods, techniques, practices and procedures drawn from U.S. statutes, current orpending. IA experts also must understand procedures mandated by the Department of Defense, federal, state and local governments, businesses, and industries. (c) 2004 Allan Berg

  4. Questions • What is the supply core of IA workers • What education and training does the IA worker need • How will this education and training be imparted • Who will certify this education and training (c) 2004 Allan Berg

  5. The IA Workforce Challenge • Continuing sustained rapid growth and accelerating • Intense demand for unique combinations IT, IA skills, experience, and industry knowledge (c) 2004 Allan Berg

  6. Assessing Educational and Training Needs • What occupations comprise the core IA work force • Standardized definition of the standards that define the information security worker agreeable to government, industry and academe. • Enforcing security processes on a document oriented information system may be very different from a communications network system. • Often overlooked : physical, personnel, standards and policy, and administrative security expertise is also a necessity in today’s information security workforce environment. (c) 2004 Allan Berg

  7. Information Assurance • Encompasses the scientific, technical, and management disciplines required to ensure computer and network security including the following functions: • System/network administration and operations • Systems security engineering • Information assurance systems and product acquisition • Cryptography • Threat and vulnerability assessment, to include risk management • Web security • The operations of computer emergency response team • Information assurance training, education and management • Computer forensics • Defensive information operations (c) 2004 Allan Berg

  8. Academic Degree vs. Industry Certification • Are academe and industry competing for the same market? • Absolutely NOT!! • Are academe and industry complimentary? • Absolutely YES!! • Many people have some level of experience, but little time to devote to semester-long courses. • Many people have no experience, and might not benefit fromWham! Bam!5-day training courses. • But have time to attend semester-long courses. (c) 2004 Allan Berg

  9. Network and network infrastructure security Physical, personnel and administrative security Cryptography and Public-Key Infrastructure Testing and verification methodologies Intrusion Detection Vulnerabilities analysis and Risk Management Policy and auditing technologies Host security Ethics and legal issues Authentication technologies E-commerce and Public Policy Information Security + What (c) 2004 Allan Berg

  10. The Niche IA Labor Markets • Mix of knowledge and skills required can vary • Certain technical skills may be in high demand • IT is changing rapidly (c) 2004 Allan Berg

  11. Incentives for IA Certification and Education • Establishes a professional identity and upholds the quality of the profession. • Establishes a minimum level of knowledge with regard to the practice of the profession, and through continuous learning, upgrading of knowledge base and skills. • Promulgates a code of ethical practice. • Provides a review process and participation in published standards of practice. • Promotes ongoing role and function studies for practitioners to validate their practice. • Promotes ongoing role and function studies for practitioners to validate their practice. (c) 2004 Allan Berg

  12. Incentives for IA Certification and Education (Con’t.) • Demonstrates that certified individuals meet acceptable uniform national standards. • Establishes a standard level of competency for employee hiring and evaluation. • Promotes consumer protection. • JOB ADVANCEMENT – certification gives you a competitive edge for promotion and hiring. • SALARY – Profile studies shows that certification holders earn more per year than those who do not have certification. • ESTEEM – Attaining certification demonstrates to your employer, your colleagues, and yourself that you are committed as a professional. (c) 2004 Allan Berg

  13. Disadvantages of Certification • Multiple choice tests are unable to test problem solving and analytic skills.  They reward students who can memorize and replay a set of facts with ease. Furthermore, these tests have become integrated into vendor marketing strategies. (c) 2004 Allan Berg

  14. Disadvantages of Certification (Con’t.) • Emphasize facts important to a particular product line and frequently do not assess globally important knowledge. Hence, the industry has coined the terms “paper-_ _ _ _” to describe someone who only knows enough to pass the tests, but not enough to function effectively on the job. Since many of the short-term training programs teach only the answers to the tests, the problem is only getting worse. (c) 2004 Allan Berg

  15. The Fix • Developing curriculum that includes not only the test information, but also additional materials designed to give the student real insight and hands-on experience with the software and hardware used in the industry. While our student do pass the tests and become certified, they fully understand that it is knowledge beyond the tests that makes them valuable. Such knowledge will last a lifetime, since it will not become obsolete with the next software upgrade. (c) 2004 Allan Berg

  16. Initiatives and Opportunities • Assessing educational and training needs • State initiatives for IA education • Benefits of certification and continuing education • Internet-enabled education and training • International security education and collaboration (c) 2004 Allan Berg

  17. Initiatives for IA Education • Department’s of Information Technology • Academic initiatives • Internships • Federal initiatives • CAE/ISE • DoD IASP • NSF Scholarship Program (c) 2004 Allan Berg

  18. Benefits of Certification and Continuing Education • Benefits of Certification • Demonstrates a level of expertise/competency • Recognition by government, industry • Periodic recertification????? • Benefits of Continuing Education • Life-long • Through community colleges and universities • Demonstrates a level of expertise/competency • Recognition by industry, government, academia • Corporate “Universities” • Focuses on immediate and near future needs • In-house and/or mini-courses by local purveyors • Recognition by industry, government (c) 2004 Allan Berg

  19. Internet-enabled and In-class Certification, Education, and Training • Assessing the quality: • Can the studentsreliably and efficiently access all the curriculummaterials so that they can complete the course requirements in the specified time period? • Does the technology allow the students tobecome reasonably engaged with the material? • Are therespecial difficultiesassociated with the administration of the program and exams? • Is thetime investmenton the part of the facultyinstructor and studentsmanageable or prohibitive? (c) 2004 Allan Berg

  20. Internet-enabled and In-class Certification, Education, and Training • Doeseffective learning occurwhen using the Internet as the primary means of delivering the course curriculum? • How far should distance education really go in beinga substitute for the classroom experience? • What is thenature of the marketfor distance education for the IA professional? • What is thepotential for learningwith distance education for the IA professional? (c) 2004 Allan Berg

  21. “It’s A Jungle Out There” • Microsoft Certified Systems Engineer (MCSE) • Cisco Certified Network Associate (CCNA) • Cisco Certified Network Professional (CCNP) • Cisco Certified Security Professional (CCSP) • Certified Internet Webmaster (CIW) • Certified Wireless Network Administrator (CWNA) • Certified Information System Security Specialist (CISSP) • CISSP Concentrations: ISSAP, ISSMP, ISSEP • Certified Information System Auditor (CISA) • Certified Information Security Manager (CISM) • SANS (GIAC) ……………………………… • And the list goes on, and on, and on, and on, and on, and on, and on, and on, and on, and on, and on, and on ………………………………………….. (c) 2004 Allan Berg

  22. Looking to the Future To move forward, to stay successful, information assurance professionals in an organization, and its leaders, must have vision. Standing still isn’t an option! (c) 2004 Allan Berg

  23. Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management aberg@gsm.udallas.edu 1.703.788.6801 (c) 2004 Allan Berg

More Related