Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

What Keeps IT Security Professionals Awake at Night
Date / Time: Wednesday, August 17, 2016, 1:00 p.m. New York / 10:00 a.m. San Francisco
Overview:

Whether it's sophisticated attackers, data breaches, or a shortage of skilled staff, IT security executives have a lot to worry about. Dark Reading editors discuss the results of the annual Black Hat Attendee Survey and the annual Dark Reading/InformationWeek Strategic Security Survey, both of which offer a look at the attitudes and plans of IT security executives.

Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.

Mr. Shearer has more than 30 years of business experience including the chief operating officer for (ISC), associate chief information officer for International Technology Services at the U.S. Department of Agriculture, the deputy chief information officer at the U.S. Department of the Interior, and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. Mr. Shearer has been responsible for managing and providing services via international IT infrastructures, and he has implemented large-scale SAP Enterprise Resource Planning (ERP) projects. Mr. Shearer has led large geographically separated staffs that support global solutions. Mr. Shearer holds a B.S. from Park College, a M.S. from Syracuse University, management and technical certificates from the U.S. National Defense University, and he is a U.S. federal executive presidential rank award recipient. As (ISC) Chief Executive Officer, Mr. Shearer is responsible for the overall direction and management of the organization and its Center for Cyber Safety and Education.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Thanks for a great show, David!

Strategist

Thanks for your interest in (ISC)2.  Please let me know if we can be of assistance in the future.  

Regards,

David Shearer

[email protected]

Apprentice

That sounds like a great scholarship program, David. Hope there are others in the industry that are doing the same.

Strategist

I like the scholarship program concept AND especially working with employers/HR on how to better open up jobs.

I think in any specialty field we always have work to do with educating hiring officials and HR specialists.  We're working to provide opportunties for 24/7/365 training and manage costs to help reach a broader audience.  We've also awarded over $600,000 in scholarships from our Center for Cyber Safety and Education to IT and InfoSec candidates that otherwise might not be able to afford the education.

Apprentice

Ah.  Dr. Cybrina and our launch of the new Garfield program launches in a few weeks at our Security Congress in Orlando Florida.  Jim Davis will be speaking at one of our events.  He's the creator of Garfield.  He's done very few public events, but he believes in our Safe and Secure Online program.  

Apprentice

@David do you think we need to change the way we hire AND the way we teach/train if we're going to fix this skills shortage?

Author

Thanks, David for a great interview and your fascinating perspective on security issues that keep us at night! Here's to a good night sleep....

Strategist

I agree with Sara that getting training into our High Schools is absolutely needed.

Apprentice

I'm still looking for the image of Dr. Cybrina @David!

Strategist

If you'd like to see me outdone by Garfield:  https://www.youtube.com/watch?v=GqpApTxPXUQ

 

Apprentice

Dr. Cybrina LOL -- love it

Strategist

I think we'll have better success with security budget growth if we do a better job of demonstrating business value related to security investments.  

Apprentice

Now, the question is, how quickly can we turn out these new security pros, and stop requiring college degrees for everything? Can we have infosec be something we train for at the high school, reduce some of the stigma on trade school, and have that help fill the gap? 

Author

Jim Davis who created Garfield has created a new character Dr. Cybrina who is a CISSP.  Learn more at:  www.safeandsecureonline.org

 

Apprentice

@David, you mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Our Dark Reading Strategic Security Survey shows that not only are security departments short on people, but they are short on budget as well. David, do you see this also?  Security budgets have grown steadily in recent years -- do you think that will continue?

Strategist

We didn't get to touch on certification during the interview.. but what are some of the entry level credentials that people can get -- at a reasonable price -- to get a foot in the door if they don't have a company tuition reimbursement plan behind them

 

Strategist

Garfield needs the help, with Odie around causing trouble.

Author

Garfield has friends that are dogs too.  We love dogs as well.  I have a white German Shepherd named Sonja.  Maybe we'll get her into the mix.

Apprentice

I do see a shift toward outsourcing the right types of functions.  I think that's been happening but cloud solutions are accelerating these types of business changes.

 

Apprentice

(What about McGruff the Crime Dog)? #doglover

Garfield is an internationally recognized character with children.  We feel our international partnership will help us scale to reaching 1.9 billion kids in simple and fun terms.

Apprentice

As I said: how did ISC2 choose Garfield as their official "spokescat" for the efforts to improve kids' cybersecurity? I love it!

Author

Hi folks! Short hop to the chat room...

Strategist

Aside from the sheer hiring problem, it's clear that the shortage of people will create a huge need for automation in security. David, do you think we will see a radical shift technologically that will help drive automation?  And/or do you think we will see a radical shift toward outsourcing and the use of managed security services, because of the shortage of internal skills?

Strategist

...and what is (ISC)2 doing to help?

David mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Looking forward to this show today!

Hi.  This is David Shearer.  I'm looking forward to the chat portion of the session.

Apprentice

Looking forward to a lively conversation today! If you have questions or comments please post them any time before or during the show. The broadcast begins at 1 p.m. EDT. 

Strategist
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9417
PUBLISHED: 2020-10-20
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction...
CVE-2020-15264
PUBLISHED: 2020-10-20
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking ...
CVE-2020-15269
PUBLISHED: 2020-10-20
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
CVE-2019-9080
PUBLISHED: 2020-10-20
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.
CVE-2020-15931
PUBLISHED: 2020-10-20
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a ...