now browsing by tag


#nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills

Source: National Cyber Security – Produced By Gregory Evans

As the Trump administration works to reskill current federal employees to meet the workforce needs of the 21st century, lead agencies are now making sure there are jobs for those trainees to transition to—at least temporarily.

Wednesday, the Office of Management and Budget and Office of Personnel Management, in conjunction with the Federal Chief Information Officers Council, announced the first wave of “temporary detail opportunities.” Nine positions were posted to the Open Opportunities job board, where current federal employees can find temporary or part-time work with other agencies to improve their skills.

While the details are open to any qualified federal employee, the latest push is intended to create opportunities for graduates of the Cyber Reskilling Academy.

“We cannot overcome the shortage in the federal cybersecurity workforce overnight,” Federal CIO Suzette Kent said Wednesday in a statement. “By continuing to invest and support reskilling programs, coupled with hands-on opportunities to apply those skills, the federal government is positioning itself to strengthen our cybersecurity workforce capabilities.”

The Reskilling Academy launched in April 2019 with an initial cohort of 25 students, plucked from more than 2,000 applicants from across government with no prior cybersecurity or IT background. Those students went through 13 weeks of training and came out the other side with a set of basic cyber defense skills. However, due to the nature of the federal employment hierarchy—known as the General Schedule—those graduates were not able to immediately transition to cybersecurity jobs.

OMB recognized the job placement issue and began looking at ways to move the program forward, including first broaching the idea in October of using Open Opportunities.

“By serving as a governmentwide bulletin board for short-term assignments, details and training opportunities around the federal government, Open Opportunities will help agencies tap into the valuable talent and skills we already have and are developing within government,” said OPM Director Dale Cabaniss.

The postings that went live Wednesday do not give specific timeline for the details. However, back in October, OPM Principal Deputy Associate Director for Employee Services Veronica Villalobos told Nextgov the agency was looking at nine-month tours.

Three agencies—Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Veterans Affairs Department and the Environmental Protection Agency—posted nine openings Wednesday to Open Opportunities, most with multiple positions available.

The posts contain a brief description of the office seeking assistance, a rundown of the tasks the employee will be asked to perform and a list of skills they should expect to leave with when the detail is done.

Most of the openings focus on policy and security assessments. For example, the VA opportunity is for a “junior IT specialist to prepare, deploy and transition DOD/VA electronic health records.” In this role, the detailee will work with the Office of Electronic Health Record Modernization to review documentation for the authority to operate—a certification verifying a baseline of cybersecurity for an application—and make edits and recommendations, as needed.

Similarly, CISA has two to five openings for GS-12 to GS-15 employees to serve as cyber policy and strategy planners. The position “[d]evelops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements,” per the posting, which cites the job description directly from the National Initiative for Cybersecurity Education, or NICE.

The administration is also looking to expand the Reskilling Academy outside of OMB. In the president’s 2021 budget proposal, OMB directed departments to include funding for a distributed reskilling effort run independently out of each agency but based on the central Reskilling Academy model. Per the plan, the administration hopes to reskill some 400,000 federal employees in cybersecurity, data science and other technology-focused areas.

Source link

The post #nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | How big is the skills gap, really?

Source: National Cyber Security – Produced By Gregory Evans


No doubt you will have noticed, in the past few years, that voices are being raised about something called the “skills gap.” The discussion is not just happening in the U.S. Countries like the UK and India have set government-industry partnership motions in place to try and address this. One such project is from the World Economic Forum, which has developed an initiative called “Closing the Skills Gap.”

But is it real? Is there an actual skills gap? It can’t be for lack of humans to do jobs — the world population is around 7.8 billion as of December 2019. And it can’t be for lack of education, either. Around 1.8% of the U.S. population has a Ph.D., and almost 21% have a bachelor’s degree. As a SHRM report pointed out, in the U.S., “7 million jobs were open in December 2018, but only 6.3 million unemployed … “

However, we then see concerning statistics about the skills gap — such as those from a study by CompTIA, showing that 47% of SMBs see the skills gap growing. In terms of IT security skills specifically, the situation only ever seems to get worse. (ISC)2 recently reported that, globally, the workforce has to grow 145% to meet the skills gap in IT security jobs.

There is a lot of conjecture and surveys looking at the skills gap in IT and security as well as other areas of industry, In this article, I’ll drill down into those studies and see what the situation actually looks like.

What is a skills gap?

Before starting, I’ll set out what we mean by a skills gap.

The skills gap is not unique to the tech or information security industry. As we have (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> How big is the skills gap, really? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Why the #cyber #security #skills #gap is so #damaging

The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. A report by job listings site Indeed found that the UK has the second largest demand for skilled IT professionals in the world. But what effect is this having on organisations, and how can it be mitigated?

The most obvious effect is that it’s increasing the workload of existing staff. In many cases, employees’ time and resources are spread so thinly that the quality of the work suffers. Employees often say that they spend too much time on incident response and not enough on planning ways to prevent incidents from recurring and to mitigate the risk of serious incidents.

Organisations that know that they are understaffed are often forced to hire people who lack the necessary skills and experience. Although these new recruits can help with routine work, senior staff will need to provide on-the-job training, which prevents them performing their own tasks.

All of this means that organisations are unprepared for major security incidents, which could cause substantial damage and affect business operations.

There’s another problem. The increased demand for cyber security staff has given those with the right skills considerable leverage over employers. Someone with the right skillset could find work practically anywhere, so organisations need to give them a reason to choose them. This typically means generous pay rises, with the average cyber security wage increasing by 10% in 2017.

Filling the skills gap
Commenting on Indeed’s report, Mariano Mamertino, economist for Europe, the Middle East and Africa at the organisation, said: “The problem is fast approaching crisis point and British businesses will inevitably be put at risk if they can’t find the expertise they need to mitigate the threat.

“This should serve as a wake-up call to Britain’s tech sector – it must pull together to […] attract more people into cyber security roles.”

However, some cyber security experts believe the skills shortage is a “myth”. They argue that there are plenty of people with the skills to work in the field, but because we treat cyber security as a standalone discipline, rather than placing it under the much wider umbrella of IT, many people don’t consider it a career they are equipped to pursue.

Some organisations have begun to address this. A 2017 survey by (ISC)2 found that hiring managers were exploring new recruitment strategies and attempting to entice previously unqualified people.

The report states: “Individuals with non-technical previous careers often rise to become key decision makers in their organizations: globally, 33% of executives and C-Suite professionals began in a previous non-technical career.”

It adds: “It will be important, if not essential, to consider the relevant educational foundations, training and professional development opportunities that support the breadth of people with potential to enter the field in order to fill the worker shortage.”

If you’re interested in a career in cyber security, you’ll need to demonstrate your knowledge by way of professional qualifications. Cyber security is a complex, multidisciplinary field and has careers to suit any number of skills, so it’s worth taking some time to research which specialties are right for you.

For example, if you’re interested in the way you can use hacking skills for good, you might want enrol on our Certified Ethical Hacker (CEH) Training Course. An ethical hacker is someone that an organisation hires to look for vulnerabilities in its systems or applications, allowing it to address problems before they are exploited.

The Certified Ethical Hacker (CEH) certification is globally recognised as the vendor-neutral qualification of choice for developing a senior career in penetration testing and digital forensics. Our course is led by an information security consultant with over ten years’ experience.

You might also be interested in our Managing Cyber Security Risk Training Course. This three-day course helps practitioners formulate plans and strategies for improving cyber risk management in their organisations. It draws on real-life case studies and provides insights that will enable you to create a blueprint for a plan that includes the implementation of technical measures and accounts for the people, processes, governance, leadership and culture in your organisation.


The post Why the #cyber #security #skills #gap is so #damaging appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Think #outside the #box to #tackle #cybersecurity skills #crisis

The cybersecurity industry is facing a mounting talent crisis. Demand for cybersecurity experts is outstripping supply by 25% and analysts are predicting 1.8 million unfilled positions by 2022. This talent gap is quickly becoming a critical issue for businesses, leaving them dangerously exposed to cybercrime and putting their investments in digital transformation at risk. Innovative thinking is needed to plug the gap.

One of the most exciting options for me is diverse hiring. We live in a vast, multi-cultured world filled with people from different backgrounds and different perspectives yet, all too often; we recruit from a narrow band of personality types. Those that are willing to widen their recruitment net will find genuine talent that is being overlooked by their peers.

For example, there is a growing body of research on the benefits of recruiting neuro-diverse candidates, such as individuals on the autism spectrum. Studies from the National Autistic Society have shown that people with autism are known to be analytical, detail-oriented and to have strong problem solving skills, making them ideal candidates for cybersecurity roles. However, many people with autism struggle to navigate recruitment processes or cope in a traditional office environment.

Given the talent crisis, why are we ignoring these highly skilled people? A few pioneers, such as Microsoft and SAP, are implementing more inclusive approaches to hiring and also creating bespoke roles that play to the strengths of those with autism. However, much more could be done to bring these kinds of people into the workplace. Some simple solutions include giving people the option to work from home, removing line management responsibility from positions or providing autism awareness training to make teams more accommodating.

Another untapped pool of potential is millennials. Unwittingly, many organizations put themselves at a disadvantage with this group by not designing recruitment campaigns to address their needs and the channels they consume content on. According to Capgemini’s research, 82% of Gen Y and Gen Z talent are looking to join organizations that recruit in an innovative way. This means reaching them on the mobile platforms they use every day. Some companies use gamification to attract the brightest talent. L’Oreal for example uses a game called Brandstorm to attract bright undergraduates and the Cyber Security Challenge UK conducts annual gaming competitions to find the next generation of cyber defenders.

Of course, great cybersecurity talent doesn’t have to come from outside the organization. Many companies are in fact sitting on a hotbed of unrecognized or undiscovered skill. Our research found that over a third of employees are anxious that their skills set will become redundant in the next four to five years. This is prompting half of employees to invest their own resources in digital upskilling. So rather than recruiting externally, companies should look inward and scout candidates in fields like network operations or application development, where they can find individuals who already possess knowledge and skills that can be easily adapted for cybersecurity.

Once great candidates are through the door, the next challenge is keeping them. Four out of five employees want to be able to work remotely, so offering a good work/life balance is key. For millennials, a clear career development path is important and 84% want regular feedback and achievable goals.

Elsewhere, another challenge faced by the industry is attracting enough women. Currently only 11% of the cybersecurity workforce are female. Popular culture has fueled the perception of cybersecurity as a masculine industry, with depictions of male, “nerdy” hackers. Offering internships to female students, providing mentors and highlighting the work of senior female cybersecurity specialists is a good place to start changing this perception and bolstering your recruitment pipeline.

The repercussions of a cyber-attack are potentially devastating, from hefty fines, to lower share price and reputational damage. But businesses are struggling with a shortage of cybersecurity talent and the problem is certainly not going away. By adopting innovative recruitment, training, and retention strategies that will appeal to cybersecurity talent, organizations can take an important step in helping protect their companies from the risks of our connected world.


The post Think #outside the #box to #tackle #cybersecurity skills #crisis appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #skills #shortage

Source: National Cyber Security News

From vendor agnostic, standards and skills-based training to a commitment to inspiring the next generation to join the industry in the first place, everyone demanding a solution to cyber security skills shortage today needs to step up and become part of the solution – not the problem.

PwC’s 2018 CEO survey has highlighted a continued hardening of global attitudes to security, with the top four threats to business growth prospects now including terrorism, geopolitical uncertainty, over-regulation and cyber threats. This shift is reflected by the language now used publicly – by government and business leaders alike – as highlighted by the US Department of Homeland Security’s recent announcement of its investigation into an attack on a critical infrastructure facility. There is growing rhetoric that the risk of sponsored cyber-attacks on (inter)national infrastructure could cause economic chaos.

But after endemic under-investment in skills development for over a decade, Jim Kennedy, VP & GM Americas, Certes Technology, explains it is time for a significant change in approach to safeguard business.

Supply versus demand
Organizations now recognize that investment in security is a necessity. Yet with a current estimated 350,000 open cyber security positions in the US, and a predicted global shortfall of 3.

Read More….


View full post on National Cyber Security Ventures

South Africa #sees #shortage of #cybersecurity #skills

Source: National Cyber Security News

South Africa is facing a shortage of cybersecurity skills. It’s nothing new and we are not alone – this is a global challenge – yet, the gaps are growing locally. The biggest obstacle: these skills take time and experience to build. In a world in which technology is advancing at breakneck speed and security threats are evolving at the same pace, this is something local businesses need to address now by investing in security technology and people.

South Africa is losing many of its top cybersecurity skills to international demand. Specialist security companies able to utilise scarce skills fully are essential to fill the gap for businesses. It’s the smart choice for corporates who are unable to find or keep these resources – and for security professionals who need to constantly update and grow their skills to keep pace with changing technologies and new threats.

Today, technology change is rapid. The three to five-year change cycles of yesterday have shrunk to less than 12 months in many instances. While not all topologies will change with these advancements, it is necessary from a security perspective to cover all potential aspects. So, for example, adoption of cloud technologies means all systems must be tested and secured against cloud vulnerabilities.

Read More….


View full post on National Cyber Security Ventures

5 Skills #Cybersecurity #Pros Will #Need in #2018

Source: National Cyber Security News

Cybercrime has never been so common and it’s now easier than ever for criminals to launch attacks. As a result of easy-to-use hacking tools, novices without programming experience can perform potentially devastating hacks.

In response to the growing demand for cybersecurity and to protect against increasingly complex attacks, security skills are in high demand. According to data from the Bureau of Labor Statistics, cybersecurity professionals earn an average salary of $116,000—nearly three times the national average.

In response to the rapidly evolving cybersecurity landscape, professionals must keep their skills sharp. These are 5 skills that cybersecurity professionals should consider investing in for 2018.

1. Cloud Security

Cloud computing has transformed the way organizations store data, use applications and manage workloads—but it’s also introduced a host of new security challenges.

The responsibility to maintain cloud security lies with the organization, not the service provider—something businesses transitioning to the cloud must realize. Organizations will also need to pivot from on-premise threats to investing in cloud security. To do this, they’ll need professionals with cloud security skills.

Threats to cloud security could include poor identity management and attackers may disguise themselves as legitimate users to secretly snoop, modify or delete data.

Read More….


View full post on National Cyber Security Ventures

Cybersecurity #Skills #Shortages

With recent victims including Equifax, Yahoo and Deloitte — just to name a few — it’s hard to find a company these days that hasn’t been hacked in one form or another. And that means protecting both business and consumer data from cyber attacks has become a way of life for employers.

But the demand for cybersecurity professionals has been outpacing supply for some time now, according to the Leviathan Security Group, an information security firm in Seattle that addressed the shortage in a 2015 white paper:

“With more than one million cybersecurity positions unfilled worldwide,” the white paper states, “currently identified security needs couldn’t be met if every employee at GM, Costco, Home Depot, Delta and Procter & Gamble became security experts tomorrow.”

Since then, the shortage has grown “much, much worse,” says Frank Heidt, CEO at Leviathan.

And while there seems to be no end in sight to the attacks, HR professionals are fighting back by growing their own cybersecurity staff or placing in-house talent with key business skills in hybrid positions to help prevent global invasions.

Earlier this year, the Information Systems Security Association and the Enterprise Strategy Group surveyed 343 information security professionals about the cybersecurity-skills shortage. It found that 45 percent had experienced at least one “security event” over the past two years. Perhaps more troubling, 70 percent believe that the shortage has had a negative impact on their organization, with 62 percent also saying they are falling behind in providing an adequate level of cybersecurity training.

To boost its cybersecurity-training efforts, Mosaic451, a Phoenix-based cybersecurity services provider and consultancy, piloted Cyber Candidate School last spring. The paid, six-month internship for new employees with diverse backgrounds has already graduated 15 participants from three classes, who were then placed in entry-level positions, says Michael Baker, managing director at the organization. Next year, he hopes the program will produce double the number of graduates.

While grow your own programs can be effective, they require resources, training time and must attract the right people, says Aileen Alexander, senior client partner at Korn Ferry in Washington, who also co-leads the organization’s global cybersecurity practice.

She says successful cybersecurity professionals often share similar skills and competencies. For example, they understand risk, are agile and business savvy, and demonstrate resilience on the job.

“Once you have that framework, you can think about growing from within,” says Alexander, adding that military veterans and business consultants generally perform well in cybersecurity roles. “So much of these roles are moving from a pure technical function to one that’s really business and risk driven.”

She believes HR leaders need to step back to assess their organization’s talent capabilities and gaps, identify who cybersecurity should report to — the CEO, CIO, CISO, or chief risk officer — then decide whether to hire or train new talent. Some mature companies are also rotating inhouse talent by giving them different experiences and exposure, rightsizing from a compensation perspective, and being more deliberate with succession planning.

Other companies are creating hybrid positions that require some technical skills and a solid understanding of their business model and strategies, says Tracey Malcolm, future of work leader at Willis Towers Watson in Toronto.

These individuals, she says, possess a well-rounded business view that enables them to better understand the organization’s threats and risks and help develop suitable incident responses.

“It’s being conscious from an architecture standpoint about what’s happening with the business model (so you can identify) where threats start to emerge or exist as the business continues to change,” says Malcolm.

HR can also expand skills training to another talent pool — contractors and contingent workers — or move employees with analytical skills in other departments to the cybersecurity team to help conduct research or develop incident responses from an analytics perspective, she says.

“Because this is a specialized skills area, some HR professionals don’t get too close to it,” says Malcolm, adding that HR’s strategic workforce plan must support cybersecurity. “Look at alternatives to permanent employees filling critical roles . . . and change the conversation from purely talent deficits to one that’s more centered on strategic workforce planning.”

Meanwhile, HR at other companies are relaxing compensation rules, says Kanak Rajan, a partner at Mercer in Chicago. Since cybersecurity skills are constantly changing, he says, rigid pay structures may be problematic.

“When the need for cybersecurity is high, and there’s a strong business case, HR can be flexible by paying the max [for talent] when warranted and also providing a retention or signing bonus,” he says.

While compensation plays a big role, so does a progressive workplace. Job candidates don’t want to get stuck working with outdated technology and knowledge, where “their currency in the market is no longer relevant,” he adds.

Oftentimes, HR professionals who work with cybersecurity departments possess a generalist background and struggle to pick up the nuances of the profession. He says they need to be better trained, even coached, so they can speak the technology language and better understand cybersecurity’s skill gaps and needs.

Cybersecurity professionals “are a different kind of animal,” says Rajan, adding that companies can also check out talent by sponsoring hackathons. “HR needs to establish a lot more collaborative environment with IT.”

View full post on National Cyber Security Ventures

Just half of #UK #business confident of #cybersecurity skills as #GDPR nears

more information on sonyhack from leading cyber security expertsAt this time of unparalleled cyber danger, it has been found that only half of companies in the UK believe they are equipped with adequate cybersecurity skills. The root of this shocking lack of confidence may be in another finding that just 51 per cent of IT workers in the UK said that cybersecurity has […] View full post on | Can You Be Hacked?

The #skills gap in #cybersecurity is #widening

Source: National Cyber Security – Produced By Gregory Evans

Equifax. Yahoo. The Democratic National Committee. Your email inbox. Your home.

The amount and frequency of hacks and data breaches is skyrocketing, rising more than 142 percent since 2012, from 471 to 1,140, and those are just the ones we know about, according to the California-based Identity Theft Resource Center.

As the world becomes increasingly more technologically complex, so have the tactics and tools used by hackers, said Joe Provost, CEO of Worcester cyber defense consultants Syncstate.

Specifically, the delivery of malware is improving, he said.

“We seem to have the same problem where they’re able to get a message across and entice the right person to follow the trail and click on the link,” Provost said.

Yet as attacks rise in frequency and complexity, the people entering the cybersecurity field isn’t keeping up, as estimates anticipate a shortage of between 1.5 and 3.5 million professionals globally in the next four years.

Training in the war room

Provost, an experienced and qualified cybersecurity expert, said it would take him about 30 seconds to assume the identity a Worcester Business Journal reporter. To do so would entail just downloading software from the dark web and sending an email attachment.

The effectiveness of advanced hacking is compounded by cybersecurity professionals’ dependency on preventative tools rather than understanding the science behind them, Provost said.

To help close that skills gap, Provost opened the New England Cyber Range in Devens, a computer lab where cybersecurity professionals can train and hone their skills by learning outside of the classroom or office. The range partnered with Bridgewater State University and UMass Amherst and is working with cybersecurity firms to help train employees.

“It gives you hands-on practice to see how to react, when to react and what tools to react with,” he said.

Provost pointed to increasing collaborations between government entities, colleges and companies poised to begin closing that gap, like Gov. Charlie Baker’s Cyberseucity Growth and Development Center at the Massachusetts Technology Collaborative, announced in September.

The center will work to support the industry and provide development support and increase the cybersecurity talent pipeline in the state.

Lack of workers, interest

According to the U.S. Bureau of Labor Statistics, information security analyst jobs are growing at an impressive clip – from 72,670 in 2012 to 98,870 in 2016 – but Provost said that growth coupled with the parochial style of teaching is leading to the shortage.

Data from a recent survey commissioned by defense contractor Raytheon, which has offices in Marlborough and Northborough, suggests Millennials aren’t interested in those jobs.

Globally, 37 percent of survey respondents said a teacher discussed cybersecurity with them as a career choice, which has tripled since the 13 percent reported in 2013. More than half of respondents said they’re aware of the range of responsibilities that a cybersecurity job entails.

Despite the awareness, only 38 percent of Millennials were more willing to consider a career in cybersecurity than a year ago, unchanged from last year.

According to a 2015 report from Texas business consulting firm Frost and Sullivan, there will be a global workforce shortfall for all cybersecurity of 1.5 million by 2020. A more recent report from California-based Cybersecurity Ventures estimates a shortage of 3.5 million workers by 2021.

Teaching cybersecurity’s importance

Stephanie Weagle, vice president of marketing for Marlborough-based Corero Network Security, said companies need to take Provost’s approach and partner with college students to raise that career interest.

Corero protects hundreds of clients from DDoS attacks, which are intended to take a network offline by overwhelming it with information. Those attacks are increasing, and Corero’s clients now report about four DDoS attacks per day, and they’ve doubled in the last two quarters, Weagle said.

With research and development centers in Scotland, Corero works closely with colleges there to attract top talent. Weagle said the company hasn’t been the victim of the skills gap.

Instead, Weagle called for a larger understanding of the cyber threat landscape for future young professionals.

The Raytheon study found 63 percent of global respondents click on links even if they aren’t sure if the source of the link is legitimate, and the portion of U.S. young adults who share passwords with non-family members nearly doubled from 23 percent in 2013 to 39 percent in 2017.

“Until you’re in the working world and seeing this happen on a regular basis, it’s not something people are talking about everyday,” Weagle said.

Millennials, the generation seemingly attached to devices and always plugged in, should represent the new wave of cybersecurity professionals and slow these data breaches, Weagle said.

“If a group is to take advantage of that career opportunity, [Millennials] could be the one,” Weagle said.

Part of the solution

Interest in Worcester Polytechnic Institute’s cybersecurity program, however, is growing, said Suzanne Mello-Stark, a computer science professor.

She’s the program manager for Scholarship for Service, a program funded by the National Science Foundation giving students studying cybersecurity a scholarship including tuition, stipends and fees in exchange for the student taking summer internships and post-graduation employment with the government.

The demand is growing for those government jobs, Mello-Stark said, as there are about 42,000 open cybersecurity jobs in government agencies.

Interest in that program, she said, has tripled since 2015.

In addition to a cyber summer camp funded by the National Security Agency, the WPI’s cyber program is rigorous, requiring students to solve real-world cybersecurity problems as part of graduation requirements.

“We’re trying to be part of that solution here,” Mello-Stark said.

The post The #skills gap in #cybersecurity is #widening appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures