Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Bridging the Cybersecurity Talent Gap
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
6/1/2018 | 7:12:25 AM
Gender and "soft" skills
Yes a low percentage of students on our MSc in Digital Investigation and Forensic Computing are female but it is improving. Employers are requesting me to refer only female candidates in an atempt to redress their gender imbalance in security roles. Ref the commnet "Cybersecurity requires creativity and collaboration skills as much as coding capabilities" this is very true and those who graduate and progress into management roels are the ones who have or are willing to develop these skills.
User Rank: Ninja
5/30/2018 | 10:32:50 AM
Re: Management Attitude to IT
Agree - management does not separate (sometimes) the core IT functions of the business from the half-brother CyberSecurity side of the It world.  Two separate entities really connected together by function and form.  Cyber has REAL VALUE while running the data center is less quantifiable.   Management with insight (and I work for one such place) vlaues Cyber and can get benefit such as insurance costs covered.   We ADD VALUE. 
User Rank: Ninja
5/29/2018 | 12:54:10 PM
Re: Management Attitude to IT
As far as outsourcing of positions goes that is a risk for a majority of fields you can study going into school. I would make an argument that there are actually very few fields NOT at risk of automation/outsourcing. I think this puts individuals at more of a level playing field for making a determination. 

I do understand your point towards an expense line item. Cyber Security is a cost-saving platform instead of a revenue producing platform. That's not to say that the direct cost savings can not be quantified to the business, it would just take a mature program to provide metrics around security safeguards. For example, what was the average cost of a lost data record in that respective industry sector? Take that and multiply it by the number of DLP incidents blocked and you can quantify one cost savings potential for security. Another cost would be indirect costs. They can not so easily be quantified but brand reputation is a major item that can utilize trending to provide the business with an accurate view of what impact a cyber security incident/breach can have. "Mature program": many organizations lack is this area. Some of which due to the issue this article denotes.

As for the Equifax statement. I had not heard that one, but if such a claim was to be made it would definitely would have been done out of ignorance. If you have one individual in charge of patching and cannot allude to a platform for this mechanism you will have no leg to stand on. 
User Rank: Ninja
5/29/2018 | 7:13:25 AM
Management Attitude to IT
Has not changed over the years - the CSuite still believes IT just an expense line item with overpaid geeks making good money doing nothing and getting benefits.  Outsource is still a financial mandate so jobs go lacking and transferred to Bangalore or outsource to IBM or DCX or whatever.  Given this, why should any new grad go INTO a field where your job is automatically AT RISK just because of your existance!!!   And this involves security too.  Look at the dumb statement by former Equifax CEO who blamed the whole ENTIRE mess on just ONE individual who failed to patch.  Incredible ignorance.   If you expect intelligence there, you won't find it.  So management does not give a darn and positions go wanting.   
User Rank: Apprentice
5/28/2018 | 6:33:43 PM
Hmm, massive shortage...
So let's examine this claim that there is a critical shortage of Cybersecurity talent. If there were a tenth of the shortage that has been claimed in this article, one would expect to see increasing salaries for talent across the country. I don't think that should be a fantastic inference based on the "more than the entire population of Iowa" scale of this so called shortage.

It is interesting that when you go to websites like payscale.com (and others), that shortage doesn't seem to reflect salary trends in the industry. For example, according to the previously mentioned website, salaries for Cybersecurity analysts in Dallas have DECLINED 40% over the past three years! Other cities show similar trends. Nothing that indicates anything that resembles a shortage of talent.

Of course anyone over the age of thirty has seen this kind of hysteria before. And, as sure as the sun rises, we will soon hear the demands for massive increases in foreign work visas because " we just don't have enough people to do these jobs".

Fool me once, shame on you; fool me twice, shame on me.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-07-02
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the usern...
PUBLISHED: 2022-07-02
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
PUBLISHED: 2022-07-02
** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input.
PUBLISHED: 2022-07-02
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.