Your SlideShare is downloading. ×
Cyber Security Professionals Viewed via Supply Chain
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Security Professionals Viewed via Supply Chain

561
views

Published on

This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that …

This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
561
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. THE BIGGEST THREAT TO THE U.S. DIGITAL INFRASTRUCTURE: THE CYBER SECURITY WORKFORCE SUPPLY CHAIN Aleta Wilson, Ph.D. Amjad Ali, Ph.D. 1
  • 2. Overview• Study examines supply and demand for cybersecurity professionals• Progress impeded by lack of career field for cybersecurity professionals The Obama administration has declared that Protection of our digital infrastructure is a national security priority 2
  • 3. Scope• This study explores activities required to employ cyber security workers for the – federal government and – its contractor community• These two sectors comprise an estimated 500,000 workers – who must undergo a significant background check because – positions are considered as "national security positions". 3
  • 4. Scope and Methodology (cont)• Second focus of study is university level education and certifications -------- Methodology View the cyber workforce through the prism of a supply chain In other words.... How to optimize the supply chain to increase production 4
  • 5. Definition of a Cyber Security Professional 5
  • 6. Definition of a Cyber Security Professional - DOL• DOL Occupational Outlook Handbook does not contain a definition for cybersecurity professionals• DOL categories acknowledge positions that involve people who – plan, coordinate, and maintain an organizations information security – database administrators plan and coordinate security measures with network administrators – network engineers "may ... address information security issues” 6
  • 7. Definition of a Cyber Security Professional - DHS• Department of Homeland Security Secretary Janet Napolitano defines Cybersecurity professionals as – employees responsible for "... cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering“ 7
  • 8. Definition of a Cyber Security Professional – ISC2– Frost & Sullivan conducted a survey of 10,413 information security professionals which indirectly defined security professionals as those • employed as Information Security professionals and • those who had cyber security as their primary job function. 8
  • 9. Definition of a Cyber Security Professional – DODDOD usually takes the lead in defining elements related to cyberspace and cybersecurity, but according to GAO "DOD has defined some key cyber-related terms but it has not yet fully identified the specific types of operations and program elements that are associated with full-spectrum cyberspace operations" 9
  • 10. Definition of a Cyber Security Professional – Monster.com• What does the largest job site call them – Network engineers But where are the web – System Administrators designers; – IT Security Engineers policy folk; SW – IT Security Analysts engineers; etc. – Network Administrators etc. 10
  • 11. Definition of a Cyber Security Professional – for this study• Professionals who have information security as a major part of their job;• those who self-identify as cyber or security specialists; and,• those who build and maintain the national critical infrastructure of the computer systems on which the public and private sectors have come to rely. 11
  • 12. Now that we’ve defined them…. How do they get to the workplace…. 12
  • 13. Supply Chain Management (SCM)• Viewing the shortage of cybersecurity workers through SCM – SCM attacks problem of uncertainty head-on• SCM solves two core resource problems – Shortages and excesses – Identifies where the chain is broken 13
  • 14. Supply Chain Management (SCM) • STEM • Science EngineeringShortage K to 12 • Technology Math • Higher Education • Centers of ExcellenceDilution • Other Higher Ed Institutions Higher Ed • Non- Higher Education Certifiers • Certifying CISSP (ISC2) Need • GSEC Professional • CompTIA Security+ Certification Certifications • Vendor certifications 14
  • 15. S.T.E.M. (K to 12)• Public private partnership will invest $260M between 2009 and 2019 (like race to space)• Growth in STEM jobs is 3X non- STEM jobs 15
  • 16. University Level Education• NSA is Certifying Universities, Colleges, and now Community Colleges• 124 NCA’s (as of 2010) – 14 are 2-year institutions – 2 are 4-year institutions – 51 are research institutions – Some fall into more than one category 16
  • 17. Certifications• Certifications can come from • Universities $$$$ / • Value is unkown • Private sector $$ / • Highly prized Highly recognized certificates 17
  • 18. Certifications – Highly Recognized ORGANIZATIONS AND THEIR CERTIFICATE OFFERINGS CERTIFYING CERTIFICATION ORGANIZATION CERT CSIH CompTIA Security+ Cisco Systems CCNA Security; CCSP; CCIE Security EC-Council ENSA; CEH; CHFI; ECSA; LPT; CNDA; ECIH; ECSS; ECVP; EDRP; ECSP; ESCO GIAC GSIF; GSEC; GCFW; GCIA; GCIH; GCUX; GCWN; GCED; GPEN; GWAPT; GAWN; GISP; GLSC; GCPM; GLEG; G7799; GSSP-NET; GSSP-JAVA; GCFE; GCFA; GREM; GSE ISAC CISA; CISM; CGEIT; CRISC (ISC)2 SSCP; CAP; CSSLP; CISSP; ISSAP; ISSEP; ISSMP ISECOM OPST; OPSA; OPSE; OWSE; CTA Microsoft MCSE, MCSA Indication individual is improving herself. 18
  • 19. What’s the Problem• STEM will not produce for 10 years and then those high schooler’s have to go to college• University pipeline is waiting for STEM graduates to enter• Universities are not graduating enough cyber specialists• University certificates are new and general • too soon to determine value 19
  • 20. So What• US has discovered it is behind the curve in the production of S.T.E.M graduates• S.T.E.M skills are needed for cybersecurity workforce• War has expanded beyond nation states to organizations like Wikileaks• Warfare is expanding into cyberspace and we do not have war fighters 20
  • 21. So What (cont)• Focusing on S.T.E.M in K-12 is critical to US economy• The field of cybersecurity is being developed in pieces • NIST, Microsoft, Cisco, & NSA are each • Designing standards models, processes, certifications, and methodologies for the field and many of them overlap 21
  • 22. Conclusion• The US government must take immediate steps to coordinate the development of the cybersecurity field• The US should task the National Security Agency to take the lead• Once the field is defined – There will be sub-specialties – There will be a roadmap for obtaining proficiency (like doctors & lawyers) – There will be standardized tests – Estimates on workforce needs can more accurately be determined – Training and certifications can be organized and synchronized 22
  • 23. Questions and AnswersNSA designated National Center of AcademicExcellence in Information Assurance Education 23

×