O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

The Future of Your Cybersecurity Career: Market Demand VS Talent Shortage

420 visualizações

Publicada em

The Future of Your Cybersecurity Career: Market Demand VS Talent Shortage

The world is currently lacking some 2 million cybersecurity experts. That number is expected to double shortly, as more cyber-kinetic and anthro-cyber-kinetic (people, cyber and physical) systems are productized for industry and mass consumption.

At the same time, cybersecurity practitioners have become laser-focused on insanely complex, highly verticalized, specific subsets of our industry. Rough translation: we tend to train and hire skill-set specialists versus security generalists. Security professionals often have trouble talking to each other because so many specializations use different nomenclatures, terms, and acronyms; dozens of technically disparate lingua francas. We have forgotten about teaching strategic generalities and interdisciplinarianism. Overspecialization and isolation from other technical fields are two clear recipes for failure.

This webinar examines a variety of skills and knowledge that will greatly assist the professional and benefit the cybersecurity field as well, by dealing in higher levels of abstraction versus highly specialized knowledge and practice.

Main points covered:

Presenter:

Our presenter for this webinar Winn Schwartau is one of the world’s top experts on security, privacy, infowar, cyber-terrorism, and related topics. Provocative, informed, challenging, he’s on the leading edge of thinking, writing and speaking. Highly technical security subjects are made understandable, entertaining, engaging and thought-provoking. Audiences find themselves challenged with original ideas which are related through historical analogy and metaphor and made relevant to the present and future world. He is the founder of The Security Awareness Company.
Organizer: Ardian Berisha

Date: July 10th, 2019
Recorded Webinar: https://youtu.be/uRsARV3ULy4

Publicada em: Educação
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

The Future of Your Cybersecurity Career: Market Demand VS Talent Shortage

  1. 1. MY MOM -1943. NBC MASTERING ENGINEER DAD RADAR DEV. WW2
  2. 2. MY FIRST DEFCON
  3. 3. WINN AS TV REPAIRMAN: $.50 PER REPAIR
  4. 4. MY ELECTRONICS STORE
  5. 5. 1961
  6. 6. HIGH SCHOOL COMPUTER
  7. 7. COULDN’T GET A JOB
  8. 8. THE FAMILY BUSINESS: MY FIRST STUDIO (16 YRS. OLD)
  9. 9. MY FIRST LATHE: ANALOGUE/MECHANICAL
  10. 10. 1969-1970: COMPLEX SYSTEMS
  11. 11. IMSAI 1972
  12. 12. AUTO SYNC (RIGHT!)
  13. 13. MANUAL SYNC
  14. 14. 1979: BUILDING ANALOGUE/DIGITAL BUSINESS
  15. 15. DIGITAL AUDIO AUTOMATION: 1980
  16. 16. MY STUDIO: 1980
  17. 17. 7 JANUARY 1983: WENT INTO SECURITY No Degree. No Certs. No Creds.
  18. 18. THE EARLY DAYS: WEAPONIZATION OF THE INTERNET 1990 1993
  19. 19. June 27, 1991 Our computer systems are so poorly protected, they are “An electronic Pearl Harbor waiting to happen.” “The Civilian Architect of Information Warfare.” Admiral Tyrrell, UK MoD
  20. 20. NEED TO FIX THE INTERNET
  21. 21. WANTED TO PROVE SECURITY IMPOSSIBLE. OF COURSE IT IS. HOLD ON. WAIT. (CRASS COMMERCIAL PLUG COMING LATER…)
  22. 22. OK BACK TO THE HISTORY… I MEAN THE FUTURE OF CYBERSECURITY EDUCATION
  23. 23. THE SECURITY DOMAINS CYBERSECURITY EDUCATION SHOULD TOUCH ALL THREE
  24. 24. 2010 - 2012 DHS SECRETARY JANET NAPOLITANO “WE CAN’T FIND ENOUGH CYBER-SECURITY PEOPLE…” … BULLSHIT THE TRUTH IS… “WE CAN’T FIND ENOUGH PERFECT WHITE PEOPLE, WHO HAVE NEVER, EVER DONE ANYTHING WRONG, HAVE HAD A FORMAL EDUCATION, RECEIVED DEGREES, GOT CERTS UP THE WAZOO, WHO DON’T SMOKE WEED, CAN PASS AN H.R. PERSONALITY TEST, AND AREN’T ON THE SPECTRUM…”
  25. 25. ARBITRARY DISCRIMINATORS • AGE • SEX/ORIENATION • DRUG USE (ALCOHOLISM IS O.K.) • DEGREES • CRIMINAL BACKGROUND • “OFFICE JOB” • PERSONALITY TESTS • ADHD & SPECTRUM DO WE REALLY NEED OR WANT ‘NORMAL’?
  26. 26. SECURITY PROBLEMS: THEY ARE ALL THE SAME • SPAM • DOS/DDOS • PHISHING • ACCESS CONTROL • ENCRYPTION • PRIVACY • DECEPTION • FAKE NEWS • DETECTION • ROOT CONTROL • ETC. • REACTION • REMEDIATION • ZERO-DAYS • MALWARE • METAMORPHIC NW • AWARENESS • TRUST • MULTI-ADMIN • DATA-EXFILTRATION • ESPIONAGE • ETC.
  27. 27. SO…TO GET ‘THE RIGHT STUFF’ A LITTLE MORE GENERALISM, PLEASE… 1. ENGINEERING 2. HISTORY 3. HUMANITY
  28. 28. ENGINEERING TO ERR IS TO MAKE PROGRESS. TO FAIL IS TO LEARN. CYBER IS NOT AN ENGINEERING DISCIPLINE … YET… WHAT COULD WE LEARN FROM ENGINEERS?
  29. 29. LOGIC
  30. 30. MECHANICAL • BRIDGES • DRONES • ROBOTS • 3D - STUFF ALL THINGS CYBER-KINETIC
  31. 31. ELECTRICAL
  32. 32. ANALOGUE
  33. 33. FEEDBACK
  34. 34. ICS/SCADA – FEEDBACK & ANALOGUE PROGRAMMABLE LOGIC CONTROLLER • BINARY CONTROLS - ON-OFF = 1:0 = YES/NO • ANALOGUE CONTROLS - > 0 & < 1
  35. 35. IT’S THE SMALL THINGS • NANO-TECH • DNA STORAGE (1019 BITS/CM2 • OPTICAL CPU • BIONICS • THE INTERNET OF BIO- NANO-AI THINGS
  36. 36. BAYES & PROBABILITY
  37. 37. THE QUANTUM & NEWTON
  38. 38. NEURAL & AI/ML/DL ETHICS, TROLLEYS AND AUTONOMOUS
  39. 39. FRACTALS
  40. 40. EXO-PLANETARY STUDIES THE CARRINGTON EFFECT: 1859
  41. 41. HISTORY TO IGNORE HISTORY IS TO REPEAT STUPID SHIT INSANITY: DOING THE SAME THING OVER AND OVER AND OVER AGAIN… AND EXPECTING DIFFERENT RESULTS. (NEXT GEN CYBERSECURITY CRAP 1972 – 2018)
  42. 42. KNOW THE HISTORY OF OOPS! GREAT PEOPLE MAKING HUGE MISTAKES
  43. 43. COMPUTER HISTORY WHY REINVENT WHEELS WHEN THEY ALREADY EXIST? • ANTIKYTHERA • BOOLE • ADA LOVELACE/BABBAGE • GRACE HOPPER • BOMBE-ENIAC+++ • ANALOGUE COMPUTING • VON NEUMANN • ARCHITECTURES • SHANNON • INFORMATION THEORY
  44. 44. COMPUTER SECURITY HISTORY • CAESAR, JEFFERSON, VIGENERE • BLETCHLEY (UK), VENONA (US) • WOMEN • ANDERSON, BIBI, BELL, LAPADULA • RAINBOW, CC, TCSEC • RACF/TOP-SECRET/ACF-2 • MLS & BLACK/RED NETWORKING
  45. 45. WOMEN IN CYBER+SECURITY (C’MON ALREADY… )
  46. 46. MILITARY HISTORY • DECEPTION • SUN TZU • JOHN, JASPER & NEVIL MASKELYNE (WAR MAGICIANS) • MASSIFICATION (PRE-21ST C.) • CLAUSWITZ • NAPOLEON/ROME/ • JOHN BOYD (O-O-D-A) • M.A.D. (TIME) • FORTRESS MENTALITY (EPIC FAILURES) • WHY ARE WE LOSING THE CYBERWARS?
  47. 47. OODA - FEEDBACK
  48. 48. SPEED WINS
  49. 49. CABLE-PORN
  50. 50. NON-LINEARITY ART SCIENCE THINKING
  51. 51. HUMANITY WE HAVE SPENT 70 YEARS TRY TO GET HUMANS TO THINK, BEHAVE AND INTERACT WITH COMPUTERS ON THEIR TERMS; IN THEIR LANGUAGE: BINARY & DIGITAL FOR SECURITY, WE NEED TO GET COMPUTERS TO THINK, BEHAVE AND INTERACT WITH US ON OUR HUMAN TERMS; IN OUR LANGUAGE: ANALOGUE
  52. 52. GREAT ENGINEERING + HUMAN ENDEAVOR = FAILURE
  53. 53. PURPOSE OF THE BRAIN 1. TO SENSE THE ENVIRONMENT 2. TO PREDICT THE FUTURE
  54. 54. PSYCHOLOGY • NOT BINARY • INFINITE FLAVORING • SOFT/MALLEABLE • WORST MEMORY CIRCUITS • SUSCEPTIBLE TO “FAKENESS/LIES” IN THE FACE OF FACTS (TRUTH) • SPECTRUMS • IT’S UP TO US TO UNDERSTAND OUR AUDIENCE(S) PIX FREUD
  55. 55. HUMAN (ENGINEERING): THE SENSES TIME-BASED DETECTION IN DEPTH
  56. 56. SENSOR TECH(S) TIME-BASED DETECTION IN DEPTH
  57. 57. MULTI-SENSORY FILTERING
  58. 58. NEURO-PLASTICITY • ADAPTABLE • POLYMORPHIC NEURONS • ½ A BRAIN WORKS • DISTRIBUTED PROCESSING • AI VS. HUMAN • PARADOXICAL • TROLLEYOLOGICAL CONUNDRA
  59. 59. PERCEPTION
  60. 60. FLATLAND +
  61. 61. INFLUENCE (SOCIAL ENGINEERING? MY MOM SAID…) • POLICY LEADERS • CISO/CEO/BOARD • NON GEEKS • CO-WORKERS & STAFF • EMPLOYEES • PARTNERS • CUSTOMERS • ‘SPECIAL’ PEOPLE • SPOUSE (YEAH, UH, HUH!)
  62. 62. ART & ART HISTORY ART IS HOW WE TELL STORIES
  63. 63. COMMUNICATIONS SHOW – DON’T TELL • KNOW YOUR AUDIENCE • C-SUITE • CUSTOMERS • GEEKY COLLEAGUES • STUPID PEOPLE • KIDS • MULTI-MEDIA
  64. 64. POSITIVE FEEDBACK: LEARN ABOUT LEARNING • 70-20-10 RULE • RULE OF 3 • 7 SECOND RULE • 2.2 MADISON AVE. RULE • EBBINGHAUS FORGETTING CURVE • TEACHING MOMENTS
  65. 65. TECHNOLOGY, SECURITY, & ETHICS (ESPECIALLY IN A CYBER-KINETIC WORLD)
  66. 66. APPLYING THE TRIADS FUTURE OF CYBER-SECURITY EDUCATION (& ADDING A WEE DOSE OF INTERDISCIPLINARY GENERALISM)
  67. 67. CYBER-SECURITY IS JUST TOO HARD LANDING ON THE MOON TRANSCONTINENTAL RAILWAY MARSHALL PLAN MANHATTAN PROJECT TVA DNA ICS INTERNET
  68. 68. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events
  69. 69. THANK YOU ? winn@thesecurityawarenesscompany.com linkedin.com/company/the-security-awareness-company www.thesecurityawarenesscompany.com

×