Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 10:33:58 AM
Re: Skills Shortage
@adriangood  Wow, that's a fascinating perspective. I definitely agree with some of it -- like that relentless, short-sighted capitalism damages security (and the economy), and that a lot of talented hackers don't want to work for them. But...

if the most talented hackers aren't working for those big corporations, who are they working for? Are they working for smaller companies and government entities? Or are they working for criminal organizations?
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 10:25:06 AM
Re: there's another lesson
@Thomas Claburn  Well on one hand, you're right: you can't get stung with a data breach if you don't have any data. But on the other hand, so many companies are trying to get into "big data" that it will be very difficult to convince them to store less. If anything, they'll continue to store more, and make it more accessible to their employees. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 8:50:20 AM
Re: Skills Shortage
For security to be effective, it must be ingrained in the culture of an organization, and the best way to get to that point is through effective communication.

Great point @GonzSTL, I would add that communication about the increasing dangers of cyberattacks must go way beyond the culture of a single organization to the mindset of everyone who is using technology. Of course that is a problem that is far beyond the scope of a business security team!
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/12/2014 | 8:40:10 AM
Re: Skills Shortage

Cyber crime is very profitable, and cyber criminals are better funded than the good guys. Naturally, that means that the good guys are always on the defensive, so really the best way to approach security is to be proactively prepared. True, we cannot be 100% effective in stopping attacks, but if we are diligent and adequately funded, we can put up some pretty good resistance. There really is no shortage of good guys with technical skills; most of the most brilliant geeks are good guys. The missing component is effective communication, and "what we have here is a failure to communicate". Many incredibly skilled people do not have the communication skills required to deliver the security message in a way that is fit for executive consumption, and also for the lay person.  Until we can effectively communicate the importance of security and its role in ensuring that organizational goals are met, funding will be difficult, and management and user support for awareness training will be lacking. For security to be effective, it must be ingrained in the culture of an organization, and the best way to get to that point is through effective communication.

Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 7:27:00 AM
Re: Skills Shortage
@AdrianGood Hacking will continue because cybercrime is a profitable business. But there are still plenty of smart geeks who are working to keep the bad guys in check.
adriangood
50%
50%
adriangood,
User Rank: Apprentice
8/12/2014 | 6:59:46 AM
Skills Shortage
There is an IT security skills shortage because the really smart geeks don't want to work for greedy Corporate entities whose only interest is short-term Shareholder returns, and the Corporate environment actively marginalize those people most suited to helping prevent the attacks.

Until Capitalist Business models change the Hacking will continue, the Chinese Government does not lock up its most talented Hackers at every opportunity, it gives them gainful employment.

Unfortunately creative thinking cannot be mass-produced, it has to be an integral part of the persons personality. 

The IT security maladies are just a symptom of our corrupt society, and will only change when our definition of success has been reset.

 

 

 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
8/11/2014 | 4:11:01 PM
there's another lesson
Many companies that stockpile data may not want to hear it, but the success of hackers ought to be a lesson to avoid storing data.
<<   <   Page 2 / 2


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23009
PUBLISHED: 2021-05-10
On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plan...
CVE-2021-23010
PUBLISHED: 2021-05-10
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ...
CVE-2021-23012
PUBLISHED: 2021-05-10
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either &quot;Resource Administrator&quot; or &quot;Administrator&quot; roles to execute...
CVE-2021-23014
PUBLISHED: 2021-05-10
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software ve...
CVE-2021-23015
PUBLISHED: 2021-05-10
On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note...