Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Bridging the Cybersecurity Talent Gap
Newest First  |  Oldest First  |  Threaded View
rupertbowen
50%
50%
rupertbowen,
User Rank: Apprentice
6/1/2018 | 7:12:25 AM
Gender and "soft" skills
Yes a low percentage of students on our MSc in Digital Investigation and Forensic Computing are female but it is improving. Employers are requesting me to refer only female candidates in an atempt to redress their gender imbalance in security roles. Ref the commnet "Cybersecurity requires creativity and collaboration skills as much as coding capabilities" this is very true and those who graduate and progress into management roels are the ones who have or are willing to develop these skills.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
5/30/2018 | 10:32:50 AM
Re: Management Attitude to IT
Agree - management does not separate (sometimes) the core IT functions of the business from the half-brother CyberSecurity side of the It world.  Two separate entities really connected together by function and form.  Cyber has REAL VALUE while running the data center is less quantifiable.   Management with insight (and I work for one such place) vlaues Cyber and can get benefit such as insurance costs covered.   We ADD VALUE. 
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
5/29/2018 | 12:54:10 PM
Re: Management Attitude to IT
As far as outsourcing of positions goes that is a risk for a majority of fields you can study going into school. I would make an argument that there are actually very few fields NOT at risk of automation/outsourcing. I think this puts individuals at more of a level playing field for making a determination. 

I do understand your point towards an expense line item. Cyber Security is a cost-saving platform instead of a revenue producing platform. That's not to say that the direct cost savings can not be quantified to the business, it would just take a mature program to provide metrics around security safeguards. For example, what was the average cost of a lost data record in that respective industry sector? Take that and multiply it by the number of DLP incidents blocked and you can quantify one cost savings potential for security. Another cost would be indirect costs. They can not so easily be quantified but brand reputation is a major item that can utilize trending to provide the business with an accurate view of what impact a cyber security incident/breach can have. "Mature program": many organizations lack is this area. Some of which due to the issue this article denotes.

As for the Equifax statement. I had not heard that one, but if such a claim was to be made it would definitely would have been done out of ignorance. If you have one individual in charge of patching and cannot allude to a platform for this mechanism you will have no leg to stand on. 
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
5/29/2018 | 7:13:25 AM
Management Attitude to IT
Has not changed over the years - the CSuite still believes IT just an expense line item with overpaid geeks making good money doing nothing and getting benefits.  Outsource is still a financial mandate so jobs go lacking and transferred to Bangalore or outsource to IBM or DCX or whatever.  Given this, why should any new grad go INTO a field where your job is automatically AT RISK just because of your existance!!!   And this involves security too.  Look at the dumb statement by former Equifax CEO who blamed the whole ENTIRE mess on just ONE individual who failed to patch.  Incredible ignorance.   If you expect intelligence there, you won't find it.  So management does not give a darn and positions go wanting.   
dtdavis
100%
0%
dtdavis,
User Rank: Apprentice
5/28/2018 | 6:33:43 PM
Hmm, massive shortage...
So let's examine this claim that there is a critical shortage of Cybersecurity talent. If there were a tenth of the shortage that has been claimed in this article, one would expect to see increasing salaries for talent across the country. I don't think that should be a fantastic inference based on the "more than the entire population of Iowa" scale of this so called shortage.

It is interesting that when you go to websites like payscale.com (and others), that shortage doesn't seem to reflect salary trends in the industry. For example, according to the previously mentioned website, salaries for Cybersecurity analysts in Dallas have DECLINED 40% over the past three years! Other cities show similar trends. Nothing that indicates anything that resembles a shortage of talent.

Of course anyone over the age of thirty has seen this kind of hysteria before. And, as sure as the sun rises, we will soon hear the demands for massive increases in foreign work visas because " we just don't have enough people to do these jobs".

Fool me once, shame on you; fool me twice, shame on me.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.