SlideShare a Scribd company logo

NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

This document contains the transcript from a presentation given at the NTX ISSA Cyber Security Conference on October 2-3, 2015. The presentation discusses challenges in filling cybersecurity positions, including a lack of qualified candidates due to shortcomings in science education. It argues that inspiring students' curiosity and creativity in science at a young age through hands-on learning and play is key to developing critical thinking skills and interest in technical fields like cybersecurity. The presenter calls for new approaches to identifying and training talent beyond traditional credentials to address current and future workforce needs.

Technology
1 of 41
Download to read offline
@NTXISSA #NTXISSACSC3 Are We Smarter than a Fifth Grader? John South CSO Heartland Payment Systems 10/2/2015
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 2
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 3 A. B. C. A. B. C. In Euclidean space, which of the following is an ANGLE?
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 4 A. B. C. What is an arduino? A. A small computer on a board that can be used to experiment with circuits and to prototype IoT devices B. A type of Italian pasta that is often cut in the shape of The letter “R” D. The name associated with the flat plains between the Mountains around Lago di Garda, northwest of Milan C. An Italian contraction meaning “arduous journey”
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 5 A. B. C. Define atlatl? A. An amulet typically of lapis lazuli that is associated with the god Osiris B. A throwing spear system used by ancient native Americans D. A species of turtle that lived during the Jurassic period, growing to the size of a Volkswagen Beetle C. The Incan god of war often represented as a thunderbolt
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 6 A. B. C. Define axolotl? A. An Aztec word for a small hand weapon made from early amalgams of copper and tin, believed to be part of the sacrificial practices against captured enemy B. A vegetable grown in ancient Mexico that is the predecessor to the modern tomato D. A organic carbon chain that is interpreted by our sense of smell as the odor of dirty socks C. A type of salamander that never progresses past its larvae stage where their gills are prevalent outside of their bodies
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 7 A. B. C. You work through the budget season with your team to develop a thorough business case justifying the addition of 10 new headcount. You present that case to you CIO and the Board. To your surprise, they approve your plan. You contact both your internal and external recruiters. They feel confident they can find a good number of qualified candidates in the DFW area who have demonstrable security experience. The recruiters send you a number of candidates, most of whom meet only the barest minimum of your security job requirements. After interviewing them, and determine their salary demands you find:
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 8 A. B. C. A. A number of the candidates really stretched their qualifications to match the “buzz” words in your job description B. Some of the candidates hold CISSP, CISA and CISM credentials, but when questioned on the details of their security strategy, they know few of the details of how that strategy was implemented D. You find yourself feeling very frustrated C. When you find a candidate with at least the minimum requirements, they price themselves at a salary rate that is 50% above the average in the DFW market. What is the first “A” word that emanates from your lips?
@NTXISSA #NTXISSACSC3 •Vulnerability management •Patching •Logging •Encryption of data at rest and on the move Many Options Available to Us to Discuss
@NTXISSA #NTXISSACSC3 • What’s the assumption in every one of these elemental components of security? • What happens when you don’t have enough bodies to fill the positions in your security team? Assumption What is the “A” word the emanates from your mouth? That you have a body to perform the function
@NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” What is the “A” word the emanates from your mouth? Argh!
@NTXISSA #NTXISSACSC3 • Bureau of Labor Statistics estimates 1.4 million openings in the IT workforce by 2020. • However, only 400,000 computer science graduates with necessary skills to fill the positions • However, we are already feeling the pinch • 451 Research showed that 34.5% of security managers cited lack of experience for the reason they didn’t fill their security positions • In the DFW area, for some security specialties, the there aren’t even poorly qualified candidates Let’s break this down a bit
@NTXISSA #NTXISSACSC3 •Identity theft Resource Center reports that there have been 577 reported breaches amounting to 155,825,425 (as of 9/29/2015. •We are seeing an increased interest on the part of CEO and senior executives to increase their security investments •76% were concerned about cybersecurity threats (59% in 2014) •BDO USA, LLP reported the 67% of CEOs dedicated money to cybersecurity Let’s break this down a bit http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2015.pdf PwC, 2015 U.S. State of Cybercrime Survey
@NTXISSA #NTXISSACSC3 • BDO USA, LLP reported the 67% of 100 CEOs dedicated money to cybersecurity • Of those who upped spending: •90% purchased new security tools •72% created a formal response plan •About half of them turned to external security consultants •30% hired a Chief Security Officer Let’s break this down a bit http://https://www.bdo.com/news/2015-march/tech-cfos-counter-cybersecurity-threats
@NTXISSA #NTXISSACSC3 • Over the last 5 years – 90% increase in demand for cybersecurity professionals – roughly 3x the growth rate of the field itself (Burning Grass Technologies) • The high job rate has directly impacted universities who are creating cybersecurity programs •744 offer something from a certificate to a Ph.D. •US News & World Report ranked Information Security Analysts as 8th in the top 100 best jobs in America – growth rate 36.5% These numbers concern me. Why? Let’s break this down a bit http://money.usnews.com/careers/best-jobs/rankings/the-100-best-jobs
@NTXISSA #NTXISSACSC3 • It takes a relatively long time to turn the ship of academic institution. • Programs are developed a year or two in advance •Curricula have to be developed, texts determined and professors assigned to teach the course •You also have to change the “culture” of the impacted departments • But more importantly, you have to have a student base interested in cyber security, IT or any other cyber technical field Lack of action
@NTXISSA #NTXISSACSC3 • We have an mathematical statement that we want to eventually rationalize: • Growth rate of profession ≤ number of students graduating with security degrees ≤ number of students graduating with science and technology degrees • Here’s the rub. The number of students graduating with science related degrees is anemic • And…the overall quality of our students is abysmal! Let’s move backwards in our equation
@NTXISSA #NTXISSACSC3 • The quality of our educational process is moving backwards, not forward •44% of US high school graduates were ready for college-level math •36% ready for ready for college-level science •19.5% of Advanced Placement test takers in the class of 2012 earned a qualifying score on an AP exam •38% of students in higher education who start with a STEM major do not graduate with one •Why are these rates so abysmal? Let’s move backwards in our equation https://www.nms.org/AboutNMSI/TheSTEMCrisis/STEMEducationStatistics.aspx
@NTXISSA #NTXISSACSC3 • We have lowered our education levels to the LCD • We try so hard to ensure that no is left behind, we don’t challenge the really gifted (unless they are lucky enough to get into a gifted program) • More importantly, the quality of what and how we teach our children in the sciences is also deficient. •In 2007, about 1/3 of public middle school teachers did not major in or specialize in the science that they were teaching • We make science boring – memorize this chemical equation or this mathematical theorem. This turns kids off to the sciences - fast Abysmal Education = Abysmal Students
@NTXISSA #NTXISSACSC3 • Why is it important to really turn kids on to the STEM subjects as early as elementary school, middle school at the latest? • Let’s look at an example for what happens when it all clicks. Abysmal Education = Abysmal Students
@NTXISSA #NTXISSACSC3 Science education pays off Entered orbit around Saturn on July 1, 2004 December 25, 2004, Huygens separated from Cassini and landed on Titan on January 14, 2005 Cassini spacecraft was launched October 15, 1997
@NTXISSA #NTXISSACSC3 • Cassini carries a RADAR capable of measuring not only surface features but also depth of methane lakes on Titan • Both of these researchers were in middle school when Cassini was launched! Science education pays off Astronomy, Oct, 2015, pp 28-29 Marco Mastroguiseppe Jason Hofgartner
@NTXISSA #NTXISSACSC3 • We have a restrained and antiquated science pedagogy in our middle and high school programs • We teach facts and figures with limited hands-on training • Reasons •Time •Curriculum restrictions •Dedicated, but perhaps under-trained teachers • Enter Clifford Stoll What are we missing in the equation
@NTXISSA #NTXISSACSC3
@NTXISSA #NTXISSACSC3 • Let’s take the last point first (and last) Imagine, design, plan, make and play  We no longer teach our children to how to play  BS meters just hit maximum PLAY
@NTXISSA #NTXISSACSC3 • Our son/daughter/other plays Imagine, design, plan, make and play  Nothing wrong with organized sports at all.  It’s a great way for kids to learn teamwork, get physical activity and for a lucky few may open up opportunities that may not have been available to them otherwise. Organized sports
@NTXISSA #NTXISSACSC3 • We have to keep this is context for our kids Imagine, design, plan, make and play  The odds are NOT in their favor. How many kids actually get an the opportunity from organized sports?
@NTXISSA #NTXISSACSC3 Imagine, design, plan, make and play Student Athletes Men’s Basketball Women’s Basketball Football Baseball Men’s Ice Hockey Men’s Soccer Percent High School to NCAA 3.3% 3.7% 6.5% 6.8% 11.3 5.7 Percent NCAA to Professional 1.2% 0.9% 1.6% 9.4% 0.8% 1.9% Percent High School to Professional 0.03% 0.03% 0.08% 0.50% 0.07% 0.09% NCAA Research, Estimated Probability of Competing in Athletics Beyond the High School Interscholastic Level, Updated 9/29/2013
@NTXISSA #NTXISSACSC3 • Obviously not referring to that type of “play” • What I’m referring to is Play that Imagine, design, plan, make and play Stimulates Inspires curiosity Fundamental learning component
@NTXISSA #NTXISSACSC3 • Call it what you will Imagine, design, plan, make and play Tinkering Hands on exercises Futzing around
@NTXISSA #NTXISSACSC3 • This brings us back to Imagine, design, plan, make and play Imagine
@NTXISSA #NTXISSACSC3 • San Francisco’s Exploratorium Imagine, design, plan, make and play
@NTXISSA #NTXISSACSC3 • People can take these interactive experiences and their imagination to fuel their creative juices Imagine, design, plan, make and play Design
@NTXISSA #NTXISSACSC3 • People can take these interactive experiences and their imagination to fuel their creative juices Imagine, design, plan, make and play Plan
@NTXISSA #NTXISSACSC3 • Keystone to what we are missing in today’s educational process Imagine, design, plan, make and play Imagination + Critical Thinking Design + Plan + Make =
@NTXISSA #NTXISSACSC3 • Critical thinking is one of the most important assets of a security person • How do we find people with that skill? • Do we test for that skill today? • Certainly in shops like Google, interns are tested for their creativity, imagination, resourcefulness and aptitude • But that’s fairly rare • Most companies hire interns, give them assignments and judge their capabilities from the quality of their work – but they don’t invest the time to look at their underlying motivations and creativity. Bringing us back to today
@NTXISSA #NTXISSACSC3 • Identified three problems in all of this •We don’t have enough people to fill all of the security positions that we have today •The critical thinking skills of many of our applicants is an unknown factor •Our educational system is failing to inspire our children in the sciences Bringing us back to today
@NTXISSA #NTXISSACSC3 • We have to inspire them at an early age to enjoy not only science, but also to enjoy LEARNING about science • We have to help them learn critical thinking skills starting off by teaching them how to play • We have to build security into everything they learn about science, so they always have security as part of their thinking Tying it all together
@NTXISSA #NTXISSACSC3 • We have to search out new pipelines for talented people that could mature into talented security personnel • If we work with interns, we have to make learning fun for them – take them beyond projects and help them develop their critical thinking skills with hands on exercises • We have to stop looking for experienced people only and take risk on some talented people who aren’t “classically trained” security people Tying it all together
@NTXISSA #NTXISSACSC3 • Most importantly, we have to be smarter than a fifth grader….. Tying it all together even if it means tricking them into thinking learning science is fun
@NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 2-3, 2015 41 Thank you

Recommended

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
áLbum de fotografias
áLbum de fotografiasáLbum de fotografias
áLbum de fotografias
Felipe Tavares
 
Инновационные тренинговые технологии.
Инновационные тренинговые технологии.Инновационные тренинговые технологии.
Инновационные тренинговые технологии.
Viseven
 
Marie
MarieMarie
Marie
Marie McIntyre
 
Acorus serrurerie
Acorus serrurerieAcorus serrurerie
Acorus serrurerie
Philippe Benquet
 
Перша світова війна
Перша світова війнаПерша світова війна
Перша світова війна
brdschool20
 
KORTE RESUME
KORTE RESUMEKORTE RESUME
KORTE RESUME
Sarah Korte
 
Apps educaion
Apps educaion Apps educaion
Apps educaion
carlsavila_
 

Recommended

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictions
centralohioissa
 
áLbum de fotografias
áLbum de fotografiasáLbum de fotografias
áLbum de fotografias
Felipe Tavares
 
Инновационные тренинговые технологии.
Инновационные тренинговые технологии.Инновационные тренинговые технологии.
Инновационные тренинговые технологии.
Viseven
 
Marie
MarieMarie
Marie
Marie McIntyre
 
Acorus serrurerie
Acorus serrurerieAcorus serrurerie
Acorus serrurerie
Philippe Benquet
 
Перша світова війна
Перша світова війнаПерша світова війна
Перша світова війна
brdschool20
 
KORTE RESUME
KORTE RESUMEKORTE RESUME
KORTE RESUME
Sarah Korte
 
Apps educaion
Apps educaion Apps educaion
Apps educaion
carlsavila_
 
Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
3GDR
 
Mastering Link Research Campaigns by Venchito Tampon Jr.
Mastering Link Research Campaigns by Venchito Tampon Jr.Mastering Link Research Campaigns by Venchito Tampon Jr.
Mastering Link Research Campaigns by Venchito Tampon Jr.
Glen Dimaandal
 
Media misson statement and mood board
Media misson statement and mood boardMedia misson statement and mood board
Media misson statement and mood board
Et_phonehome97
 
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
pv01com
 
Україна в І Світовій війні
Україна в І Світовій війніУкраїна в І Світовій війні
Україна в І Світовій війні
pv01com
 
Movimientos de tierras
Movimientos de tierrasMovimientos de tierras
Movimientos de tierras
Brayan David Garcia Cortes
 
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
North Texas Chapter of the ISSA
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
KevinAlt1
 
Edla615
Edla615Edla615
Edla615
Barbara M. King
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
Von Welch
 
Getting to Know Your Data with R
Getting to Know Your Data with RGetting to Know Your Data with R
Getting to Know Your Data with R
Stephen Withington
 
Ub d chapter 13
Ub d chapter 13Ub d chapter 13
Ub d chapter 13
Barbara M. King
 
BSides Manchester
BSides ManchesterBSides Manchester
BSides Manchester
Jane Frankland
 
Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2 Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2
Western Sydney University
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
North Texas Chapter of the ISSA
 
STEM@theTech-Preso
STEM@theTech-PresoSTEM@theTech-Preso
STEM@theTech-Preso
Carlos F. Camargo, Ph.D. - Realtor, CalBRE #01988431
 
Everything you ever wanted ever know webinar
Everything you ever wanted ever know webinarEverything you ever wanted ever know webinar
Everything you ever wanted ever know webinar
KevinAlt1
 
Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1 Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1
Western Sydney University
 
Cool Tools
Cool Tools Cool Tools
Cool Tools
suresh sood
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
FRSecure
 
Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015
Martin Cisneros
 
WeTeach_CS CS Principles Mini-Conference
WeTeach_CS CS Principles Mini-Conference WeTeach_CS CS Principles Mini-Conference
WeTeach_CS CS Principles Mini-Conference
WeTeach_CS
 

More Related Content

Viewers also liked

Viewers also liked (6)

Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
Mobile Clinical Trial Congress: The opportunity to take a Mobile first approa...
 
Mastering Link Research Campaigns by Venchito Tampon Jr.
Mastering Link Research Campaigns by Venchito Tampon Jr.Mastering Link Research Campaigns by Venchito Tampon Jr.
Mastering Link Research Campaigns by Venchito Tampon Jr.
 
Media misson statement and mood board
Media misson statement and mood boardMedia misson statement and mood board
Media misson statement and mood board
 
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
Початок Першої Світової війни. Україна в геополітичних планах країн Антанти т...
 
Україна в І Світовій війні
Україна в І Світовій війніУкраїна в І Світовій війні
Україна в І Світовій війні
 
Movimientos de tierras
Movimientos de tierrasMovimientos de tierras
Movimientos de tierras
 

Similar to NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South

BSides Manchester
BSides ManchesterBSides Manchester
BSides Manchester
Jane Frankland
 
Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015
Martin Cisneros
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
Von Welch
 

Similar to NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South (20)

NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
 
Edla615
Edla615Edla615
Edla615
 
Cybersecurity for Science
Cybersecurity for ScienceCybersecurity for Science
Cybersecurity for Science
 
Getting to Know Your Data with R
Getting to Know Your Data with RGetting to Know Your Data with R
Getting to Know Your Data with R
 
Ub d chapter 13
Ub d chapter 13Ub d chapter 13
Ub d chapter 13
 
BSides Manchester
BSides ManchesterBSides Manchester
BSides Manchester
 
Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2 Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
 
STEM@theTech-Preso
STEM@theTech-PresoSTEM@theTech-Preso
STEM@theTech-Preso
 
Everything you ever wanted ever know webinar
Everything you ever wanted ever know webinarEverything you ever wanted ever know webinar
Everything you ever wanted ever know webinar
 
Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1 Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1
 
Cool Tools
Cool Tools Cool Tools
Cool Tools
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
 
Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015Integrating Tech in CCSS Day 3 2015
Integrating Tech in CCSS Day 3 2015
 
WeTeach_CS CS Principles Mini-Conference
WeTeach_CS CS Principles Mini-Conference WeTeach_CS CS Principles Mini-Conference
WeTeach_CS CS Principles Mini-Conference
 
Data Science Intro.pptx
Data Science Intro.pptxData Science Intro.pptx
Data Science Intro.pptx
 
Introduction to Data Science.pptx
Introduction to Data Science.pptxIntroduction to Data Science.pptx
Introduction to Data Science.pptx
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
 
Data Science in 2016: Moving Up
Data Science in 2016: Moving UpData Science in 2016: Moving Up
Data Science in 2016: Moving Up
 

More from North Texas Chapter of the ISSA

Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

NTXISSACSC3 - Are We Smarter Than a Fifth Grader? by John South

  • 1. @NTXISSA #NTXISSACSC3 Are We Smarter than a Fifth Grader? John South CSO Heartland Payment Systems 10/2/2015
  • 2. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 2
  • 3. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 3 A. B. C. A. B. C. In Euclidean space, which of the following is an ANGLE?
  • 4. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 4 A. B. C. What is an arduino? A. A small computer on a board that can be used to experiment with circuits and to prototype IoT devices B. A type of Italian pasta that is often cut in the shape of The letter “R” D. The name associated with the flat plains between the Mountains around Lago di Garda, northwest of Milan C. An Italian contraction meaning “arduous journey”
  • 5. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 5 A. B. C. Define atlatl? A. An amulet typically of lapis lazuli that is associated with the god Osiris B. A throwing spear system used by ancient native Americans D. A species of turtle that lived during the Jurassic period, growing to the size of a Volkswagen Beetle C. The Incan god of war often represented as a thunderbolt
  • 6. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 6 A. B. C. Define axolotl? A. An Aztec word for a small hand weapon made from early amalgams of copper and tin, believed to be part of the sacrificial practices against captured enemy B. A vegetable grown in ancient Mexico that is the predecessor to the modern tomato D. A organic carbon chain that is interpreted by our sense of smell as the odor of dirty socks C. A type of salamander that never progresses past its larvae stage where their gills are prevalent outside of their bodies
  • 7. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 7 A. B. C. You work through the budget season with your team to develop a thorough business case justifying the addition of 10 new headcount. You present that case to you CIO and the Board. To your surprise, they approve your plan. You contact both your internal and external recruiters. They feel confident they can find a good number of qualified candidates in the DFW area who have demonstrable security experience. The recruiters send you a number of candidates, most of whom meet only the barest minimum of your security job requirements. After interviewing them, and determine their salary demands you find:
  • 8. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” NTX ISSA Cyber Security Conference – October 2-3, 2015 8 A. B. C. A. A number of the candidates really stretched their qualifications to match the “buzz” words in your job description B. Some of the candidates hold CISSP, CISA and CISM credentials, but when questioned on the details of their security strategy, they know few of the details of how that strategy was implemented D. You find yourself feeling very frustrated C. When you find a candidate with at least the minimum requirements, they price themselves at a salary rate that is 50% above the average in the DFW market. What is the first “A” word that emanates from your lips?
  • 9. @NTXISSA #NTXISSACSC3 •Vulnerability management •Patching •Logging •Encryption of data at rest and on the move Many Options Available to Us to Discuss
  • 10. @NTXISSA #NTXISSACSC3 • What’s the assumption in every one of these elemental components of security? • What happens when you don’t have enough bodies to fill the positions in your security team? Assumption What is the “A” word the emanates from your mouth? That you have a body to perform the function
  • 11. @NTXISSA #NTXISSACSC3 Difficult Words that Start with “A” What is the “A” word the emanates from your mouth? Argh!
  • 12. @NTXISSA #NTXISSACSC3 • Bureau of Labor Statistics estimates 1.4 million openings in the IT workforce by 2020. • However, only 400,000 computer science graduates with necessary skills to fill the positions • However, we are already feeling the pinch • 451 Research showed that 34.5% of security managers cited lack of experience for the reason they didn’t fill their security positions • In the DFW area, for some security specialties, the there aren’t even poorly qualified candidates Let’s break this down a bit
  • 13. @NTXISSA #NTXISSACSC3 •Identity theft Resource Center reports that there have been 577 reported breaches amounting to 155,825,425 (as of 9/29/2015. •We are seeing an increased interest on the part of CEO and senior executives to increase their security investments •76% were concerned about cybersecurity threats (59% in 2014) •BDO USA, LLP reported the 67% of CEOs dedicated money to cybersecurity Let’s break this down a bit http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2015.pdf PwC, 2015 U.S. State of Cybercrime Survey
  • 14. @NTXISSA #NTXISSACSC3 • BDO USA, LLP reported the 67% of 100 CEOs dedicated money to cybersecurity • Of those who upped spending: •90% purchased new security tools •72% created a formal response plan •About half of them turned to external security consultants •30% hired a Chief Security Officer Let’s break this down a bit http://https://www.bdo.com/news/2015-march/tech-cfos-counter-cybersecurity-threats
  • 15. @NTXISSA #NTXISSACSC3 • Over the last 5 years – 90% increase in demand for cybersecurity professionals – roughly 3x the growth rate of the field itself (Burning Grass Technologies) • The high job rate has directly impacted universities who are creating cybersecurity programs •744 offer something from a certificate to a Ph.D. •US News & World Report ranked Information Security Analysts as 8th in the top 100 best jobs in America – growth rate 36.5% These numbers concern me. Why? Let’s break this down a bit http://money.usnews.com/careers/best-jobs/rankings/the-100-best-jobs
  • 16. @NTXISSA #NTXISSACSC3 • It takes a relatively long time to turn the ship of academic institution. • Programs are developed a year or two in advance •Curricula have to be developed, texts determined and professors assigned to teach the course •You also have to change the “culture” of the impacted departments • But more importantly, you have to have a student base interested in cyber security, IT or any other cyber technical field Lack of action
  • 17. @NTXISSA #NTXISSACSC3 • We have an mathematical statement that we want to eventually rationalize: • Growth rate of profession ≤ number of students graduating with security degrees ≤ number of students graduating with science and technology degrees • Here’s the rub. The number of students graduating with science related degrees is anemic • And…the overall quality of our students is abysmal! Let’s move backwards in our equation
  • 18. @NTXISSA #NTXISSACSC3 • The quality of our educational process is moving backwards, not forward •44% of US high school graduates were ready for college-level math •36% ready for ready for college-level science •19.5% of Advanced Placement test takers in the class of 2012 earned a qualifying score on an AP exam •38% of students in higher education who start with a STEM major do not graduate with one •Why are these rates so abysmal? Let’s move backwards in our equation https://www.nms.org/AboutNMSI/TheSTEMCrisis/STEMEducationStatistics.aspx
  • 19. @NTXISSA #NTXISSACSC3 • We have lowered our education levels to the LCD • We try so hard to ensure that no is left behind, we don’t challenge the really gifted (unless they are lucky enough to get into a gifted program) • More importantly, the quality of what and how we teach our children in the sciences is also deficient. •In 2007, about 1/3 of public middle school teachers did not major in or specialize in the science that they were teaching • We make science boring – memorize this chemical equation or this mathematical theorem. This turns kids off to the sciences - fast Abysmal Education = Abysmal Students
  • 20. @NTXISSA #NTXISSACSC3 • Why is it important to really turn kids on to the STEM subjects as early as elementary school, middle school at the latest? • Let’s look at an example for what happens when it all clicks. Abysmal Education = Abysmal Students
  • 21. @NTXISSA #NTXISSACSC3 Science education pays off Entered orbit around Saturn on July 1, 2004 December 25, 2004, Huygens separated from Cassini and landed on Titan on January 14, 2005 Cassini spacecraft was launched October 15, 1997
  • 22. @NTXISSA #NTXISSACSC3 • Cassini carries a RADAR capable of measuring not only surface features but also depth of methane lakes on Titan • Both of these researchers were in middle school when Cassini was launched! Science education pays off Astronomy, Oct, 2015, pp 28-29 Marco Mastroguiseppe Jason Hofgartner
  • 23. @NTXISSA #NTXISSACSC3 • We have a restrained and antiquated science pedagogy in our middle and high school programs • We teach facts and figures with limited hands-on training • Reasons •Time •Curriculum restrictions •Dedicated, but perhaps under-trained teachers • Enter Clifford Stoll What are we missing in the equation
  • 25. @NTXISSA #NTXISSACSC3 • Let’s take the last point first (and last) Imagine, design, plan, make and play  We no longer teach our children to how to play  BS meters just hit maximum PLAY
  • 26. @NTXISSA #NTXISSACSC3 • Our son/daughter/other plays Imagine, design, plan, make and play  Nothing wrong with organized sports at all.  It’s a great way for kids to learn teamwork, get physical activity and for a lucky few may open up opportunities that may not have been available to them otherwise. Organized sports
  • 27. @NTXISSA #NTXISSACSC3 • We have to keep this is context for our kids Imagine, design, plan, make and play  The odds are NOT in their favor. How many kids actually get an the opportunity from organized sports?
  • 28. @NTXISSA #NTXISSACSC3 Imagine, design, plan, make and play Student Athletes Men’s Basketball Women’s Basketball Football Baseball Men’s Ice Hockey Men’s Soccer Percent High School to NCAA 3.3% 3.7% 6.5% 6.8% 11.3 5.7 Percent NCAA to Professional 1.2% 0.9% 1.6% 9.4% 0.8% 1.9% Percent High School to Professional 0.03% 0.03% 0.08% 0.50% 0.07% 0.09% NCAA Research, Estimated Probability of Competing in Athletics Beyond the High School Interscholastic Level, Updated 9/29/2013
  • 29. @NTXISSA #NTXISSACSC3 • Obviously not referring to that type of “play” • What I’m referring to is Play that Imagine, design, plan, make and play Stimulates Inspires curiosity Fundamental learning component
  • 30. @NTXISSA #NTXISSACSC3 • Call it what you will Imagine, design, plan, make and play Tinkering Hands on exercises Futzing around
  • 31. @NTXISSA #NTXISSACSC3 • This brings us back to Imagine, design, plan, make and play Imagine
  • 32. @NTXISSA #NTXISSACSC3 • San Francisco’s Exploratorium Imagine, design, plan, make and play
  • 33. @NTXISSA #NTXISSACSC3 • People can take these interactive experiences and their imagination to fuel their creative juices Imagine, design, plan, make and play Design
  • 34. @NTXISSA #NTXISSACSC3 • People can take these interactive experiences and their imagination to fuel their creative juices Imagine, design, plan, make and play Plan
  • 35. @NTXISSA #NTXISSACSC3 • Keystone to what we are missing in today’s educational process Imagine, design, plan, make and play Imagination + Critical Thinking Design + Plan + Make =
  • 36. @NTXISSA #NTXISSACSC3 • Critical thinking is one of the most important assets of a security person • How do we find people with that skill? • Do we test for that skill today? • Certainly in shops like Google, interns are tested for their creativity, imagination, resourcefulness and aptitude • But that’s fairly rare • Most companies hire interns, give them assignments and judge their capabilities from the quality of their work – but they don’t invest the time to look at their underlying motivations and creativity. Bringing us back to today
  • 37. @NTXISSA #NTXISSACSC3 • Identified three problems in all of this •We don’t have enough people to fill all of the security positions that we have today •The critical thinking skills of many of our applicants is an unknown factor •Our educational system is failing to inspire our children in the sciences Bringing us back to today
  • 38. @NTXISSA #NTXISSACSC3 • We have to inspire them at an early age to enjoy not only science, but also to enjoy LEARNING about science • We have to help them learn critical thinking skills starting off by teaching them how to play • We have to build security into everything they learn about science, so they always have security as part of their thinking Tying it all together
  • 39. @NTXISSA #NTXISSACSC3 • We have to search out new pipelines for talented people that could mature into talented security personnel • If we work with interns, we have to make learning fun for them – take them beyond projects and help them develop their critical thinking skills with hands on exercises • We have to stop looking for experienced people only and take risk on some talented people who aren’t “classically trained” security people Tying it all together
  • 40. @NTXISSA #NTXISSACSC3 • Most importantly, we have to be smarter than a fifth grader….. Tying it all together even if it means tricking them into thinking learning science is fun
  • 41. @NTXISSA #NTXISSACSC3@NTXISSA #NTXISSACSC3 The Collin College Engineering Department Collin College Student Chapter of the North Texas ISSA North Texas ISSA (Information Systems Security Association) NTX ISSA Cyber Security Conference – October 2-3, 2015 41 Thank you