SlideShare a Scribd company logo
Creating a Diverse
CyberSecurity
Program
Dr Tyrone W A Grandison
DISCLAIMER
All opinions expressed herein are my own and do not
reflect the opinions of of anyone that I work with (or
have worked with) or any organization that am or have
been affiliated with.
A Little About Me
• Jamaican
Education
• BSc Hons Computer Studies, UWI-Mona.
• MSc Software Engineering, UWI-Mona
• PhD Computer Science, Imperial College –
London
• MBA Finance, IBM Academy
Experience
• 10 years leading Quest team at IBM
• 2 years working in startups
• 3 years running companies and consulting
• Now, working for the White House
Recognition
• Fellow, British Computer Society (BCS)
• Fellow, Healthcare Information and
Management Systems Society (HIMSS)
• Pioneer of the Year (2009), National
Society of Black Engineers (NSBE)
• IEEE Technical Achievement Award
(2010) for “Pioneering Contributions to
Secure and Private Data Management".
• Modern Day Technology Leader (2009),
Minority in Science Trailblazer (2010),
Science Spectrum Trailblazer (2012,
2013). Black Engineer of the Year Award
Board
• IBM Master Inventor
• Distinguished Engineer, Association of
Computing Machinery (ACM)
• Senior Member, Institute of Electrical and
Electronics Engineers (IEEE)
Record
• Over 100 technical papers, over 47 patents
and 2 books.
The Plan
• Let’s Geek out on Diversity
• A Diverse CyberSecurity Program
• CyberSecurity Fundamentals
• The Current State Of Affairs
• Opportunities In The Space
• Diverse Team
• Execution
THINK ABOUT THIS
“Because there is no silver bullet in
cybersecurity, no quick fix, we have to solve
problems holistically. We need to deal with
people, process and technology. That means we
need people from diverse backgrounds who
understand and relate to an array of people. And
I’m not just talking about gender and ethnicity.
We also really need right-brain thinkers, left-
brain thinkers, people who can come at these
problems from very different angles.”
- Summer Fowler, Deputy Director, Cybersecurity Solutions Directorate, Computer Emergency R
’s Software Engineering Institute. March 2014
Why DIVERSITY?
“Diverse group almost always
outperforms the group of the best
by a substantial margin.”
– Scott E. Page (2010)
More On The Importance
Of Diversity
• Expands the Qualified Employee Pool
• Improves the Bottom Line
• Enhances Innovation
• Promotes Equality
• Reflects the Customers
Source: NCWIT Scorecard: A Report on the Status of Women in Information Technology
Challenges to DIVERSITY
• Lack of knowledge about cybersecurity
• Lack of awareness of opportunities
• Stereotypical notion
• Unconscious bias
• Lack of exposure to role models and
mentors
• Lack of social support
A DIVERSE CYBERSECURITY
PROGRAM
Components
• Strategy
–Attack versus Defend
• Topics
–Compromise versus Detection
• People
–Background, Expertise, Problem-Solving
Approach
• Execution
Perspectives on CyberSecurity
Scope of CyberSecurity
My Definition of CyberSecurity
CYBERSECURITY FUNDAMENTALS
Perspectives on
CyberSecurity
• Very wide-ranging term
• Everyone has a different perspective
• No standard definition
• A socio-technical systems problem
Scope of CyberSecurity
• Threat and Attack analysis and
mitigation techniques
• Protection and recovery technologies,
processes and procedures for
individuals, business and government
• Policies, laws and regulation relevant to
the use of computers and the Internet
Cybersecurity
The field that synthesizes multiple
disciplines, both technical and non-
technical, to create, maintain, and
improve a safe environment.
• The environment normally allows for other more technical or tactical
security activities to happen, particularly at an industry or national
scale.
• Traditionally done in the context of government laws, policies,
mandates, and regulations.
SIGNIFICANCE of CyberSecurity
+
Bureau of Labor Statistics
Difficulties in Defending
against Attacks
Increased Sophistication
of Attack Tools
Menu of Attack Tools
Corporate US Landscape
Global Situation
Current Insight
The Current State of Affairs
Corporate US Landscape
Statistics from the results of an SVB survey about cybersecurity completed by 216 C-level
executives from US-based technology and life science companies in July 2013
Global Situation
• 47% of companies know they have suffered a
cyber attack in the past year
• 70% say they are most vulnerable through their
endpoint devices
• 52% rate at “average-to-non-existent” their ability
to detect suspicious activity on these devices
2013 Cyber Security Study - What is the Impact of Today
’s Advanced Cyber Attacks? - Bit9 and iSMG
Current Insight
• First-Generation Security Solutions
Cannot Protect Against Today’s
Sophisticated Attackers
• There is No Silver Bullet in Security
• There is an Endpoint and Server
Blindspot
2013 Cyber Security Study - What is the Impact of Today’
s Advanced Cyber Attacks? - Bit9 and iSMG
What are the Hard Research Problems?
Where are companies spending their
CyberSecurity dollars?
Where Are The Opportunities?
Hard Problems
(TEN Years Ago)
1.Global-Scale Identity Management
2.Insider Threat
3.Availability of Time-Critical Systems
4.Building Scalable Secure Systems
5.Situational Understanding and Attack Attribution
6.Information Provenance
7.Security with Privacy
8.Enterprise-Level Security Metrics
INFOSEC Research Council (2005)
Hard Problems
(SIX Years Ago)
1. Global-scale Identity Management
2. Combatting Insider Threats
3. Survivability of Time-critical Systems
4. Scalable Trustworthy Systems
5. Situational Understanding and Attack Attribution
6. Provenance
7. Privacy-aware security
8. Enterprise-level metrics
9. System Evaluation Life Cycle
10. Combatting Malware and Botnets
11. Usable Security
INFOSEC Research Council (2009)
2014 Spending
2013 Cyber Security Study - What is the Impact of Today’s Advanced Cyber
Attacks? - Bit9 and iSMG
TEAM
Diversity Dimensions
• Age
• Gender
• Ethnicity
• Expertise
• Other
– Income, Sexual Orientation, Religion, Region,
Body type, Dress, Pregnant Disability, Education
level, Introverted or Extroverted, Language,
Vocabulary, Hair color, Body art, Political party,
Diet, Club memberships, Body odors ….
Cybersecurity Workforce:
Age Distribution
- 2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC)
Summary Report. National Institute for CyberSecurity Education. March 4, 2013.
CyberSecurity workforce:
Retirement Eligibility
- 2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC)
Summary Report. National Institute for CyberSecurity Education. March 4, 2013.
WORKFORCE COMPOSITION
• Women
– 50% of US workforce
– 25% of IT workforce
– 8-13% of cybersecurity workforce
• Hispanics
– 6.4% of IT workforce
– 5% of cybersecurity workforce
• African Americans
– 8.3% of IT workforce
– 7% of cybersecurity workforce
- NIST Panel on Diversity in CyberSecurity, 2013
Women in Cybersecurity
• 13 percent of US CyberSecurity professionals are women —
which is higher than in Europe and Asia (2006 IDC Survey)
"Women are historically very underrepresented in
computer science and in computer security. When I
started in computer security 25 years ago, the field was
20% to 30% women. Now it's between 5% and 10%.
That's obviously going in the wrong direction."
- Jeremy Epstein, board member of Applied Computer Security Associates
(ACSA)
UMUC Cyber Team
Army Research Lab Cyber
Team
UTSA Cyber Team
BYU CyberSecurity
Research LAb
UMBC Center for
CyberSecurity
Areas of Focus Today
How many times did you
change jobs in my career?
Skills in Demand Today
Skills in demand
in next 2 years
EXECUTION
INTERNALLY
• Define Program Outcomes
• Define Program
– Risk Management
– Critical and Inventive Thinking
– Research and Writing
– Attack & Defense Tool Construction and Use
– Ethics
• Create network
– External Collaborators
– Alumni
– Mentors
• Identify Ways for Increased Visibility
– Of the program, lecturers and students
INTERNALLY &
EXTERNALLY
• Reduce Unconscious Bias
– Start by testing yourself – Project Implicit at Harvard
– Teach Tolerance
– Focus on Hiring a Balanced & Diverse Workforce
• Engagement
– Top-Down, Bottom-Up
– Building Recruiting And Inclusion for Diversity (BRAID)
Initiative
• Support Network
Tackling Unconscious
Bias
• Set realistic expectations.
• Provide appropriate time for the training.
• Provide the training in person.
• Be careful in selecting the right facilitator.
Incorporate unconscious bias assessment
tools.
• Focus the training on specific, real
situations, such as reviewing resumes,
conducting interviews, responding to
customers etc.
Tackling Unconscious
Bias
• Address the topic of in-group favoritism and how it
operates in the organization.
• Identify those situations in which our implicit biases
run contrary to our organizations’ explicit values.
• Use proven successful simulations, role-plays, and
other interactive exercises.
• Have groups discuss the words, phrases, symbols,
jokes, and other symbolic representations of their
group that they find offensive and why.
• Provide de-biasing, counter-stereotyping activities
– Such as making associations that go counter to existing
stereotypes (male nurses, female scientists, elderly athletes).
CONCLUSION
• CyberSecurity is an important field
– Workforce needs
– Growing market
– Job Security
– Significant potential harm
• Diversity in creating a CyberSecurity program is
critical to its success.
– Varied thinkers
– Differing groups and populations
– Balance of strategies and focus area
• The path starts today.
– Look to the University of Technology – Jamaica as a model.
tgrandison@proficiencylabs.com
Thank You

More Related Content

Viewers also liked

Cyber security mis
Cyber security  misCyber security  mis
Cyber security mis
Aditya Singh Rana
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
Avanzo net
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
Raymond Cunningham
 
Just Words day 9 (unit 2)
Just Words day 9 (unit 2)Just Words day 9 (unit 2)
Just Words day 9 (unit 2)
Angala Maria
 
Web 3.0
Web 3.0Web 3.0
Web 3.0
kavitamenon1
 
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
Gastón Marando
 
Affective Assemblage: Documentary Practice
Affective Assemblage: Documentary PracticeAffective Assemblage: Documentary Practice
Affective Assemblage: Documentary Practice
vogmae
 
How Can Media Reconnect Us With Our Humanity?
How Can Media Reconnect Us With Our Humanity?How Can Media Reconnect Us With Our Humanity?
How Can Media Reconnect Us With Our Humanity?
Tyrone Grandison
 
Just Words day 7
Just Words day 7Just Words day 7
Just Words day 7
Angala Maria
 
Booklet 4 - Decorative
Booklet 4 - DecorativeBooklet 4 - Decorative
Booklet 4 - Decorative
Gemmalea
 
StarwarsbyTicko
StarwarsbyTickoStarwarsbyTicko
StarwarsbyTicko
Ticko Morey
 
Butterfly
ButterflyButterfly
Butterfly
thandastuff
 
Foursquare for Biz
Foursquare for BizFoursquare for Biz
Foursquare for Biz
LightYoruichi
 
Evolutionary visual software analytics
Evolutionary visual software analyticsEvolutionary visual software analytics
Evolutionary visual software analytics
Grial - University of Salamanca
 
Payment Flash
Payment FlashPayment Flash
Payment Flash
Carmi Bogot
 
Entrepreneur 2b or not 2 b indo german
Entrepreneur 2b or not 2 b   indo germanEntrepreneur 2b or not 2 b   indo german
Entrepreneur 2b or not 2 b indo german
thinkahead.net
 
Dermot byrne presentation
Dermot byrne presentationDermot byrne presentation
Dermot byrne presentation
Green17Creative
 

Viewers also liked (20)

Cyber security mis
Cyber security  misCyber security  mis
Cyber security mis
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Cyber awareness program
Cyber awareness programCyber awareness program
Cyber awareness program
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Just Words day 9 (unit 2)
Just Words day 9 (unit 2)Just Words day 9 (unit 2)
Just Words day 9 (unit 2)
 
Web 3.0
Web 3.0Web 3.0
Web 3.0
 
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
Pensá global. La Dirección General de Comercio Exterior para Emprender de for...
 
Affective Assemblage: Documentary Practice
Affective Assemblage: Documentary PracticeAffective Assemblage: Documentary Practice
Affective Assemblage: Documentary Practice
 
How Can Media Reconnect Us With Our Humanity?
How Can Media Reconnect Us With Our Humanity?How Can Media Reconnect Us With Our Humanity?
How Can Media Reconnect Us With Our Humanity?
 
Just Words day 7
Just Words day 7Just Words day 7
Just Words day 7
 
Booklet 4 - Decorative
Booklet 4 - DecorativeBooklet 4 - Decorative
Booklet 4 - Decorative
 
StarwarsbyTicko
StarwarsbyTickoStarwarsbyTicko
StarwarsbyTicko
 
Butterfly
ButterflyButterfly
Butterfly
 
Foursquare for Biz
Foursquare for BizFoursquare for Biz
Foursquare for Biz
 
Evolutionary visual software analytics
Evolutionary visual software analyticsEvolutionary visual software analytics
Evolutionary visual software analytics
 
Payment Flash
Payment FlashPayment Flash
Payment Flash
 
Entrepreneur 2b or not 2 b indo german
Entrepreneur 2b or not 2 b   indo germanEntrepreneur 2b or not 2 b   indo german
Entrepreneur 2b or not 2 b indo german
 
Dermot byrne presentation
Dermot byrne presentationDermot byrne presentation
Dermot byrne presentation
 

Similar to Creating A Diverse CyberSecurity Program

Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
Security Innovation
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Kimberley Dray
 
Responsible Data Use in AI - core tech pillars
Responsible Data Use in AI - core tech pillarsResponsible Data Use in AI - core tech pillars
Responsible Data Use in AI - core tech pillars
Sofus Macskássy
 
Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021
Rachel Harpley
 
Si km preso march 17 2015
Si km preso march 17 2015Si km preso march 17 2015
Si km preso march 17 2015
Doug Madgic
 
Si km preso march 17 2015
Si km preso march 17 2015Si km preso march 17 2015
Si km preso march 17 2015
Doug Madgic
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 
Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016
Brad Deflin
 
Data science and ethics in fundraising
Data science and ethics in fundraisingData science and ethics in fundraising
Data science and ethics in fundraising
James Orton
 
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Deanna Kosaraju
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
Jisc RSC East Midlands
 
Technology for everyone - AI ethics and Bias
Technology for everyone - AI ethics and BiasTechnology for everyone - AI ethics and Bias
Technology for everyone - AI ethics and Bias
Marion Mulder
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
Jay McLaughlin
 
Stop.+think.+connect+michael+kaiser
Stop.+think.+connect+michael+kaiserStop.+think.+connect+michael+kaiser
Stop.+think.+connect+michael+kaiser
bhagyasri patel
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage:Where is the cyber workforce of tomorrowCyberskills shortage:Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
Stephen Cobb
 
Ub d chapter 13
Ub d chapter 13Ub d chapter 13
Ub d chapter 13
Barbara M. King
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
FRSecure
 

Similar to Creating A Diverse CyberSecurity Program (20)

Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
 
Responsible Data Use in AI - core tech pillars
Responsible Data Use in AI - core tech pillarsResponsible Data Use in AI - core tech pillars
Responsible Data Use in AI - core tech pillars
 
Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021Hacking hired [Forecasting 2021] Jan 2021
Hacking hired [Forecasting 2021] Jan 2021
 
Si km preso march 17 2015
Si km preso march 17 2015Si km preso march 17 2015
Si km preso march 17 2015
 
Si km preso march 17 2015
Si km preso march 17 2015Si km preso march 17 2015
Si km preso march 17 2015
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
 
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
 
Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016
 
Data science and ethics in fundraising
Data science and ethics in fundraisingData science and ethics in fundraising
Data science and ethics in fundraising
 
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
Panel: Cracking the Glass Ceiling: Growing Female Technology Professionals - ...
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
 
Technology for everyone - AI ethics and Bias
Technology for everyone - AI ethics and BiasTechnology for everyone - AI ethics and Bias
Technology for everyone - AI ethics and Bias
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
Stop.+think.+connect+michael+kaiser
Stop.+think.+connect+michael+kaiserStop.+think.+connect+michael+kaiser
Stop.+think.+connect+michael+kaiser
 
Cyberskills shortage: Where is the cyber workforce of tomorrow
Cyberskills shortage:Where is the cyber workforce of tomorrowCyberskills shortage:Where is the cyber workforce of tomorrow
Cyberskills shortage: Where is the cyber workforce of tomorrow
 
Ub d chapter 13
Ub d chapter 13Ub d chapter 13
Ub d chapter 13
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
 

More from Tyrone Grandison

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Tyrone Grandison
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
Tyrone Grandison
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and Access
Tyrone Grandison
 
COVID and the Ederly
COVID and the EderlyCOVID and the Ederly
COVID and the Ederly
Tyrone Grandison
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Tyrone Grandison
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater Good
Tyrone Grandison
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...
Tyrone Grandison
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab Launch
Tyrone Grandison
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic Plan
Tyrone Grandison
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and Focus
Tyrone Grandison
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of Innovation
Tyrone Grandison
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHME
Tyrone Grandison
 
The Power Of Open
The Power Of OpenThe Power Of Open
The Power Of Open
Tyrone Grandison
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data Service
Tyrone Grandison
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social Good
Tyrone Grandison
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT Modernization
Tyrone Grandison
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of America
Tyrone Grandison
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public Collaborations
Tyrone Grandison
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With Purpose
Tyrone Grandison
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in Healthcare
Tyrone Grandison
 

More from Tyrone Grandison (20)

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and Access
 
COVID and the Ederly
COVID and the EderlyCOVID and the Ederly
COVID and the Ederly
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater Good
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab Launch
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic Plan
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and Focus
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of Innovation
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHME
 
The Power Of Open
The Power Of OpenThe Power Of Open
The Power Of Open
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data Service
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social Good
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT Modernization
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of America
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public Collaborations
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With Purpose
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in Healthcare
 

Recently uploaded

Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 

Recently uploaded (20)

Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 

Creating A Diverse CyberSecurity Program

  • 2. DISCLAIMER All opinions expressed herein are my own and do not reflect the opinions of of anyone that I work with (or have worked with) or any organization that am or have been affiliated with.
  • 3. A Little About Me • Jamaican Education • BSc Hons Computer Studies, UWI-Mona. • MSc Software Engineering, UWI-Mona • PhD Computer Science, Imperial College – London • MBA Finance, IBM Academy Experience • 10 years leading Quest team at IBM • 2 years working in startups • 3 years running companies and consulting • Now, working for the White House Recognition • Fellow, British Computer Society (BCS) • Fellow, Healthcare Information and Management Systems Society (HIMSS) • Pioneer of the Year (2009), National Society of Black Engineers (NSBE) • IEEE Technical Achievement Award (2010) for “Pioneering Contributions to Secure and Private Data Management". • Modern Day Technology Leader (2009), Minority in Science Trailblazer (2010), Science Spectrum Trailblazer (2012, 2013). Black Engineer of the Year Award Board • IBM Master Inventor • Distinguished Engineer, Association of Computing Machinery (ACM) • Senior Member, Institute of Electrical and Electronics Engineers (IEEE) Record • Over 100 technical papers, over 47 patents and 2 books.
  • 4. The Plan • Let’s Geek out on Diversity • A Diverse CyberSecurity Program • CyberSecurity Fundamentals • The Current State Of Affairs • Opportunities In The Space • Diverse Team • Execution
  • 5. THINK ABOUT THIS “Because there is no silver bullet in cybersecurity, no quick fix, we have to solve problems holistically. We need to deal with people, process and technology. That means we need people from diverse backgrounds who understand and relate to an array of people. And I’m not just talking about gender and ethnicity. We also really need right-brain thinkers, left- brain thinkers, people who can come at these problems from very different angles.” - Summer Fowler, Deputy Director, Cybersecurity Solutions Directorate, Computer Emergency R ’s Software Engineering Institute. March 2014
  • 6. Why DIVERSITY? “Diverse group almost always outperforms the group of the best by a substantial margin.” – Scott E. Page (2010)
  • 7. More On The Importance Of Diversity • Expands the Qualified Employee Pool • Improves the Bottom Line • Enhances Innovation • Promotes Equality • Reflects the Customers Source: NCWIT Scorecard: A Report on the Status of Women in Information Technology
  • 8. Challenges to DIVERSITY • Lack of knowledge about cybersecurity • Lack of awareness of opportunities • Stereotypical notion • Unconscious bias • Lack of exposure to role models and mentors • Lack of social support
  • 10. Components • Strategy –Attack versus Defend • Topics –Compromise versus Detection • People –Background, Expertise, Problem-Solving Approach • Execution
  • 11. Perspectives on CyberSecurity Scope of CyberSecurity My Definition of CyberSecurity CYBERSECURITY FUNDAMENTALS
  • 12. Perspectives on CyberSecurity • Very wide-ranging term • Everyone has a different perspective • No standard definition • A socio-technical systems problem
  • 13. Scope of CyberSecurity • Threat and Attack analysis and mitigation techniques • Protection and recovery technologies, processes and procedures for individuals, business and government • Policies, laws and regulation relevant to the use of computers and the Internet
  • 14. Cybersecurity The field that synthesizes multiple disciplines, both technical and non- technical, to create, maintain, and improve a safe environment. • The environment normally allows for other more technical or tactical security activities to happen, particularly at an industry or national scale. • Traditionally done in the context of government laws, policies, mandates, and regulations.
  • 18. Menu of Attack Tools
  • 19. Corporate US Landscape Global Situation Current Insight The Current State of Affairs
  • 20. Corporate US Landscape Statistics from the results of an SVB survey about cybersecurity completed by 216 C-level executives from US-based technology and life science companies in July 2013
  • 21. Global Situation • 47% of companies know they have suffered a cyber attack in the past year • 70% say they are most vulnerable through their endpoint devices • 52% rate at “average-to-non-existent” their ability to detect suspicious activity on these devices 2013 Cyber Security Study - What is the Impact of Today ’s Advanced Cyber Attacks? - Bit9 and iSMG
  • 22. Current Insight • First-Generation Security Solutions Cannot Protect Against Today’s Sophisticated Attackers • There is No Silver Bullet in Security • There is an Endpoint and Server Blindspot 2013 Cyber Security Study - What is the Impact of Today’ s Advanced Cyber Attacks? - Bit9 and iSMG
  • 23. What are the Hard Research Problems? Where are companies spending their CyberSecurity dollars? Where Are The Opportunities?
  • 24. Hard Problems (TEN Years Ago) 1.Global-Scale Identity Management 2.Insider Threat 3.Availability of Time-Critical Systems 4.Building Scalable Secure Systems 5.Situational Understanding and Attack Attribution 6.Information Provenance 7.Security with Privacy 8.Enterprise-Level Security Metrics INFOSEC Research Council (2005)
  • 25. Hard Problems (SIX Years Ago) 1. Global-scale Identity Management 2. Combatting Insider Threats 3. Survivability of Time-critical Systems 4. Scalable Trustworthy Systems 5. Situational Understanding and Attack Attribution 6. Provenance 7. Privacy-aware security 8. Enterprise-level metrics 9. System Evaluation Life Cycle 10. Combatting Malware and Botnets 11. Usable Security INFOSEC Research Council (2009)
  • 26. 2014 Spending 2013 Cyber Security Study - What is the Impact of Today’s Advanced Cyber Attacks? - Bit9 and iSMG
  • 27. TEAM
  • 28. Diversity Dimensions • Age • Gender • Ethnicity • Expertise • Other – Income, Sexual Orientation, Religion, Region, Body type, Dress, Pregnant Disability, Education level, Introverted or Extroverted, Language, Vocabulary, Hair color, Body art, Political party, Diet, Club memberships, Body odors ….
  • 29. Cybersecurity Workforce: Age Distribution - 2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC) Summary Report. National Institute for CyberSecurity Education. March 4, 2013.
  • 30. CyberSecurity workforce: Retirement Eligibility - 2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC) Summary Report. National Institute for CyberSecurity Education. March 4, 2013.
  • 31. WORKFORCE COMPOSITION • Women – 50% of US workforce – 25% of IT workforce – 8-13% of cybersecurity workforce • Hispanics – 6.4% of IT workforce – 5% of cybersecurity workforce • African Americans – 8.3% of IT workforce – 7% of cybersecurity workforce - NIST Panel on Diversity in CyberSecurity, 2013
  • 32. Women in Cybersecurity • 13 percent of US CyberSecurity professionals are women — which is higher than in Europe and Asia (2006 IDC Survey) "Women are historically very underrepresented in computer science and in computer security. When I started in computer security 25 years ago, the field was 20% to 30% women. Now it's between 5% and 10%. That's obviously going in the wrong direction." - Jeremy Epstein, board member of Applied Computer Security Associates (ACSA)
  • 34. Army Research Lab Cyber Team
  • 38. Areas of Focus Today
  • 39. How many times did you change jobs in my career?
  • 41. Skills in demand in next 2 years
  • 43. INTERNALLY • Define Program Outcomes • Define Program – Risk Management – Critical and Inventive Thinking – Research and Writing – Attack & Defense Tool Construction and Use – Ethics • Create network – External Collaborators – Alumni – Mentors • Identify Ways for Increased Visibility – Of the program, lecturers and students
  • 44. INTERNALLY & EXTERNALLY • Reduce Unconscious Bias – Start by testing yourself – Project Implicit at Harvard – Teach Tolerance – Focus on Hiring a Balanced & Diverse Workforce • Engagement – Top-Down, Bottom-Up – Building Recruiting And Inclusion for Diversity (BRAID) Initiative • Support Network
  • 45. Tackling Unconscious Bias • Set realistic expectations. • Provide appropriate time for the training. • Provide the training in person. • Be careful in selecting the right facilitator. Incorporate unconscious bias assessment tools. • Focus the training on specific, real situations, such as reviewing resumes, conducting interviews, responding to customers etc.
  • 46. Tackling Unconscious Bias • Address the topic of in-group favoritism and how it operates in the organization. • Identify those situations in which our implicit biases run contrary to our organizations’ explicit values. • Use proven successful simulations, role-plays, and other interactive exercises. • Have groups discuss the words, phrases, symbols, jokes, and other symbolic representations of their group that they find offensive and why. • Provide de-biasing, counter-stereotyping activities – Such as making associations that go counter to existing stereotypes (male nurses, female scientists, elderly athletes).
  • 47. CONCLUSION • CyberSecurity is an important field – Workforce needs – Growing market – Job Security – Significant potential harm • Diversity in creating a CyberSecurity program is critical to its success. – Varied thinkers – Differing groups and populations – Balance of strategies and focus area • The path starts today. – Look to the University of Technology – Jamaica as a model.

Editor's Notes

  1. Expands the Qualified Employee Pool We’re not taking advantage of our diverse population. The industry is failing to attract this talent. Indeed, those women already employed in the technology industry are leaving at staggering rates, so we’re not retaining either. Improves the Bottom Line Technology companies with the highest representation of women in their senior management teams showed a higher return on equity than did those with fewer or no women in senior management. Enhances Innovation A large study spanning 21 different companies showed that teams with 50:50 gender membership were more experimental and more efficient. Extensive research has found that groups with greater diversity solve complex problems better and faster than do homogenous groups. Culturally diverse teams have been shown to generate a wider variety of possible strategies when setting a course of action. Promotes Equality With technology playing an increasingly crucial role in all of our lives, having more people from different backgrounds participate in its creation can help break down gender and racial economic inequalities. Reflects the Customers Most companies serve a variety of people, so it makes sense then to have a variety of intelligent, skilled people working on services and products.
  2. Unconscious bias refers to the biases we have of which we are not in conscious control. These biases occur automatically, triggered by our brain making quick judgments and assessments of people and situations based on our background, cultural environment and our experiences. Still not sure exactly what negative unconscious biases are? Or maybe you think you don't have any? I'm talking about the following types of unconscious beliefs that infiltrate our society - and, therefore, corporate America: • Men are better leaders.• White men are smarter.• African American men are all good athletes.• African American women are "angry."• White women are great trophy wives.• Women are all on the "mommy track."• Latino men are lazy.• Latino females are extremely emotional.• Asian men are very good at technology.• Asian females are quiet.• Native American men are drunks.• Native American females are submissive.
  3. Normally includes all aspects of ensuring the protection of citizens, businesses and critical infrastructures from threats that arise from their use of computers and the Internet. Everyone has a different perspective: Information Security Data Security Computer Security Control Systems Security Network Security Information Risk Management Etc. Even debating whether there’s a “space” between cyber and security CyberSecurity is often confused with: Computer security Security engineering Encryption Computer crime Computer forensics Security problems almost always stem from a mix of technical, human and organizational causes (BRUCE SCHNEIER, IAN SOMMERVILLE)
  4. CyberSecurity involves Defense and Attack. Schools
  5. This is my personal definition and the one that will be assumed during the presentation. Happens at multiple levels in the stack: Network, Application, Data. Involves Monitoring, Detection, Response.
  6. There are no systems that are connected to the Internet that are completely safe. Cyber-attacks are the norm. Everyone with a web presence is attacked multiple times each week. To further complicate this scenario, government entities have been found to be weakening Web security protocols and compromising business systems in the interest of national security, and hyper-competitive companies have been caught engaging in cyber-espionage. Detection of these attacks in real-time is difficult due to a number of reasons. The primary ones being the dynamism and ingenuity of the attacker and the nature of contemporary real-time attack detection systems. In this talk, I will share insights on an alternative, i.e. quickly recognizing attacks in a short period of time after the incident using audit analysis. With the rise of the Internet of Things comes a lot of convenience, such as smart fridges that let you access the internet and call for service in the case of malfunction, or devices that can monitor your energy usage and send you Twitter updates. It also comes with a new problem: many of these internet-connected devices don't have malware protection. And it's now been documented that someone is taking advantage. Security company Proofpoint has discovered a botnet attack -- that is, a cyber attack whereby the attacker hijacks devices remotely to send spam -- incorporating over 100,000 devices between 23 December and 6 January, including routers, multimedia centres, televisions and at least one refrigerator. The attack sent out over 750,000 spam emails, in bursts of 100,000 emails at a time, three times a day, with no more than 10 emails sent from any one IP address, making them difficult to block. Over 25 per cent of the emails were sent from devices that weren't conventional computers or mobile devices. It is the first documented case of common appliances being used in a cyber attack -- but that doesn't necessarily mean it was the first time it occurred, and it certainly won't be the last. In 2009, Raul Rojas, a computer science professor at the Free University of Berlin (and a robot soccer team coach), built one of Germany’s first “smart homes.” Everything in the house was connected to the Internet so that lights, music, television, heating and cooling could all be turned on and off from afar. Even the stove, oven, and microwave could be turned off with Rojas’s computer, which prevented some potential panic attacks about leaving an appliance on after exiting the house. One of the few things not connected in the house were the locks. Automated locks Rojas bought in 2009 are still sitting in a drawer waiting to be installed. “I was afraid of not being able to open the doors,” Rojas said in a phone interview.
  7. Requires minimal to zero technical skill on the internal operations of attacks. Need only knowledge on use.
  8. Statistics from the results of an SVB survey about cybersecurity completed by 216 C-level executives from US-based technology and life science companies in July 2013
  9. 2013 Cyber Security Study - What is the Impact of Today’s Advanced Cyber Attacks? by Bit9 and iSMG This survey was conducted online during the summer of 2013. Nearly 250 respondents participated in this international study. Key characteristics of the respondent base: »» 62 percent are from the U.S., with 10 percent from the UK and Europe; »» Top responding industries are: • Banking/financial services – 36 percent • Technology – 12 percent • Healthcare – 10 percent »» 47 percent of respondent organizations employ 500 or fewer employees, while 22 percent employ more than 10,000. »» 59 percent of respondents deploy only Windows-based endpoints in their organizations, while 1 percent are all-Mac shops. The remainder offer a mix of endpoint devices, with 31 percent saying more PCs than Macs.
  10. First-Generation Security Solutions Cannot Protect Against Today’s Sophisticated Attackers. It seems like each day there is a new attack reported in the news: advanced attacks such as Flame, Gauss and the Flashback Trojan that attacked 600,000 Macs. These “public” cyber attacks are, unfortunately, just the tip of the iceberg. The number and variety of attackers and their differing goals and motivations are overwhelming. The 2013 Cyber Security Survey shows proof that traditional, signature-based security defenses cannot keep up with today’s advanced threats and malware: »» 66 percent of survey respondents say their organizations’ ability to protect endpoints and servers from emerging threats for which no signature is known is “average” to “nonexistent.” »» 40 percent of respondents state that malware that landed on their endpoints and servers got there because it bypassed antivirus. First-generation security solutions, such as signature-based antivirus, can’t keep up with the tidal wave of widely targeted malware (400+ million variants), let alone advanced attacks that target specific organizations. There is No Silver Bullet in Security. Organizations increasingly rely on new-generation network security solutions as a primary defense against cyberthreats. This is a step in the right direction, but not a silver bullet. According to the survey: »» 27 percent of respondents say malware was able to land on their endpoints and servers because it bypassed network security. »» 30 percent responded that they don’t know how it got there. The digital assets that you need to protect reside on your endpoints and servers, or are at least accessible from your endpoints and servers, and it is inevitable that some malware is going to make it to this critical infrastructure. How does it happen? It could be that a user fell victim to social engineering, a laptop was disconnected from your network and network security, a user plugged in an infected USB device or mobile phone to his or her PC, or an advanced threat slipped past your AV. To combat the APT, you need to fortify your endpoints and servers with security solutions that work together to give you a unified, holistic approach. A defense-in-depth strategy is necessary, where you are not counting on just one security control to stop an attack. There is an Endpoint and Server Blind Spot The survey results indicate that there is also an “endpoint and server blind spot.” »» 59 percent say that when it comes to real-time monitoring of files that attempt to execute on servers and endpoints, their organizations’ abilities rate from “average” to “non-existent.” »» 61 percent say that once a file is determined to be malicious, the organization’s ability to determine how many endpoints and servers are infected rates from “average” to “nonexistent.”
  11. Global-Scale Identity Management: Global-scale identification, authentication, access control, authorization, and management of identities and identity information Insider Threat: Mitigation of insider threats in cyber space to an extent comparable to that of mitigation in physical space Availability of Time-Critical Systems: Guaranteed availability of information and information services, even in resource-limited, geospatially distributed, on demand (ad hoc) environments Building Scalable Secure Systems: Design, construction, verification, and validation of system components and systems ranging from crucial embedded devices to systems composing millions of lines of code Situational Understanding and Attack Attribution: Reliable understanding of the status of information systems, including information concerning possible attacks, who or what is responsible for the attack, the extent of the attack, and recommended responses Information Provenance: Ability to track the pedigree of information in very large systems that process petabytes of information Security with Privacy: Technical means for improving information security without sacrificing privacy Enterprise-Level Security Metrics: Ability to effectively measure the security of large systems with hundreds to millions of users
  12. If you expect a budget increase, where do you believe your organization will prioritize your spending?
  13. Some subsets of cognitive biases with examples (from YorkPsych) Self Perception Biases Self Perception biases are the tendency to allow one's dispositions to affect one's way of interpreting information. Self perception biases are distortions of one's own view of self. 1.Bias Blind Spot - the affectation or tendency to be ignorant of one's own biases. This is a case of the blind not knowing or ignoring that they are blind. (Pronin and Kugler, 2007) 2. Illusion of Control - the belief of being in at least some control over events and outcomes that you actually have no effect on. The devoted fan who gets out his lucky hat that "always brings the game back whenever the Giants are down" is a good example of this bias. (Kahneman and Tversky, 1972) 3. Restraint Bias - having overconfidence in one's own ability to deny temptations. This is a common bias because people like to believe they can handle whatever faces them and do not want to see themselves as having weak willpower. A Yorkie might fully believe they can become a vegetarian and even spend four days without eating any meat, but when they attend a Carnivores' Club meeting and smell the mouthwatering aroma of bacon, they give into the temptation that they were so confident they would overcome. 4.Self-Serving Bias - the tendency to be less prone to claim a failure than to claim a success. This is mostly due to people thinking their successes were due to their own brilliance, but their errors were caused by mistakes outside of their control ||Cognitive Dissonance||. In Mr. Fink's titration lab, a student is less likely to claim personal responsibility for the error that ends up skewing some of the results than for his quick thinking that enabled his group to salvage some meaningful data from the experiment. 5. Overconfidence Effect - inappropriately high confidence in one's own answers, opinions or beliefs. These overestimations could be driven by a strong desire to succeed or could just be a consequence of the general optimism produced by cognitive bias. Examples of overconfidence bias include a famous 1983 study in which 93% of drivers reported that they believed they were among the upper 50% of driving skill. (Pohl, 2006) 6. Egocentric Bias - the tendency of people to claim more responsibility in a group project than actuality. Egocentric bias could be observed if, for instance, any one person claimed to run Fall Fair when in reality, anyone who has taken part in Fall Fair knows it is an enormous team effort. (Kruger, Dunning, 1999) Perception Biases Perception biases are inaccurate views or conclusions drawn in various ways. They explain certain behavioral vicissitudes as well as how collective debates can result in so many various opinions. 1. Attentional Bias - the tendency for one's emotions to determine or affect one's focus. Emotional propaganda plays on this; for instance, certain charity commercials will show pictures of starving kids in Africa to draw attention away from the fact that only a fraction of the money donated actually goes to charitable causes. 2. Availability Heuristic - basing jugements or estimations on what most easily comes to memory. Because we remember cases or events that stand out as unusual or unexpected, this usually results in false assumptions or estimations. (Tversky and Kahneman, 1972) The availability heuristic is hypothesized to be to blame for the misconception that couples are more likely to conceive after they have adopted a child. People tend to remember all of the people who conceive after adoption and tend to forget about all of the cases in which the couples did not conceive after adopting. A more York oriented example is the common belief students seem to have that if their teacher doesn't show up to class within the first 15 minutes, then they have a free. This fits the availability heuristic because they most easily remember hearing of cases where other students did get away with this and enjoyed an unexpected free, rather then the more plentiful instances where the teacher showed up just in the nick of time and was angry at their attempt to desert class. 3. Hindsight Bias - "the I-knew-it-all-along bias", it is the tendency to believe you knew something when you truly did not. This also includes viewing completed events as more predictable than they actually were. (Pohl, 2006) Hindsight Bias can easily be observed outside the science building as Yorkies walking out of a math test will ask one another what they got on the Option A and frustratedly proclaim they knew that was what they were supposed to do, but for some reason didn't apply it at the time. 4. Observer Expectancy Effect / Selective Perception - known as the "observer effect", this is a fallacy that can very easily skew results in qualitative scientific experimentation. It is the tendency to manipulate or misinterpret data so that it will support (or disprove) a hypothesis. Essentially, it is the tendency to see what you want or expect to see. 5. Framing Effect - the tendency to interpret information differently based on changes in context or description. A Yorkie might exhibit this in the stress they put on studying for a chemistry quiz in comparison to a chemistry test. Even though Ms. Trachsel will explain that test and quiz scores are valued equally, and this quiz will be the same length as an average test, you might still hear one Yorkie telling another that "It's just a quiz," implying that being a quiz makes it somehow less imperative or important, regardless of how many points it's worth. 6. Choice Supportive Bias - the propensity to believe your choices were better or more righteously chosen than they actually were. This tends to happen when an individual remembers only the positive aspects of the chosen option of a decision, and only the negative aspects of the rejected options. For example, a second semester senior who hasn't taken any AP classes might justify his choice by concentrating on how much stress he would have now had he taken any AP classes, while not thinking about the benefits of passing the AP test and potentially getting college credit. Logic and Decision Biases Cognitive biases in logic and decisions are shown mostly through how people go about solving problems in different ways, make various choices, and judge different situations. 1.Base Rate Fallacy - Base Rate Fallacy is the inclination for someone to base his jugements on specifics rather than the big picture. An example of this could be a York Senior who chooses a college for having a strong chemistry program and ignores other aspects such as its location in the middle of a desert. 2.Zero-Risk Bias - the tendency for someone to try to eliminate a small risk rather than lower the likeliness of a great risk. An example of this could be a Yorkie that decides against joining the cross country team because they run on trails adjacent to areas that could contain unexploded ordinance. Rather than always choosing public transportation over driving a car to greatly reduce the risk of death in a transportation accident, the Yorkie reduces a small chance of getting blown to bits. This bias stems from a desire to reduce risk based on proportion rather than by chance. In other words, this Yorkie values a 100% risk decrease from .1% to 0% rather than a 66% risk decrease from, say, 3% to 1% 3. Anchoring‍ - the inclination for someone to allow one piece of information to outweigh others when making a decision. An example might be a couple considering the fact that the girl they hired to babysit their children goes to Stanford to be more important than the side facts that that girl skips half her classes, rides a motorcycle and brings her boyfriend with her to babysitting jobs. 4. Belief Bias - the tendency for someone to ignore logical error in an argument based on how believable a conclusion may be. For instance, people often buy into weight loss commercials that promise you could lose 20 pounds despite the illogical claim that you don't have to diet and only have to use their method for 10 minutes everyday for two weeks. 5.Semmelweis Reflex - the reflex-like tendency to ignore or reject any contradictory information against what one already believes. An example might be some one who does not believe that high fructose corn syrup is alright for their children after being told it was unhealthy, despite solid research and facts disputing that misconception. Probability Biases A probability bias arises when someone misinterprets precedents or past information and acts on this inaccuracy. 1. Normalcy Bias - the bias best represented in the freshmen class as Yorkies who are used to flying by in classes believe that since they have never received a B before, it simply cannot or will not happen. This is a logical error based on previous experience that most usually will throw the freshmen into shock. (Hsee and Zhang, 2004) 2. Gambler's Fallacy‍ - the propensity to believe that happenings of the past determine what will happen in the future. Just as its name predicts, this is most commonly exemplified by gamblers whom mistakenly tend to think along the lines that since they lost their game the last 6 times, they have a much greater chance of winning this time, or the next time, or the time after that. (Hsee and Zhang, 2004) Predictive Biases Predictive biases are most usually related to someone holding the inaccurate belief that they prematurely know information about events or people based on large or general ideas rather than specifics. 1. Optimism Bias - the higher tendency to expect positive outcomes of planned actions, rather than negative. People known as optimists tend to be the reassuring, confidence boosting, Mrs.Sherry-type people who always encourage you to hope for the best. 2. Pessimism Bias - opposite of the Optimism Bias, this is the habit of anticipating negative outcomes rather than positive. Pessimists sometimes suffer from depression, and typically have less hope for success of planned actions. 3. Planning Fallacy - possibly due to deficiencies in the Prefrontal Cortex (Cerebral Cortex), this is the tendency to inaccurately predict the time necessary to complete a task. This can be observed in some York seniors taking AP Psych who underestimate how much time will be needed to complete their textbook-wiki assignment and therefore are up until 2am the night before an installment is due. 4. Stereotyping - a bias in judgement, stereotyping is setting expectations for or drawing conclusions about an individual, based on the group they are tied to. Racial, religious and political stereotyping are most common as one will assume that because someone looks a certain way, believes a certain way or votes a certain way, she is like the majority of all others who affiliate with them. ‍Conformity Biases Conformity biases are the most socially based cognitive biases that are exemplified by people young and old in instances varying from politics to surfing. 1. Availability Cascade - the idea that if you believe something enough, it becomes the truth. This idea is subjective to each individual as, for instance, religious upbringing results in different people having concrete belief in opposing concepts. 2.Ingroup Bias - the tendency for someone to be more comfortable or friendly with people whom he perceive as like himself, or as in the same group as himself. This most basically explains the "cliques" of typical high school as people with common interests gravitate to each other. (Garcia, Song and Tesser, 2010) 3.Out-group Homogeneity Bias - also called homogeneity blindness, this is the tendency for people within a like group to see their group members as more varied and individualistic than the members of other groups. 4. System Justification - the "go with the flow" tendency for people to more frequently adhere to precedents, rather than establish something new or different. As exemplified with political parties vs York clubs, people tend to mold to existing political parties with a general fit to their beliefs/interest rather than establish new, more self-specific parties. Yorkies are less subject to System Justification than most people, as in anyone having a unique interest, such as in surfing, but finding there is no pre-existing group to facilitate that interest, will easily start a surf club. (Edwards, 1968)
  14. ~68% of cybersecurity professionals over 40
  15. “In comparison to representative labor statistics—women in 2012 accounted for 46.9% of the United States total labor force and 51.5% of United States management, professional, and related positions—it is clearly evident that women, at just 11% of the Information-Security profession, are greatly under represented.” https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/Women-in-the-Information-Security-Profession-GISWS-Subreport.pdf The IT security profession in the United States is heavily white with a disproportionate number of Asians, as compared with the overall workforce, according to an Information Security Media Group analysis of Labor Department employment figures.
  16. Currently, 43.4% focus on Management/Leadership and Administration 17.8% focus on Engineering
  17. There is job security
  18. Top five includes: Incident Handling and response Audit and compliance Analysis and Intelligence
  19. Cloud computing and Mobile Security play more dominance.
  20. Program Outcomes: Protect an organization's critical information and assets by ethically integrating cybersecurity risk management and business continuity best practices throughout an enterprise. Implement continuous network monitoring and provide real-time security solutions. Analyze advanced persistent threats and deploy countermeasures and conduct risk and vulnerability assessments of planned and installed information systems. Participate in forensic analysis of cyber incidents and assist in recovery of operations. Formulate, update, and communicate short- and long-term organizational cybersecurity strategies and policies.
  21. Set realistic expectations. Do not over promise and under deliver. Raising expectations that unconscious bias training will eliminate all bias would be disingenuous. The goal is to be conscious of our biases and not to pretend to be blind to differences that exist. Provide appropriate time for the training. It has taken a lifetime to develop our biases; they cannot be overcome in a two-hour session. Ideally, several short sessions or one full day is a minimum. Provide the training in person. This topic requires interaction, trust, and the opportunity for people to meet in a safe environment. E-learning or Webinars are not appropriate delivery methods for unconscious bias training, nor will they produce measurable change. Be judicious in selecting the right facilitator. Do not select trainers only because they took a course on diversity, see this topic as “their passion,” or are from an underrepresented group. Trainers should be highly qualified and well versed in the social psychology of attitude formation, be excellent and empathetic facilitators, and have a non-threatening and inclusive style that avoids guilt trips. Incorporate unconscious bias assessment tools such as those provided by Project Implicit. This tool, which helps to uncover hidden biases on many criteria—including, race, gender, disabilities, and age—has been used more than a million times to uncover hidden biases. Trainers also must know the pitfalls of this test and the way people interpret the outputs from the Project Implicit Website. Trainers must ensure that the trainees are not misinterpreting results and have support as required. Focus the training on specific, real situations, such as reviewing resumes, conducting interviews, responding to customers etc. An example of an outcome: Asking how to correctly pronounce someone’s name is a micro-affirmation, while not using someone’s name because you are afraid of embarrassing yourself is a micro-inequity.
  22. Address the topic of in-group favoritism and how it operates in the organization. Research shows that a lack of diversity creates “group think,” while diverse viewpoints result in more creativity and innovation. Identify those situations in which our implicit biases run contrary to our organizations’ explicit values. Use proven successful simulations, role-plays, and other interactive exercises that help people take the perspective of others. Many standard tools used in diversity training are inappropriate. Have groups discuss the words, phrases, symbols, jokes, and other symbolic representations of their group that they find offensive and why. Provide de-biasing, counter-stereotyping activities such as making associations that go counter to existing stereotypes (male nurses, female scientists, elderly athletes).