Page 83 - Cyber Warnings
P. 83
Another way to address the skills shortage is through outsourcing, primarily for areas that are
easily automated. For example, tier-1 24x7x365 glass watching (a.k.a. network monitoring and
notification) is a function that could probably be outsourced.
From an overall cybersecurity community perspective, spending more on education, promoting
gaming and technology exercises, and pushing for more practical learning via hands-on
cybersecurity programs in trade schools would better prepare our kids for the real world.
Computer science and cyber-related curriculum should be taught in middle-school and high-
school to pique their interest in this exciting field.
In one good example, Carnegie Mellon University's CyLab hosts a virtual capture-the-flag
competition called picoCTF that is teaching middle- and high-school students the basics of
hacking. Participants learn to reverse engineer, break, hack, decrypt – anything necessary -- to
solve a series of challenges centered around a storyline.
Challenges start out easy and become increasingly difficult, helping to develop the participants’
critical thinking skills and uncover their hidden talents. Also, enhancing and increasing the
number of cyber programs within higher education and creating clear paths from undergraduate
to graduate school cyber degrees – and promoting them so students actually know they exist –
would be a huge help.
None of this will be easy, nor inexpensive. Recent reports have demonstrated that most IT
executives simply don’t have time to implement a holistic innovative cyberspace workforce
management program given day-to-day tasks.
Their leadership does not allocate sufficient funds for security training efforts and their corporate
culture is simply not change-oriented . Regarding the longer-term proposals around education
mentioned above, we all know the current pitiful state of education funding and the challenges
associated with education reform. But the status quo simply cannot continue; the stakes are too
high.
To be successful in getting the time and money they need, IT executives must show their
project’s impact and delivered value to the organization. By using Return-on-Investment (ROI)-
backed innovation techniques, they should demonstrate how not doing something about the
problem could have severe consequences.
To revisit our example, a successful phishing attack could result in:
• loss of competitive advantage and financial stability due to theft of sensitive information
such as intellectual property, trade secrets, or research data;
• reputational damage as compromised accounts can be used to target individuals or
other organizations;
83 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
