Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

What Keeps IT Security Professionals Awake at Night
Date / Time: Wednesday, August 17, 2016, 1:00 p.m. New York / 10:00 a.m. San Francisco
Overview:

Whether it's sophisticated attackers, data breaches, or a shortage of skilled staff, IT security executives have a lot to worry about. Dark Reading editors discuss the results of the annual Black Hat Attendee Survey and the annual Dark Reading/InformationWeek Strategic Security Survey, both of which offer a look at the attitudes and plans of IT security executives.

Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.

Mr. Shearer has more than 30 years of business experience including the chief operating officer for (ISC), associate chief information officer for International Technology Services at the U.S. Department of Agriculture, the deputy chief information officer at the U.S. Department of the Interior, and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. Mr. Shearer has been responsible for managing and providing services via international IT infrastructures, and he has implemented large-scale SAP Enterprise Resource Planning (ERP) projects. Mr. Shearer has led large geographically separated staffs that support global solutions. Mr. Shearer holds a B.S. from Park College, a M.S. from Syracuse University, management and technical certificates from the U.S. National Defense University, and he is a U.S. federal executive presidential rank award recipient. As (ISC) Chief Executive Officer, Mr. Shearer is responsible for the overall direction and management of the organization and its Center for Cyber Safety and Education.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Thanks for your interest in (ISC)2.  Please let me know if we can be of assistance in the future.  

Regards,

David Shearer

[email protected]

Apprentice

That sounds like a great scholarship program, David. Hope there are others in the industry that are doing the same.

Strategist

I like the scholarship program concept AND especially working with employers/HR on how to better open up jobs.

I think in any specialty field we always have work to do with educating hiring officials and HR specialists.  We're working to provide opportunties for 24/7/365 training and manage costs to help reach a broader audience.  We've also awarded over $600,000 in scholarships from our Center for Cyber Safety and Education to IT and InfoSec candidates that otherwise might not be able to afford the education.

Apprentice

Ah.  Dr. Cybrina and our launch of the new Garfield program launches in a few weeks at our Security Congress in Orlando Florida.  Jim Davis will be speaking at one of our events.  He's the creator of Garfield.  He's done very few public events, but he believes in our Safe and Secure Online program.  

Apprentice

@David do you think we need to change the way we hire AND the way we teach/train if we're going to fix this skills shortage?

Author

Thanks, David for a great interview and your fascinating perspective on security issues that keep us at night! Here's to a good night sleep....

Strategist

I agree with Sara that getting training into our High Schools is absolutely needed.

Apprentice

If you'd like to see me outdone by Garfield:  https://www.youtube.com/watch?v=GqpApTxPXUQ

 

Apprentice

I think we'll have better success with security budget growth if we do a better job of demonstrating business value related to security investments.  

Apprentice

Now, the question is, how quickly can we turn out these new security pros, and stop requiring college degrees for everything? Can we have infosec be something we train for at the high school, reduce some of the stigma on trade school, and have that help fill the gap? 

Author

Jim Davis who created Garfield has created a new character Dr. Cybrina who is a CISSP.  Learn more at:  www.safeandsecureonline.org

 

Apprentice

@David, you mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Our Dark Reading Strategic Security Survey shows that not only are security departments short on people, but they are short on budget as well. David, do you see this also?  Security budgets have grown steadily in recent years -- do you think that will continue?

Strategist

We didn't get to touch on certification during the interview.. but what are some of the entry level credentials that people can get -- at a reasonable price -- to get a foot in the door if they don't have a company tuition reimbursement plan behind them

 

Strategist

Garfield needs the help, with Odie around causing trouble.

Author

Garfield has friends that are dogs too.  We love dogs as well.  I have a white German Shepherd named Sonja.  Maybe we'll get her into the mix.

Apprentice

I do see a shift toward outsourcing the right types of functions.  I think that's been happening but cloud solutions are accelerating these types of business changes.

 

Apprentice

Garfield is an internationally recognized character with children.  We feel our international partnership will help us scale to reaching 1.9 billion kids in simple and fun terms.

Apprentice

As I said: how did ISC2 choose Garfield as their official "spokescat" for the efforts to improve kids' cybersecurity? I love it!

Author

Aside from the sheer hiring problem, it's clear that the shortage of people will create a huge need for automation in security. David, do you think we will see a radical shift technologically that will help drive automation?  And/or do you think we will see a radical shift toward outsourcing and the use of managed security services, because of the shortage of internal skills?

Strategist

David mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Hi.  This is David Shearer.  I'm looking forward to the chat portion of the session.

Apprentice

Looking forward to a lively conversation today! If you have questions or comments please post them any time before or during the show. The broadcast begins at 1 p.m. EDT. 

Strategist
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file