(c) 2004 Allan Berg Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management

(c) 2004 Allan Berg Information Assurance and Infrastructure Protection … is a national priority as well as a complex and critical challenge. One that requires a true partnership between all stakeholders, government, public, private, and academe. … is a national priority as well as a complex and critical challenge. One that requires a true partnership between all stakeholders, government, public, private, and academe.

(c) 2004 Allan Berg Certification, Education, and Training in Information Assurance People involved in IA must be able to understand and systematically employ and manage IA concepts, principles, methods, techniques, practices and procedures drawn from U.S. statutes, current or pending. IA experts also must understand procedures mandated by the Department of Defense, federal, state and local governments, businesses, and industries. People involved in IA must be able to understand and systematically employ and manage IA concepts, principles, methods, techniques, practices and procedures drawn from U.S. statutes, current or pending. IA experts also must understand procedures mandated by the Department of Defense, federal, state and local governments, businesses, and industries.

(c) 2004 Allan Berg Questions What is the supply core of IA workers What education and training does the IA worker need How will this education and training be imparted Who will certify this education and training

(c) 2004 Allan Berg The IA Workforce Challenge Continuing sustained rapid growth and accelerating Intense demand for unique combinations IT, IA skills, experience, and industry knowledge

(c) 2004 Allan Berg Assessing Educational and Training Needs What occupations comprise the core IA work force Standardized definition of the standards that define the information security worker agreeable to government, industry and academe. Enforcing security processes on a document oriented information system may be very different from a communications network system. Often overlooked : physical, personnel, standards and policy, and administrative security expertise is also a necessity in today’s information security workforce environment.

(c) 2004 Allan Berg Information Assurance Encompasses the scientific, technical, and management disciplines required to ensure computer and network security including the following functions: –System/network administration and operations –Systems security engineering –Information assurance systems and product acquisition –Cryptography –Threat and vulnerability assessment, to include risk management –Web security –The operations of computer emergency response team –Information assurance training, education and management –Computer forensics –Defensive information operations

(c) 2004 Allan Berg Academic Degree vs. Industry Certification Are academe and industry competing for the same market? –Absolutely NOT!! Are academe and industry complimentary? –Absolutely YES!! Many people have some level of experience, but little time to devote to semester-long courses. Many people have no experience, and might not benefit from Wham! Bam! 5-day training courses. –But have time to attend semester-long courses.

(c) 2004 Allan Berg Information Security + What Network and network infrastructure security Physical, personnel and administrative security Cryptography and Public-Key Infrastructure Testing and verification methodologies Intrusion Detection Vulnerabilities analysis and Risk Management Policy and auditing technologies Host security Ethics and legal issues Authentication technologies E-commerce and Public Policy

(c) 2004 Allan Berg The Niche IA Labor Markets Mix of knowledge and skills required can vary Certain technical skills may be in high demand IT is changing rapidly

(c) 2004 Allan Berg Incentives for IA Certification and Education Establishes a professional identity and upholds the quality of the profession. Establishes a minimum level of knowledge with regard to the practice of the profession, and through continuous learning, upgrading of knowledge base and skills. Promulgates a code of ethical practice. Provides a review process and participation in published standards of practice. Promotes ongoing role and function studies for practitioners to validate their practice.

(c) 2004 Allan Berg Incentives for IA Certification and Education (Con’t.) Demonstrates that certified individuals meet acceptable uniform national standards. Establishes a standard level of competency for employee hiring and evaluation. Promotes consumer protection. JOB ADVANCEMENT – certification gives you a competitive edge for promotion and hiring. SALARY – Profile studies shows that certification holders earn more per year than those who do not have certification. ESTEEM – Attaining certification demonstrates to your employer, your colleagues, and yourself that you are committed as a professional.

(c) 2004 Allan Berg Disadvantages of Certification Multiple choice tests are unable to test problem solving and analytic skills. They reward students who can memorize and replay a set of facts with ease. Furthermore, these tests have become integrated into vendor marketing strategies.

(c) 2004 Allan Berg Disadvantages of Certification (Con’t.) Emphasize facts important to a particular product line and frequently do not assess globally important knowledge. Hence, the industry has coined the terms “paper-_ _ _ _” to describe someone who only knows enough to pass the tests, but not enough to function effectively on the job. Since many of the short-term training programs teach only the answers to the tests, the problem is only getting worse.

(c) 2004 Allan Berg The Fix Developing curriculum that includes not only the test information, but also additional materials designed to give the student real insight and hands-on experience with the software and hardware used in the industry. While our student do pass the tests and become certified, they fully understand that it is knowledge beyond the tests that makes them valuable. Such knowledge will last a lifetime, since it will not become obsolete with the next software upgrade.

(c) 2004 Allan Berg Initiatives and Opportunities Assessing educational and training needs State initiatives for IA education Benefits of certification and continuing education Internet-enabled education and training International security education and collaboration

(c) 2004 Allan Berg Initiatives for IA Education Department’s of Information Technology Academic initiatives Internships Federal initiatives CAE/ISE DoD IASP NSF Scholarship Program

(c) 2004 Allan Berg Benefits of Certification and Continuing Education Benefits of Certification Demonstrates a level of expertise/competency Recognition by government, industry Periodic recertification????? Benefits of Continuing Education Life-long Through community colleges and universities Demonstrates a level of expertise/competency Recognition by industry, government, academia Corporate “Universities” Focuses on immediate and near future needs In-house and/or mini-courses by local purveyors Recognition by industry, government

(c) 2004 Allan Berg Internet-enabled and In-class Certification, Education, and Training Assessing the quality: –Can the students reliably and efficiently access all the curriculum materials so that they can complete the course requirements in the specified time period? –Does the technology allow the students to become reasonably engaged with the material? –Are there special difficulties associated with the administration of the program and exams? –Is the time investment on the part of the faculty instructor and students manageable or prohibitive?

(c) 2004 Allan Berg Internet-enabled and In-class Certification, Education, and Training –Does effective learning occur when using the Internet as the primary means of delivering the course curriculum? –How far should distance education really go in being a substitute for the classroom experience? –What is the nature of the market for distance education for the IA professional? –What is the potential for learning with distance education for the IA professional?

(c) 2004 Allan Berg “It’s A Jungle Out There” Microsoft Certified Systems Engineer (MCSE) Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP) Cisco Certified Security Professional (CCSP) Certified Internet Webmaster (CIW) Certified Wireless Network Administrator (CWNA) Certified Information System Security Specialist (CISSP) CISSP Concentrations: ISSAP, ISSMP, ISSEP Certified Information System Auditor (CISA) Certified Information Security Manager (CISM) SANS (GIAC) ……………………………… And the list goes on, and on, and on, and on, and on, and on, and on, and on, and on, and on, and on, and on …………………………………………..

(c) 2004 Allan Berg Looking to the Future To move forward, to stay successful, information assurance professionals in an organization, and its leaders, must have vision. Standing still isn’t an option! To move forward, to stay successful, information assurance professionals in an organization, and its leaders, must have vision. Standing still isn’t an option!

(c) 2004 Allan Berg Building the Security Workforce of Tomorrow Allan Berg University of Dallas Graduate School of Management