Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

What Keeps IT Security Professionals Awake at Night
Date / Time: Wednesday, August 17, 2016, 1:00 p.m. New York / 10:00 a.m. San Francisco
Overview:

Whether it's sophisticated attackers, data breaches, or a shortage of skilled staff, IT security executives have a lot to worry about. Dark Reading editors discuss the results of the annual Black Hat Attendee Survey and the annual Dark Reading/InformationWeek Strategic Security Survey, both of which offer a look at the attitudes and plans of IT security executives.

Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.

Mr. Shearer has more than 30 years of business experience including the chief operating officer for (ISC), associate chief information officer for International Technology Services at the U.S. Department of Agriculture, the deputy chief information officer at the U.S. Department of the Interior, and the executive for architecture, engineering and technical services at the U.S. Patent and Trademark Office. Mr. Shearer has been responsible for managing and providing services via international IT infrastructures, and he has implemented large-scale SAP Enterprise Resource Planning (ERP) projects. Mr. Shearer has led large geographically separated staffs that support global solutions. Mr. Shearer holds a B.S. from Park College, a M.S. from Syracuse University, management and technical certificates from the U.S. National Defense University, and he is a U.S. federal executive presidential rank award recipient. As (ISC) Chief Executive Officer, Mr. Shearer is responsible for the overall direction and management of the organization and its Center for Cyber Safety and Education.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Thanks for a great show, David!

Strategist

Thanks for your interest in (ISC)2.  Please let me know if we can be of assistance in the future.  

Regards,

David Shearer

[email protected]

Apprentice

That sounds like a great scholarship program, David. Hope there are others in the industry that are doing the same.

Strategist

I like the scholarship program concept AND especially working with employers/HR on how to better open up jobs.

I think in any specialty field we always have work to do with educating hiring officials and HR specialists.  We're working to provide opportunties for 24/7/365 training and manage costs to help reach a broader audience.  We've also awarded over $600,000 in scholarships from our Center for Cyber Safety and Education to IT and InfoSec candidates that otherwise might not be able to afford the education.

Apprentice

Ah.  Dr. Cybrina and our launch of the new Garfield program launches in a few weeks at our Security Congress in Orlando Florida.  Jim Davis will be speaking at one of our events.  He's the creator of Garfield.  He's done very few public events, but he believes in our Safe and Secure Online program.  

Apprentice

@David do you think we need to change the way we hire AND the way we teach/train if we're going to fix this skills shortage?

Author

Thanks, David for a great interview and your fascinating perspective on security issues that keep us at night! Here's to a good night sleep....

Strategist

I agree with Sara that getting training into our High Schools is absolutely needed.

Apprentice

I'm still looking for the image of Dr. Cybrina @David!

Strategist

If you'd like to see me outdone by Garfield:  https://www.youtube.com/watch?v=GqpApTxPXUQ

 

Apprentice

Dr. Cybrina LOL -- love it

Strategist

I think we'll have better success with security budget growth if we do a better job of demonstrating business value related to security investments.  

Apprentice

Now, the question is, how quickly can we turn out these new security pros, and stop requiring college degrees for everything? Can we have infosec be something we train for at the high school, reduce some of the stigma on trade school, and have that help fill the gap? 

Author

Jim Davis who created Garfield has created a new character Dr. Cybrina who is a CISSP.  Learn more at:  www.safeandsecureonline.org

 

Apprentice

@David, you mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Our Dark Reading Strategic Security Survey shows that not only are security departments short on people, but they are short on budget as well. David, do you see this also?  Security budgets have grown steadily in recent years -- do you think that will continue?

Strategist

We didn't get to touch on certification during the interview.. but what are some of the entry level credentials that people can get -- at a reasonable price -- to get a foot in the door if they don't have a company tuition reimbursement plan behind them

 

Strategist

Garfield needs the help, with Odie around causing trouble.

Author

Garfield has friends that are dogs too.  We love dogs as well.  I have a white German Shepherd named Sonja.  Maybe we'll get her into the mix.

Apprentice

I do see a shift toward outsourcing the right types of functions.  I think that's been happening but cloud solutions are accelerating these types of business changes.

 

Apprentice

(What about McGruff the Crime Dog)? #doglover

Garfield is an internationally recognized character with children.  We feel our international partnership will help us scale to reaching 1.9 billion kids in simple and fun terms.

Apprentice

As I said: how did ISC2 choose Garfield as their official "spokescat" for the efforts to improve kids' cybersecurity? I love it!

Author

Hi folks! Short hop to the chat room...

Strategist

Aside from the sheer hiring problem, it's clear that the shortage of people will create a huge need for automation in security. David, do you think we will see a radical shift technologically that will help drive automation?  And/or do you think we will see a radical shift toward outsourcing and the use of managed security services, because of the shortage of internal skills?

Strategist

...and what is (ISC)2 doing to help?

David mentioned something crucial to the "up all night" stress for IT security pros today: the lack of resources & personpower to fill the security roles & jobs. @David, what types of changes are needed to get more aggressive about finding and training people for security jobs?

Looking forward to this show today!

Hi.  This is David Shearer.  I'm looking forward to the chat portion of the session.

Apprentice

Looking forward to a lively conversation today! If you have questions or comments please post them any time before or during the show. The broadcast begins at 1 p.m. EDT. 

Strategist
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34491
PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
CVE-2022-29931
PUBLISHED: 2022-06-25
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
CVE-2022-31017
PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
CVE-2022-31016
PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...
CVE-2022-24893
PUBLISHED: 2022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can resul...