Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Outlook for 2011

Published byGertrude Washington Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Outlook for 2011"— Presentation transcript:

1 Cybersecurity Outlook for 2011
EDUCAUSE 2011 Security Professionals Conference Karen S. Evans National Director April 5, 2011

2 Agenda National Landscape Workforce Issues
Can Competitions Find Talent The U.S. Cyber Challenge

3 National Cybersecurity Landscape
Comprehensive National Cybersecurity Initiative (CNCI) Threats Initiatives Trusted Internet Connections Homeland Security Presidential Directive – 12 Secure Configurations The Cyberspace Policy Review Leading from the Top Building Capacity for a Digital Nation Sharing Responsibility for Cybersecurity Creating Effective Information Sharing and Incident Response Encouraging Innovation

4 National Cybersecurity Landscape
National Strategy for Trusted Identities in Cyberspace Legislative Opportunities for the 112th Congress Federal Information Security Management Act of 2002 Independent Agencies: SEC; FCC; FTC; FERC; NERC

5 Which Skills Matter Most?

6 Setting the Stage Subcommittee on Emerging Threats, Cybersecurity, and Science & Technology April 17, ~Chairman: Jim Langevin “We don’t know who’s inside our networks. We don’t know what information has been stolen. We need to get serious about this threat to our national security.” State Dept witness: Don Reid, Senior Coordinator for Security Infrastructure Commerce Department witness: Dave Jarrell, Manager, Critical Infrastructure Protection Program

7 Starkly Contrasting Responses
Commerce No idea when it got in, how it got in, or where it spread Took 8 days to filter (ineffective) Unable to clean the systems; forced to replace them Do not know whether they have found or gotten rid of the infections State Detected it immediately Put effective filter in place within 24 hours; shared filter with other agencies Found two zero-days Helped Microsoft and AV companies create patches and signatures Cleaned infected systems, confident all had been found

8 What was the Difference?
Was it tools? No Almost same commercial tools – Commerce had more commercial IPS/IDS Was it skills? Yes Commerce – only experience was firewall operations not even firewall engineering. No training other than prep for Security + and later for CISSP State – experience and training in forensics, vulnerabilities and exploits, deep packet inspection, log analysis, script development, secure coding, reverse engineering. Plus counter intelligence. And managers with strong technical security skills

9 Which Skills Matter Most?
Security skills: System forensics; network forensics and deep packet inspection; Windows, UNIX, and PDA defensive configuration; log analysis; script development; exploits and penetration testing; secure coding; reverse engineering. Plus counter intelligence Foundations: Networking and network administration; computer operations and system administration; Java and C/C+ programming including the 25 most dangerous programming errors

10 CSIS Commission on Cybersecurity
A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters, published November 15, 2010 “The cyber threat to the United States affects all aspects of society, business, and government, but there is neither a broad cadre of cyber experts nor an established cyber career field to build upon, particularly within the Federal government.”

11 Prepare for Fast Growing Jobs
Network, systems, and data communications analysts (53%) Computer software engineers: applications (34%) Computer software engineers: systems software (30%)

12 Great job opportunities: #2, 15 and 24 on the “30 Fastest Growing Occupations”

13 The U.S. Cyber Challenge Identifying and Nurturing Very Talented People

14 Q&A to Prove the Value Q. You’re in your senior year in high school – had you already taken computer courses at school? A. I enrolled to take Introduction to Programming this year, but they cancelled it; they couldn’t find a suitable teacher. Q. How do people demonstrate and test their skills if they do not have the opportunity to play in the NetWars rounds? A. There aren’t many options for kids with lots of cyber skill to be able to exercise and further develop those skills. Most would just simply target random servers and hack illegally, so it was great that I found NetWars.

15 Coalition Members

16 Who is supporting the U.S. Cyber Challenge Activities?

17 Proposed U.S. Cyber Challenge Framework
Competitions Camps Weekend Programs Pathway to: Scholarships Internships Jobs Talent Bank Public Sector Private Sector Critical Infrastructure Tech Industry K-12 Communities Colleges Universities Virtual Community “Future Cyber Professionals” Skills Needed

18 Activities Digital Forensics Challenge (DoD Cyber Crime Center)
CyberPatriot Defense Competition (AFA) NetWars Challenge (SANS) Cyber Quests (CIS and SANS) National Cyber Defense Competition (NCCDC.org) Cyber Foundations (CIS, SANS and CKSF.org) Cyber Camps Courses and Exercises Tournaments Internships Scholarships Connect with Employers Talented Cyber Security People STEP 1 STEP 2 STEP 3 STEP 4

19 Building the Highway: Action Plan
Encourage talented kids to compete Become a mentor Support a high school program Serve as a teacher/aid at the summer camps Build a competition Sponsor a scholarship Support a college team Sponsor a summer camp Sponsor a college Sponsor the U.S. Cyber Challenge

20 TAKE THE CHALLENGE

Download ppt "Cybersecurity Outlook for 2011"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
ALAN PALLER THE SANS INSTITUTE Beyond Security Awareness!

ALAN PALLER THE SANS INSTITUTE Beyond Security Awareness!
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Alan Paller The SANS Institute

Alan Paller The SANS Institute
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.

Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.
Public Sector Responses to the IT Worker Shortage Danielle Germain Senior Program Manager Information Technology Association of America (ITAA) November.

Public Sector Responses to the IT Worker Shortage Danielle Germain Senior Program Manager Information Technology Association of America (ITAA) November.
Performance Institute - July 20, 2001 Dagne Fulcher, IT Workforce Improvement U.S. Department of the Treasury Recruiting & Retaining Top IT Talent for.

Performance Institute - July 20, 2001 Dagne Fulcher, IT Workforce Improvement U.S. Department of the Treasury Recruiting & Retaining Top IT Talent for.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Cybersecurity nexus (CSX)

Cybersecurity nexus (CSX)
Paul Dordal Executive Director BRAC RTF Transformation Game Plan Executive Committee May 21, 2009.

Paul Dordal Executive Director BRAC RTF Transformation Game Plan Executive Committee May 21, 2009.
Resources to Support Training Programs for CSIRTs.

Resources to Support Training Programs for CSIRTs.
Employer Partnerships North Tyneside Commission of Enquiry Jan 2008 Clare Riley Microsoft Education.

Employer Partnerships North Tyneside Commission of Enquiry Jan 2008 Clare Riley Microsoft Education.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?

Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.

Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Copyright © 2009 Pearson Education, Inc. Publishing as Longman. The Federal Bureaucracy Chapter 15.

Copyright © 2009 Pearson Education, Inc. Publishing as Longman. The Federal Bureaucracy Chapter 15.
Information Technology Programs. Why major in IT? “...Total US IT employment is predicted to double in this decade. Similarly, the security of computer.

Information Technology Programs. Why major in IT? “...Total US IT employment is predicted to double in this decade. Similarly, the security of computer.

Similar presentations

Ads by Google