1 / 27

Merit Annual Meeting

Merit Annual Meeting. Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group Email: jrecor@olympussecurity.com Office – 248-608-6784. Current Events. Virus Du Jour: Stopping trains! Widespread infection Blackout

rey
Download Presentation

Merit Annual Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Merit Annual Meeting Preparing the Security Workforce of the Future Jeff Recor President, Olympus Security Group Email: jrecor@olympussecurity.com Office – 248-608-6784 www.olympussecurity.com

  2. Current Events • Virus Du Jour: • Stopping trains! • Widespread infection • Blackout • Identity Theft = $1B a year in losses for banks www.olympussecurity.com

  3. Organizational Challenges • Same problems year after year: • Companies still vulnerable to “common” viruses • Vendors not securing their products • Security Professionals not working from standard set of knowledge • Culture of the Hacker www.olympussecurity.com

  4. Discussion Points • The Fed’s are coming ! • 3 distinct views: • Employers • Practitioners • Knowledge Development Centers www.olympussecurity.com

  5. Personnel Challenges (One of the major barriers to improving cyber security is…) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems." The National Strategy to Secure Cyberspace - February 2003 www.olympussecurity.com

  6. The Fed’s are Coming! • Cybersecurity takes a backseat: • FUD • 9/11…..WMD • No standards, yet… • Legislation pending www.olympussecurity.com

  7. FUD • Zero-day Viruses and affinity worms will sunder business records….brokerage house trading records will be scrambled, corporate networks molten…CEO’s humiliated. Howard Schmidt, Vice Chairman, CIP Board www.olympussecurity.com

  8. Accreditation Board • Movement afoot to formalize security profession: • Board forming now • Body of practice needs to be defined • Licensing process designed • Standards, standards, standards www.olympussecurity.com

  9. Employers www.olympussecurity.com

  10. www.olympussecurity.com

  11. Hiring Trends… • 47% report hiring increased in the past year • 29% reported staffing levels remained unchanged • 19% reported decreases in security staff levels Global Security Survey, 2003: Deloitte www.olympussecurity.com

  12. ITAA Employer Survey • 60% not satisfied they can hire “right” security talent: • 40% said it was hard to quantify candidates • 36% interview process not well defined • 81% recognize security as a “separate” profession www.olympussecurity.com

  13. ITAA Employer Survey • CISSP = Most Important (57%) • Security + • Vendor Specific • CFE • Sans GIAC ITAA Workforce Study, 2003 www.olympussecurity.com

  14. Employee www.olympussecurity.com

  15. Acquiring Knowledge • How do I learn the fundamentals needed to secure my environment? • How do I acquire the skills to become a valuable employee in the security field? www.olympussecurity.com

  16. CISSP CISA CFE Sans Security + CIA CBCP Cisco CheckPoint ISS RSA Microsoft Verisign Entrust Certifications Vendors Industry www.olympussecurity.com

  17. Audience Poll Which item is the most important for showing your security skills to a potential employer during an interview? a. Resume b. Non-vendor security certifications c. Formal education in security discipline d. Vendor-specific product certifications e. Presenting at security conferences / classes www.olympussecurity.com

  18. KDC www.olympussecurity.com

  19. Current State • Training Programs • Boot camps • Certification factories • Higher Education • Master’s Degree Programs • Certificate Programs • Standards Movement www.olympussecurity.com

  20. Higher Education • Security Programs • Masters Degree • Undergraduate Degree • Certificate Programs • K through 12 !! www.olympussecurity.com

  21. Education Trends • Before - Mechanical - bits and bytes • Forensics programs • Intrusion-detection and prevention programs • Security technology standards development and other technical programs • After - Business value and critical thinking • ROI • Business Process Analysis • Value Add • Business value and critical thinking. • ENABLEMENT www.olympussecurity.com

  22. Security Education • Less than 60 Phd candidates in INFOSEC / IA • 17 Phd’s in IA granted so far (2003) • 50 NSA COEs mostly focus on CIS-style programs • Much more is needed… www.olympussecurity.com

  23. Under vote Under vote Most Recent Being Updated National Training Standards Information Security Professionals –NSTISSI No. 4011 Information System Security Officers –NSTISSI No. 4014 Designated Approving Authority- NSTISSI No. 4012 System Administrators –NSTISSI No. 4013 System Certifiers- NSTISSI No. 4015 Risk Analyst – NSTISSI No. 40xx www.olympussecurity.com

  24. Faculty Development & Recruitment Issues • Lack of program development and credentialing opportunities • 1800+ Universities and 15,000+ Faculty will be Affected • Lack of “real world” Experience • Traditional development model for educators is inadequate • Tools and skills necessary www.olympussecurity.com

  25. Local Excellence ? • Walsh College (NSA COE) • Eastern Michigan University • University of Detroit Mercy (COE) • Michigan State University • Washtenaw Community College • Independent Training www.olympussecurity.com

  26. Closing… • “An information War is coming someday…” • Richard Clarke, President’s Cyber security Czar, June 5, 2002. www.olympussecurity.com

  27. www.olympussecurity.com

More Related