Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

Millennials & The Cybersecurity Skills Shortage
Date / Time: Wednesday, November 18, 2015, 1:00 p.m. New York/10:00 a.m. San Francisco
Overview:

Is the cybersecurity skill shortage actually a generation gap? It would seem so from the results of a recent global survey of 4000 young adults by Raytheon and the National Cyber Security Alliance (NCSA). Among the findings: Only half of the men in the survey said they knew what a cybersecurity job entails; for millennial women, awareness was even lower just one-third of respondents.

Join us for the next episode of Dark Reading Radio where Dark Reading Executive Editor Kelly Jackson Higgins will lead an in-depth discussion about what it will take for 18 to 34-year-olds to warm up to an exciting and rewarding career in information security and what is holding them back. Our guests will include Valecia Maclin, program director for the Department of Homeland Securitys Network Security Deployment Division at Raytheon, along with millennials Jennifer Imhoff-Dousharm, co-founder of the dc408 and Vegas 2.0 hacker groups, and Ryan Sepe, information security analyst at Radian Group Inc.

Register now and join us Wednesday, November 18, 2015, at 1:00 p.m. EST, 10:00 a.m. PST.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Thank you Its been a pleasure!

Apprentice

Thanks for having me! It was fun.

Ninja

Thanks for a great show! Definitely some insights to think about going forward here. Thanks to all of the speakers!

Strategist

We are the top of the hour, so I want to thank our guests today, Valecia, Jinni and Ryan, for sharing their insightful perspective on this topic. And thank you to our audience. This is archived, so feel free to listen again or share. Thank you!

Yes, but if you are looking from a practical standpoint those tools are still heavily employed. Everyone wants to be the pen tester, forensic analyst, and white hat hacker...but I would be interested to see in terms of the job market what percentage of cyber security jobs do those jobs hold.

Ninja

Seems a reflection of just how big and open this job market is!

That's interesting, @Ryan, because those are relatively traditional security skills/tools. =)

From a career standpoint pen testing is a nice field as that can also bridge to vulnerability management. But I think millenials would benefit most from focusing on protection capabilities. DLP, IDS/IPS, web security, vulnerability management, Next Gen Firewall. These are things that I have found to be very prevalent in a companies security framework from company to company.

Ninja

Do you have any suggestions for types of security jobs that Millenials should be looking at today? Forensics, pen testing, Internet of Things?

Strategist

I can see how it would be challenging for a university to keep pace with the rapid-fire evolution of security...but that is probably true with most technology programs on campus. Even so, I wonder if that inertia is part of the problem?

I think companies need to start getting involved with collages.  I see many companies here in the bay area that are embrasing Internships much more then in the past but there is a place where these larger companies can help influence what skillsets they need from interns.  There is also a level of responability for the colleges to also be asking companies and industries the same question.

 

Apprentice

There is a great degree of $ potential in security and many millenials are not aware. It's good for them to be made aware.

I also agree with Jinni's previous statement. Security is a rapidly evolving field, so if the university has an outdated curriculum its going to be a huge problem for students applying what they learned in the workplace.

Ninja

wow, @lilJinni. That's disconcerting especially since you are in Silicon Valley! 

My question is WHO should be leading this education/awareness/etc.? Is it up to employers to get out there and recruit/advise universities, schools? 

There is a HUGE problem with colleges being involved.  I'm currently enrollled in community college and am struggling through lesson plans that have extremely outdated security lesson plans and a complete lack of degree paths.  In the heart of the bay area there are Engineer degrees only that are heavy on Java and Calculus. Great for some jobs but these dont always apply to security and can even scare off many potential students. 

 

Apprentice

Just saw a tweet from an industry friend who says when he goes into universities to talk, he talks about the $ potential. 

Do you think Millennials have a different attitude about security than older generations? They have grown up around the Internet, iPads and mobile phones and seem less concerned about privacy and security.

Strategist

At the collegiate level if a university has an IT or computer science program they should also have a cyber security program as it bridges across many of the fields they will encounter in IT/Comp Sci.

Ninja

We didn't talk about universities and their role: are there sufficient studies available for college kids in cybersecurity? I know some schools have programs now, but many still do not, which may be part of the knowledge gap problem.

I don't see an issue now as security is a newer field but what happens when it becomes commonplace and individuals aren't jumping positions to try and tackle this great new job field?

Ninja

I dont think there is a potential crisis the talent is there they just havent applied yet.

Apprentice

I would say yes....unfortunately not having the backing of millenials will be detrimental long term and from an industry standpoint you would see a lot of conversion in the workplace from as we discussed network admins, etc. To specialize in something I think it needs to be a passion/interest and that lack of interest could have an impact in the long run.

Ninja

Good one, Jinni! That was the skill my son took to right away at his first DEF CON. He still has his lockpick kit, and it came in handy once at home.

One of the easist and most engaging ways I've been able to help teach people and kids about security is starting with lock picking.  Getting a small group of people to gether with some simple locks and picks while you talk about security.  Weither this is in a boy scout group, college meet up, or monday morning office meeting.   Its that moment when the least expected person pops a lock that the entire table realized how easy it is and how simple it is.  

There is a sence of vulnerbility that is both safe and easy to transcribe into a digital conversation.  If a lock is that easy then so is your password.

Apprentice

One burning question I have for all 3 of our guests is this: is the cybersecurity field in potential crisis talent-wise if it can't attract Millennials?

A note for our audience -- Dark Reading has a jobs board that will help you identify job opportunities and potential new positions. Look for the words SECURITY JOBS on the Dark Reading home page. We are also planning to add a new section on Careers and People over the next month.

Strategist

I'm curious about how kids get into security, often through gaming and learning about hacks and cheats...  Do you think there's more that can be done at a younger age to teach kids about security ethics and the availability of security tasks and careers?

Strategist

Excited about this show! There is a lot of data that suggested that the security professional sector is aging. There needs to be more awareness of security among millenials!

Strategist

I'm looking forward to our show!

Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.