This week marks the fifth and final week of National Cyber Security Awareness Month (NCSAM) 2015. A program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives. This initiative targets its message towards entities in both the public and private sectors. The theme of Week 5 of NCSAM is “Building the Next Generation of Cyber Professionals.” As we all know, our knowledge of creating a cyber security culture at work, protecting our passwords, securely navigating the world of social media and using the security basics to safeguard our evolving digital lives only goes so far. We cannot tackle security alone. We need to focus on building a generation of dedicated, well-educated security professionals to help defend against the online threats of tomorrow. With this in mind, here are some recommendations on how we, as a society, can encourage young people to become interested in information security. We also provide tips on how budding security professionals can make the most out of their new careers.
Sowing the Seeds of Security
Many of today's digital threats target users regardless of their age. Some malicious programs known as Remote Access Trojans (RATs) even go so far as to sextort predominantly children and teenagers. Acknowledging this reality, we have an incentive to begin educating people about security early on. Mandy Huth, Director of Cybersecurity at Tripwire, inc., likens digital security to fire safety as a way to support this assessment. "When I was in elementary school, we had monthly fire drills where everyone would evacuate the building and meet at a designated location to be accounted for," Huth explains.
"Schools didn’t wait for an actual fire to try to educate students on how to act in those situations. With this in mind, the most beneficial approach we can take to preparing the next generation is to integrate the same type of tabletop exercises into the realm of cybersecurity. For example, schools are teaching children to type in kindergarten, so why not expose them to phishing, social engineering, and how to safely navigate their online presence?"
Huth goes on to note that by creating early educational programs into security, we can inspire some students to pursue infosec as they grow older and develop. "A win-win for all," Huth rightly observes. But our obligations do not end there. As noted by Claus Cramon Houmann, an independent Information Security Consultant, once we have attracted the interest of novice security professionals, it is up to our educators to provide them with everything they know, including an honest assessment of the field's successes and shortcomings.
"To improve awareness and education, we should concentrate on giving educators what they need to teach a variety of subjects, thereby allowing for the prospect of industry specialization, as well as courses that cover the fundamentals of cyber security," Houmann recommends.
"These passionate teachers should emphasize the fact to students that everything we've done so far has been not enough. We therefore should teach them everything we have learned in the hopes that maybe they can build a world that is safer and more secure than ours, such as one that understands how security and privacy must go hand in hand," adds Houmann.
Building Up One's Infosec Career
Once a security professional has completed their education, the onus falls on them to make the most out of their security career. This includes having the right skills, which one can obtain via a number of certifications: "Having the right certs is a good entry point to the field," observes Tony Martin-Vegue, host of the Standard Deviant Security podcast. "That is not to say you should treat certifications as endpoints to your learning; they are only the beginning and should be thought of as a way to get your foot in the door. As a result, you should start with a general purpose certification, such as the CISSP, then specialize further to focus in on your career goals." Even then, however, the field of security encompasses much more than just technical expertise.
"Tomorrow’s problems require a wide range of skills, and in order to solve those problems, we need to bring people into the security field from a wide range of backgrounds. We need people with backgrounds in accounting, economics, criminal justice, behavioral psychology, and public relations, just to name a few," explains Martin-Vegue.
Excellent writing and speaking skills, as well as knowledge about mergers and business acquisitions, are also valuable and can help to make someone a key player in their organization. Once a security professional has found their niche in infosec, they can then begin to leverage their unique skills to make connections and deepen their careers. "Throughout my career, those who I have seen go the furthest the fastest make mentors and friends in the community," states J Wolfgang Goerlich, Strategist at CBI and head of the CBI Academy. "They don’t just attend conferences; they present and volunteer. They find open source projects to collaborate on. In these and many other ways, people develop their skills by contributing daily, weekly, and monthly," adds Goerlich. Like any career, information security requires ongoing effort and dedication. Those practitioners who internalize that fact are sure to succeed, one way or another.
Conclusion
To build the next generation of cyber professionals, we as educators, employers, and security practitioners need to give students the resources they need to learn about security beginning at an early age and to specialize according to their interests and skills, not to mention provide them with the connections and programs of which they can take advantage for their professional development. Here we see NCSAM's central message: security is a shared responsibility, and together, we can better protect all of us online. Title image courtesy of ShutterStock
