Is The Cyber Security Skills Gap A Myth?

Cyber security enthusiasts, prospective professionals, or just about anyone who has been following cyber security headlines over the last few years, has likely heard iterations of the same story- businesses are unable to recruit the cyber security talent they require, resulting in millions of job openings. The ‘Cyber Security Skills Gap’ is frequently mentioned in the news.

How true are these words? Is the skill gap in cyber security only a myth or a reality? Let us find out more about the cybersecurity skills gaps in this article.

Cyber security career prospects through Myths or Reality

Cybersecurity is multifaceted, and to be competent in this field, each component necessitates a separate set of skills and expertise. Individuals must gain essential skills and knowledge, either through official training or self-development, to be successful in this sector. Many colleges now offer formal degrees and cyber security course online programs.

Cyber security course online from reputed training institutes will provide education aligning with CYBOK ( Cyber security Book of Knowledge). This has become highly essential. CyBok is a handbook that codifies information from textbooks, academic research articles, technical reports, white papers, and standards, putting it all together in one place for practitioners to study and expand their knowledge.

CyBok isn’t the only way to advance in this cyber security career. A prospective cyber security engineer may take advantage of the cyber security course online platforms and obtain a wide range of certificates and badges.

There are a few standout qualifications among the numerous to pick from that many firms are looking for. The following are some of them:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Management (CISM)
  • Certified Information Security Auditor (CISA)
  • Certified Ethical Hacker (CEH)

The Hiring Drawbacks

A skills gap is a mismatch between what companies desire or need from specific employees and what those employees can actually do when they arrive at work. There is a skills gap if you can’t locate someone who knows how to do a penetration test.

If a company automatically rejects individuals who have hands-on hacking expertise but don’t have a specific college degree, the problem isn’t so much a skills gap as it is a recruiter expectations gap.

Hiring criteria that are too strict don’t work for anyone. It means that far too many qualified applications are overlooked, resulting in open positions. Fortunately, there are signs that things are changing, with an additional 700,000 employees expected to join the cyber security field in 2020 (up 25% from the previous year’s estimates). Employers are being encouraged to be more creative when it comes to hiring, with less emphasis on standard training paths and more flexibility when it comes to years of experience required.

This is, in fact, very excellent news for aspiring information security professionals. You should be in a better position than ever to fill the gap if you can pivot your existing talents, bridge knowledge gaps, and pick up the type of practical know-how that’s in demand.

A new shift in the employment trajectory

Stories about the cyber security skills gap have dominated the news in recent years. However, there has been a recent shift: companies are realizing that the problem is a hiring shortage rather than a skills shortage. Forward-thinking companies are becoming less rigorous in their recruitment practices, which is good news for anyone who came to the information sector through unconventional means.

ISACA, the world’s largest IT governance and accrediting organization, recently published an essay outlining best practices for expanding the talent pool. Among them are-

  • Setting clear, attainable goals in job ads and relying more heavily on practical skills tests.
  • Flexibility when it comes to criteria for years of experience.
  • Avoiding a heavy dependence on formal qualifications in favor of current knowledge.
  • Inquisitiveness, eagerness to learn, problem-solving, and communication skills are all qualities to look for.

To advance in this field as a cyber security engineer, one must acknowledge that one must go beyond collecting certifications and instead build networks and associations with like-minded individuals in order to learn from one another. According to the ISSA report, cyber security specialists must build a blend of hands-on experience, fundamental credentials, and networking skills. The term “networking” does not refer to technical competence, but rather to the need for professionals to interact both within and outside of their respective industries and sectors.

We need to get out of our comfort zones and interact with the broader topic of cybersecurity to close the cybersecurity skills gap for professionals. Professionals must comprehend what the business wants and needs, as well as master some of those elusive “soft” talents. They, for example, bridge the communication gap and develop our own marketing approach

Get started with training and upskilling through a cyber security online course and attain specific abilities your current employer demand if you want to switch to a cyber security engineer. Cyber security course typically trains on fundamental skills and help in getting started in a cyber security career even for those who have never worked with computers. If businesses are to respond to the increased risks they face, they must be more flexible in their recruiting practices. There has never been a better time for potential employees to focus on targeted, hands-on training to bridge their own skill gaps. Examine your skills to see if they’re better aligned with the market demand.

Choosing An Outsourcer

Submitted by: Steve Parker

It is difficult to choose an outsourcer because it’s hard to tell the difference between good and bad computer security. By the same token, it’s hard to tell the difference between good and bad medical care. Because most of us aren’t healthcare experts, we can sometimes be led astray by bad doctors who appear to be good. So how do we choose a doctor or a hospital? I choose one by asking around, getting recommendations, and going with the best I can find. Medical care involves trust; I need to be able to trust my doctor.

Security outsourcing is no different; companies should choose an outsourcer they trust. Talking with others and asking industry analysts will reveal the best security service providers. Go with the industry leader. In both security and medical care, you don’t want a little-known maverick. Companies buying security services should also avoid outsourcers that have conflicts of interest. Some outsourcers offer security management and monitoring. This worries me. If the outsourcer finds a security problem with my network, will the company tell me or try to fix it quietly?

Companies that both sell and manage security products have the same conflict of interest. Consulting companies that offer periodic vulnerability scans, or network monitoring, have a different conflict of interest: they see the managed services as a way to sell consulting services. (There’s a reason companies hire outside auditors: it keeps everyone honest.) Outsourcers offering combined management and monitoring services will be among the next to disappear, I believe. If a company outsources security device management, it is essential that it outsource its monitoring to a different company.

In any outsourcing decision requiring an ongoing relationship, the financial health of the outsourcer is critical. The last thing anyone wants is to embark on a long-term medical treatment plan only to have the hospital go out of business midstream. Similarly, organizations that entrusted their security management to Salinas and Pilot were left stranded when those companies went out of business.

Modern society is built around specialization; more tasks are outsourced today then ever before. We outsource fire and police services, government (that’s what a representative democracy is), and food preparation. Businesses commonly outsource tax preparation, payroll, and cleaning services. Companies also outsource security: all buildings hire another company to put guards in their lobbies, and every bank hires another company to drive its money around town.

In general, we outsource things that have one of three characteristics: they’re complex, important, or distasteful. Computer security is all three. Its distastefulness comes from the difficulty, the drudgery, and the 3 a.m. alarms. Its complexity comes out of the intricacies of modern networks, the rate at which threats change and attacks improve, and ever-evolving network services. Its importance comes from this fact of today’s business world: companies have no choice but to open their networks to the Internet.

Doctors and hospitals are the only way to get adequate medical care. Similarly, offshore outsourcing is the only way to get adequate security for today’s networks.

About the Author: For further information on offshore outsourcing and offshore software development, please visit

a1technology.com

.

Source:

isnare.com

Permanent Link:

isnare.com/?aid=26303&ca=Business

It’s National Cyber Security Awareness Month

There are few pseudo holiday celebration days or months that truly get my attention. But National Cyber Security Awareness Month definitely does! It’s the one month a year that consumers are consistently reminded by news reporters, government agencies, non-profits and security companies that security is everyone’s responsibility. All of us need to take actions to protect our personal security, our nation’s critical infrastructure and be good digital citizens.

The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens, partnered with McAfee on a new survey to examine U.S. residents’ online safety posture. The findings reveal a substantial disconnect between our respective online security perceptions and our actual practices while on the Internet. The online safety survey shows that all of us can increase our efforts to make the Internet safer in light of such notable statistics:

90% of Americans agree that a safe and secure Internet is crucial to our nation’s economic security

50% say their job is dependent on a safe and secure Internet and 79% say losing Internet access for 48 consecutive hours would be disruptive

90% of us do not feel completely safe from viruses, malware and hackers while on the Internet

25% of us have been notified by a business, online service provider or organization that our personally identifiable information (e.g. password, credit card number, email address, etc.) was lost or compromised because of a data breach

This data shows that Americans can improve their online safety practices in a number of areas, especially when it comes to accessing the Internet from their personal devices. We can all increase our online safety practices by starting with these simple ways to stay safe online:

Keep your machine cleanUse up-to-date comprehensive security software and use the latest versions of your Web browser, and operating systems.

Own your online presenceWhen available, set the privacy and security settings on websites to your comfort level for information sharing—it’s good practice limit who you share information with.

Make passwords long, strong and uniqueUse a combinations of upper and lowercase letters, numbers and symbols create a more secure password and don’t use the same password for all your sites.

Protect all your devices that connect to the InternetAlong with your PC, make sure to protect your Macs, smartphones, tablets and other Internet-enabled devices.

Connect with careGet savvy about Wi-Fi hotspots and the potential risks of using them. Also, when banking and shopping, check to be sure the site’s security is enabled.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Do You Need A Managed It Service Provider?

There is a range of options to consider when deciding how to manage your company’s IT infrastructure. Can you accommodate an inhouse IT team? Is the ad-hoc support you are receiving from contract IT professionals enough? Or should you consider a managed IT service provider?

Managed IT service providers can offer companies bespoke support packages for a monthly retainer which will cover your personal IT setup. So, rather than employing a full IT team which can be expensive and unworkable for a small company; a managed service provider will adjust its package to suit the company’s size and infrastructure.

If you opt for a local managed IT service provider, you can also benefit from their close proximity to your offices, which will allow their IT professionals to visit and get to know your company more. Rather than employing a full IT team, a local IT support provider can become your IT department for much lower costs.

Reasons why a managed local IT provider could be right for you

E2E is a managed IT provider based in the North West, supporting a range of small and large businesses with their IT infrastructure. We believe that a well-organised and efficiently run IT infrastructure at the heart of your business enhances productivity and performance, improves your bottom line, facilitates scalability, and avoids costly errors.

If you’re considering changing the way your business makes use of IT support, here is a list of things to look out for which could indicate your company is ready to start using a managed IT provider.

You need to improve your cyber security

Good cyber security is vital to the safety of your business. Cyber-attacks are becoming more and more frequent as hackers improve their methods. Plus, with the increase in remote working, companies are now more at risk than ever. It’s never been more important to have reliable protocols in place. A managed IT provider will continuously monitor and update your security software to ensure all threats are under control.

You have implemented remote working or a hybrid structure

Most companies have now introduced some form of remote working for their employees, whether it’s full-time or a hybrid model. However, even though remote working can be beneficial for logistics and work-life balance, a change in working practices inevitably creates more IT support issues. A managed IT provider will ensure that your employees have access to all of the equipment they need both at home and in the office, providing the best software, hardware and connectivity options.

Your IT costs and support needs are too unpredictable

If you find that you are in need of more regular IT support, but your needs aren’t high enough to require an inhouse IT team, a managed IT provider can offer you a happy medium. Whether your business is scaling up or you are finding that your budget is being spent on unmanageable IT costs, having a lack of organisation when it comes to IT can really impact your bottom line. A managed IT team will charge you an agreed fee each month, which will provide you with the correct services for your company. They will monitor your systems, manage installations and perform maintenance. A local service provider will also offer you site visits, which provide a more personal service.

You are looking to grow your business

If you are scaling up your business, using an ad-hoc IT service will inevitably incur larger costs, even if you have an agreed upscale project fee agreement. If you use a managed IT provider, they will take the time to learn the business and your infrastructure, offering great advice on how to grow the company using cost-effective IT solutions.

Downtime is increasing and impacting productivity

An increase in downtime is bad for business and can affect profits and your reputation with customers, clients, and stakeholders. If you are seeing this in your company, it is an indication that your IT infrastructure is no longer fit for purpose. By partnering with a managed IT provider, you should see a decrease in downtime as they restructure your IT setup. They will constantly monitor performance, make necessary changes, and run updates to keep everything running smoothly.

Think you’re ready to partner with a managed IT team?

If some of these points resonated with you, it might be time to consider a managed IT provider. If your company is going through changes, or you’ve seen your workflow compromised by poor support, it’s important to problem-solve now. For more information on E2E and the managed IT services we provide, get in touch with the team today.

The Story Of The First Internet Worm

Submitted by: Marc Menninger

Robert Tappan Morris was the first person convicted by a jury under the Computer Fraud and Abuse Act of 1986. The story of the worm he created and what happened to him after it was released is a tale of mistakes, infamy, and ultimately the financial and professional success of its author.

Morris was a 23-year-old graduate student at Cornell University in 1988 when he wrote the first Internet worm in 99 lines of C code. According to him, his worm was an experiment to gain access to as many machines as possible. Morris designed the worm to detect the existence of other copies of itself on infected machines and not reinfect those machines. Although he didn’t appear to create the worm to be malicious by destroying files or damaging systems, according to comments in his source code he did design it to “break-in” to systems and “steal” passwords. Morris’ worm worked by exploiting holes in the debug mode of the Unix

sendmail

program and in the finger daemon

fingerd

.

[youtube]http://www.youtube.com/watch?v=DpZsc0nIQG8[/youtube]

On November 2, 1988, Morris released his worm from MIT to disguise the fact that the author was a Cornell student. Unfortunately for Morris, his worm had a bug and the part that was supposed to not reinfect machines that already harbored the worm didn t work. So systems quickly became infested with dozens of copies of the worm, each trying to break into accounts and replicate more worms. With no free processor cycles, infected systems soon crashed or became completely unresponsive. Rebooting infected systems didn t help. Killing the worm processes by hand was futile because they just kept multiplying. The only solution was to disconnect the systems from the Internet and try to figure out how the worm worked.

Programmers at the University of Berkeley, MIT, and Purdue were actively disassembling copies of the worm. Meanwhile, once he realized the worm was out of control, Morris enlisted the help of a friend at Harvard to stop the contagion. Within a day, the Berkeley and Purdue teams had developed and distributed procedures to slow down the spread of the worm. Also, Morris and his friend sent an anonymous message from Harvard describing how to kill the worm and patch vulnerable systems. Of course, few were able to get the information from either the universities or Morris because they were disconnected from the Internet.

Eventually the word got out and the systems came back online. Within a few days things were mostly back to normal. It is estimated that the Morris worm infected more than 6,000 computers, which in 1988 represented one-tenth of the Internet. Although none of the infected systems were actually damaged and no data was lost, the costs in system downtime and man-hours were estimated at $15 million. Victims of the worm included computers at NASA, some military facilities, several major universities, and medical research facilities.

Writing a buggy worm and releasing it was Morris’ second mistake. His first mistake was talking about his worm for months before he released it. The police found him without much effort, especially after he was named in the New York Times as the author.

The fact that his worm had gained unauthorized access to computers of “federal interest” sealed his fate, and in 1990 he was convicted of violating the Computer Fraud and Abuse Act (Title 18). He was sentenced to three years probation, 400 hours of community service, a fine of $10,500, and the costs of his supervision. Ironically, Morris’ father, Robert Morris Sr., was a computer security expert with the National Security Agency at the time.

As a direct result of the Morris worm, the CERT Coordination Center (CERT/CC) was established by the Defense Advanced Research Projects Agency (DARPA) in November 1988 to “prevent and respond to such incidents in the future”. The CERT/CC is now a major reporting center for Internet security problems.

After the incident, Morris was suspended from Cornell for acting irresponsibly according to a university board of inquiry. Later, Morris would obtain his Ph.D. from Harvard University for his work on modeling and controlling networks with large numbers of competing connections.

In 1995, Morris co-founded a startup called Viaweb with fellow Harvard Ph.D. Paul Graham. Viaweb was a web-based program that allowed users to build stores online. Interestingly, they wrote their code primarily in Lisp, an artificial intelligence language most commonly used at universities. Viaweb was a success, and in 1998, ten years after Morris released his infamous worm, Viaweb was bought by Yahoo! for $49 million. You can still see the application Morris and Graham developed in action as Yahoo! Shopping.

Robert Morris is currently an assistant professor at MIT (apparently they forgave him for launching his worm from their network) and a member of their Laboratory of Computer Science in the Parallel and Distributed Operating Systems group. He teaches a course on Operating System Engineering and has published numerous papers on advanced concepts in computer networking.

About the Author: Marc R. Menninger is the founder and site administrator for the OpenCSOProject, a knowledge base for security professionals. To download security policies, articles and presentations, click here:

forum.opencsoproject.org

.

Source:

isnare.com

Permanent Link:

isnare.com/?aid=14431&ca=Computers+and+Technology