SlideShare a Scribd company logo

Deep sec talk - Addressing the skills gap

Download as PPT, PDF
Colin McLean
Colin McLean

The document discusses the shortage of cybersecurity professionals and efforts to address this issue. It notes that while initiatives like competitions, boot camps and certifications help raise awareness, they are not enough to meet the substantial need for cybersecurity graduates in Europe and beyond. Universities and colleges need to produce more vocational cybersecurity graduates through specialized degree programs that combine both theoretical and practical skills over four years of study. Industry and government also need to work more closely with academia to ensure degree programs are tailored to meet real-world needs.

Education
1 of 65
Experiences of actually trying to fill the gap... Colin McLean, DeepSec, November 2014.
 Colin McLean ◦ Abertay University, Dundee, Scotland. ◦ Lecturer for 24 years. ◦ Developer of the 1st Undergrad Degree in Ethical Hacking (started 2006).  Abertay? ◦ Small University. ◦ Vocational courses.
 Far away from most of the action. Normal people live here someplace
 Since 2010, our graduates have been employed by.... ◦ KPMG, Qinetiq, NCC Group, Cigital, PWC, RBS, HSBC, MWR Labs, GCHQ, Tesco Bank, West point security, NCR, NTA Monitor, Mandalorian, Context IS, GFI Software, Firstbase, White Stratos......  Many of these companies have more than one graduate. ◦ NCC employ TEN of our graduates.
 Abertay has a good reputation amongst security companies in the UK for producing graduates with (roughly) the correct attributes.  Something has gone right at Abertay. ◦ Room for improvement.
 The extent of the problem.  Academic courses. ◦ Producing the right course. ◦ Things that have happened (knock on effects)  Attracting people on to the course.
When you think he is going to tell us how wonderful he is...
 8 years....  Luck.  Some good judgement.  Timing?  Some awesome people.  Much of this talk is based around the experiences of this course.
What is the scale?
 The DoHS can’t find enough people to hire.” Mark Weatherford DoHS, USA  “This shortage of ICT skills hampers the UK’s ability to protect itself UK National Audit Office.   "The demand for cyber security experts is growing at 12 times the rate of the overall job market." Hord Tipton, managing director of (ISC)2.
2012 2017 Americas 1.181 2.081 EMEA .797 1.363 APAC .894 1.463 Total 2.872 4.908 EMEA = Europe, Middle East & Africa APAC = Asia PACific  (ISC)2 report..people working in the industry (now and estimated required in millions).  Europe needs ~>200K in the next 2 – 3 years.
 “By 2017, there will be a global shortage of no less than two million cyber security professionals” http://www.itproportal.com/2014/11/03/house-of-lords-warning-uk-faces-devastating-cyber-security-skills-crisis-/#ixzz3IOQyyxlC
Options for a company?
 In the UK alone, 98 degrees have a cyber security element...  40 to 50 MSc’s....  We are on our way ..right?
 “Part of this problem, seemingly, is down to courses which are too steeped in academia and not in keeping with the true demands of the cyber security field.”   “the right practical skills aren't being taught, such as configuring and reconfiguring systems, trying out exploits, compromising the security of boxes and hardening defences.” Sean Smyth, director at CyberSecurityJobsite http://www.scmagazineuk.com/more-jobs-but-cyber-security-skills-gap- widens/article/340103/
 “The courses aren't right…they're great but not quite who the employer is looking for”.  “too many of graduates have learnt reactive skills not the stuff that comes up in real life”  “some professors say that these are often taught on industry placements”.
 Academics traditionally produce theoretical courses. ◦ That’s what we do. ◦ It’s not our fault.  Companies are blaming academics for producing the wrong product. ◦ You aren’t giving us graduates with the 1337 skillz. ◦ It’s not our fault.
What do we need to fix?
 Web App Problems (SQLi, XSS etc)  Poor coding etc, etc.  Malware Attacks  Bad configuration/ setups, unpatched software.  Weak Authentication - bad passwords?  DOS  Known or unknown vulnerabilities  Educating staff  ...........
 Networking.  Systems.  Developers.  Offensive.  Forensic.  Responders.....etc...  Also “softer skills” will be required ◦ intellectual property, internal security policies, HR Job writers, lawyers etc... ◦ Academia/Business must work to solve this.
 Mathematical / theoretical courses are required (largely being addressed?)  Theoretical can (?) save the world.  But...more vocational graduates are required. ◦ Theoretical solutions are not being adopted.  More and better vocational courses required. ◦ Is this being addressed?
Requirements analysis...
 Some of the attributes are unusual for a degree (especially a technical subject).  This is perhaps a problem?  These CAN be catered for during a degree. ◦ Teaching/Tutorials/Assessments/Extra-curricular activities ◦ External speakers etc.
Features. Points of interest that could help.
 2005 – A two year UK government funded project – Abertay Uni & NCR R&D ◦ Employed a full-time researcher.  “Risk analysis of an NCR Automated Telling Machine (ATM).”  Jim Kirkhope of NCR “it would be great to be able to employ graduates who knew this stuff..”  Industry driven
 NCR Student projects ◦ Covered by NDA..  Firstbase Techies. ◦ Guidance, talks, free training. ◦ Firstbase employ two Abertay graduates.  Cigital ◦ Talks, workshops, sponsorship, free software ◦ Cigital have employed 2 of our graduates.  NCC ◦ Talks, workshops, sponsorship, guidance etc. ◦ NCC employ 10 of our graduates.
 Now, I have contact with many companies.  It's moulded the content.  Ethical Hacking “company contact week” for students in their final year. ◦ NCC Group, MWR, KPMG, NTA Monitor etc have given training/advice etc...
 Other people have played a major role in our success. ◦ “Free" knowledge.  Our graduates are better equipped for the real-world because of this.  These companies are now getting a better product......
 Let them do things. ◦ Build their own specialisms. ◦ Build their own brand. ◦ Builds community spirit. ◦ Publicity.  An example... ◦ Abertay Ethical Hacking society. ◦ Students meet every week.
 Ethical Hacking Society. •Greg Scott: Fuzzing: Brute Force Vulnerability Discovery •Milo Farkner: Time for some Crypto •Rorie Hood: The Kernel, an int and the Null Pointer Dereference •Andy Redfield: Lockpicking •Georgi Boiko: XORing and Cryptography •Paul Dalton: Ping of Death revisited •Erden Eren: New ATMs: Secure? •Rorie Hood: The Gifar Attack •Jack Graham: Breaking the Boundaries with ToBmuD •Ian Soutar: You've Found a Vulnerability, Now What? Tony Roper: Reverse Engineering 32-bit Windows Executables Andrew Macdonald: Hacking for Homebrew: How to build your own PS2 Linux Kit Ian Soutar: Web Applications: Securing a Broken Website Jack Graham: The Power of TIFF, Screens and META Christopher Donnelly: Google Hacking Blair Dick: I2P - The Anonymous Network Rorie Hood: Rootkit Development Paul Dalton: USB Autorun on Windows Daniel Forse: Exploiting the Inherent Trust of Human Input Devices
 BruCon Security Conference 2011 ◦ “Smart Phones – The Weak Link in the Security Chain, Hacking a network through an Android device” by Nick Walker and Werner Nel  BruCon Security Conference 2011 ◦ “Script Kiddie Hacking Techniques by Ellen Moar  BSides London Security Conference 2011 ◦ “DNS Tunnelling: It's all in the name!”, Arron Finnon  GrrCon (Grand Rapids, Michigan) Security Conference 2012 ◦ I’m the guy your CEO warned you about by Gavin Ewan  BSides London Security Conference 2013 ◦ The evolution of Rootkits into the mobile ecosystems Rorie Hood ◦ Seven students have spoken at the rookie track.  BSides Lisbon Security Conference 2013 ◦ NoSQL – No Security..Gavin Holt  BSides Manchester 2014 ◦ Gavin Holt & rookie track... Our students talking at cons.
FranceLondon LisbonCardiff
 2012 -20 people, 2013 – 110 people, 2014 – 150+people http://securi-tay.co.uk/
 As well as the obvious...  Contacts & knowledge exchange between Universities. ◦ Leeds Beckett Uni, Sheffield Hallam, Dublin etc...  Publicity. ◦ TV/Radio/Newspapers..  School children have come to Securi-Tay
 Largely untapped.  Initiatives. ◦ Students visit Schools. ◦ Women in science days. ◦ Publicity..  Increase in female students.
 Schools visits.  School trips to Univerities.  School teachers training.  Planned awareness talks for the “elderly".
 To (some) academics ◦ We are not producing the right product. ◦ Our courses need to change. ◦ We don’t have the skills to teach our students. ◦ We need to ask for them.  To (some) companies ◦ You need academia to make your product better. ◦ You need our product to be better. ◦ You are not helping academics get these skills. ◦ You need to give out these skills.
 To some academics. ◦ Vocational CAN be academic. ◦ My student work has included..  Methodology, Taxonomy, Crypto, Risk analysis, Software development...  To some companies. ◦ “Look at this great deal that your graduates will get”. ◦ Moaning about academia will get you no place!
 Don’t expect GRADUATES to be experts the day they start. ◦ A degree MUST be generic. ◦ It’s about lifelong learning and no other discipline expects this so ....don’t you. ◦ A University degree is not TRAINING.  Academia. ◦ We must make an attempt to make graduates “billable” as early as possible.
 Fear of teaching the offensive.  What’s in a name?? Cyber-Hacking!  More specialist degrees.
 Thanks for having me & for listening..  Questions?
 Knowledge Transfer diagram  Colleges.  What’s in a name? ◦ Cyber/Ethical hacking  Fear of teaching offensive  Competitions – must be knowledge
 Vocational is becoming important.  Must be investment in resources.  Education must be driven by the Industry.  Industry must invest time & effort in academia.  More specialist degrees.
 If a company requires graduates then approach academia. ◦ Influence content. ◦ Influence graduate attributes. ◦ Influence assessment.  Student project work. ◦ it gives the company an indication of the skills of the student in question & the University.
 Realise. The content MUST be requirement driven.  Some Universities are offering degrees. ◦ They teach what they know how to do. ◦ Uni’s jumping on the bandwagon is pointless.  Must be a breadth of topics. ◦ Graduates must be flexible.
 Lack of practical security knowledge in Universities.  Companies need to encourage academics. Work alongside a security person?  In house training? ◦ Why not invite an academic.  Academics must also undertake difficult modules.
 “Too steeped in academia” ◦ We are vocational  practical skills aren't being taught ◦ Our students practical skills have been developed with the assistance of companies.  not the stuff that comes up in real life ◦ Case study based and guided with the assistance of companies.  The courses aren’t right. ◦ Industry has guided our course.  These are often taught on industry placements. ◦ Many of ours are taught on the course.
 Currently producing ~20 graduates per year who have a choice of job. ◦ Becoming more popular every year.  We also run an M Sc in Ethical Hacking (~10 grads per year).  No magic formula.  More programmes like ours required.
How to tackle the problem?
 “Governments, business and the IT security industry need to work together to make cyber security more visible and attractive as a career” Mark Weatherford DoHS.  “Industry and academia should ...raising awareness of the growing demand for cyber security professionals.”  Industry and government should invest in cyber security professionals who can address cyber threats “ Canadian ICTC Report. http://www.ictc-ctic.ca/wp-content/uploads/2012/10/ICTC_CyberSecurityReport1.pdf
What is actually happening? Will it benefit business?
 National security is highlighted and being addressed.  USA - Comprehensive National security initiatives.  Cybersecurity Strategy of the European Union. ◦ UK £650M investment. ◦ Most countries seem to be acting on this.
 NSA & DoHS sponsor National Centers of Academic Excellence ◦ Identify excellence in Research & Education. ◦ Largely National defence related. ◦ Some community colleges (vocational).  UK heading down this same route  More vocational cyber security degrees in the USA than Europe. ◦ Still not producing nearly enough suitably qualified people. California 38M pop, 8 edu establishments Ohio 12M pop, 4 In the UK, similar scheme for research est.
 Competitions  Boot camps  Scholarships.
 Meetings to raise awareness.  Other awareness events/promotions  Certifications are also an avenue for business...
 These help to raise awareness but.... ◦ Competitions.  Largely test existing knowledge. No great fundamental learning. ◦ Boot camps.  Two days training turns someone into a specialist? ◦ Certification  A 4 day course then a multiple choice exam? ◦ Scholarships to where?  To one of the very few specialist educational centres.
 Europe need 100K’s of people!  Specialist centres and short courses are not enough. ◦ Bolt on security?  Every region in every country:- ◦ Will require people. ◦ Universities / Colleges must act. ◦ Business must act. A fundamental education review is required.
◦ Firm grasp of fundamentals. ◦ Have a security mindset. ◦ Experience of real attacks. ◦ Practical skills & technical knowledge. ◦ Research skills. ◦ Analysis skills. ◦ “Think outside the box.” ◦ Communication skills. .............
 More vocational grads. ◦ Mathematical / theoretical still required but this is largely being addressed.  More vocational courses required. ◦ Is this being addressed? ◦ Colleges? Largely untapped.  However, not just any old vocational course.
 Themed:- ◦ Programming, Computer Networking, Ethical Hacking.  Four year honours degree in Scotland. ◦ Year 1 and 2 – Basics & concepts. ◦ Year 3 and 4 - Research and self-learn.  General security, Penetration testing, Web Application testing, Exploit Development, Reverse Engineering, Malware analysis The syllabus (briefly!)
 Culture of project work as assessments:- ◦ Year 1 Ethical Hacking – Project ◦ Year 2 Ethical Hacking – Project ◦ Year 2 Smart Programming – Programming Project ◦ Year 3 Ethical Hacking - Web security project ◦ Year 3 Ethical Hacking – Mini-project ◦ Year 3 Ethical Hacking – Exploit development ◦ Year 3 Group Project - Student chosen ◦ Year 4 Network Management – Network Security project ◦ Year 4 Honours project Student centred learning. RESEARCH & DOCUMENTATION ARE IMPORTANT

Recommended

Prime83 at IITKanpur
Prime83 at IITKanpurPrime83 at IITKanpur
Prime83 at IITKanpur
Sanjeev Maddila
 
Creating abundance in the global innovation econ Curtis Carlson
Creating abundance in the global innovation econ Curtis CarlsonCreating abundance in the global innovation econ Curtis Carlson
Creating abundance in the global innovation econ Curtis Carlson
3helix
 
New Digital Media Ecosystems for Learning
New Digital Media Ecosystems for LearningNew Digital Media Ecosystems for Learning
New Digital Media Ecosystems for Learning
JISC Digital Media
 
Computer science Engineering
Computer science EngineeringComputer science Engineering
Computer science Engineering
M. Raja Reddy
 
Microsoft Power Point Lg Pro Presentation (Slideshare)
Microsoft Power Point Lg Pro Presentation (Slideshare)Microsoft Power Point Lg Pro Presentation (Slideshare)
Microsoft Power Point Lg Pro Presentation (Slideshare)
Ann_Quach
 
Skolkovo 2013 Japan
Skolkovo 2013 JapanSkolkovo 2013 Japan
Skolkovo 2013 Japan
Albert Yefimov
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
The Lorenzi Group
 
Data-X-v3.1
Data-X-v3.1Data-X-v3.1
Data-X-v3.1
Ikhlaq Sidhu
 

Recommended

Prime83 at IITKanpur
Prime83 at IITKanpurPrime83 at IITKanpur
Prime83 at IITKanpur
Sanjeev Maddila
 
Creating abundance in the global innovation econ Curtis Carlson
Creating abundance in the global innovation econ Curtis CarlsonCreating abundance in the global innovation econ Curtis Carlson
Creating abundance in the global innovation econ Curtis Carlson
3helix
 
New Digital Media Ecosystems for Learning
New Digital Media Ecosystems for LearningNew Digital Media Ecosystems for Learning
New Digital Media Ecosystems for Learning
JISC Digital Media
 
Computer science Engineering
Computer science EngineeringComputer science Engineering
Computer science Engineering
M. Raja Reddy
 
Microsoft Power Point Lg Pro Presentation (Slideshare)
Microsoft Power Point Lg Pro Presentation (Slideshare)Microsoft Power Point Lg Pro Presentation (Slideshare)
Microsoft Power Point Lg Pro Presentation (Slideshare)
Ann_Quach
 
Skolkovo 2013 Japan
Skolkovo 2013 JapanSkolkovo 2013 Japan
Skolkovo 2013 Japan
Albert Yefimov
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
The Lorenzi Group
 
Data-X-v3.1
Data-X-v3.1Data-X-v3.1
Data-X-v3.1
Ikhlaq Sidhu
 
Catalogo ociplana Internacional
Catalogo ociplana InternacionalCatalogo ociplana Internacional
Catalogo ociplana Internacional
CAPITAL INTELECTUAL CREATIVO S.L.
 
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Magdalena Kachniewska
 
Winnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijsWinnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijs
Webredactie_Zwijsen
 
Pernambuco
PernambucoPernambuco
Pernambuco
cepmaio
 
Gabythaa
GabythaaGabythaa
Gabythaa
Gabriela Lozano
 
Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002
rosemere12
 
Partnermogelijkheden wbtm day
Partnermogelijkheden wbtm dayPartnermogelijkheden wbtm day
Partnermogelijkheden wbtm day
Han Hendriks
 
Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)Cagliostro Puntodue
 
F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01
cepmaio
 
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Webredactie_Zwijsen
 
Bluebeauty
BluebeautyBluebeauty
Bluebeauty
Shweta Chaturvedi
 
Beautiful
BeautifulBeautiful
Beautiful
vinod kumar
 
сравнительный анализ умк артикли
сравнительный анализ умк артиклисравнительный анализ умк артикли
сравнительный анализ умк артиклиAlisha_Rum
 
UNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVARUNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVAR
Jhonnatan Freire Quinatoa
 
TRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term ViewTRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term View
Md. Khairul Hasan Sujan
 
The Team Workshop Method
The Team Workshop MethodThe Team Workshop Method
The Team Workshop Method
JD Graffam
 
Thanh toan-quoc-te
Thanh toan-quoc-teThanh toan-quoc-te
Thanh toan-quoc-teHải Thành
 
Jessica Resume
Jessica ResumeJessica Resume
Jessica Resume
jlwill12
 
Lcf building life
Lcf building lifeLcf building life
Lcf building life
vinod kumar
 
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Marc Buitenhuis
 
Presentation
PresentationPresentation
Presentation
Colin McLean
 
Issue4
Issue4Issue4
Issue4
Sriram Suruliandi
 

More Related Content

Viewers also liked

Catalogo ociplana Internacional
Catalogo ociplana InternacionalCatalogo ociplana Internacional
Catalogo ociplana Internacional
CAPITAL INTELECTUAL CREATIVO S.L.
 
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Magdalena Kachniewska
 
Winnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijsWinnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijs
Webredactie_Zwijsen
 
Pernambuco
PernambucoPernambuco
Pernambuco
cepmaio
 
Gabythaa
GabythaaGabythaa
Gabythaa
Gabriela Lozano
 
Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002
rosemere12
 
Partnermogelijkheden wbtm day
Partnermogelijkheden wbtm dayPartnermogelijkheden wbtm day
Partnermogelijkheden wbtm day
Han Hendriks
 
Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)Cagliostro Puntodue
 
F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01
cepmaio
 
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Webredactie_Zwijsen
 
Bluebeauty
BluebeautyBluebeauty
Bluebeauty
Shweta Chaturvedi
 
Beautiful
BeautifulBeautiful
Beautiful
vinod kumar
 
сравнительный анализ умк артикли
сравнительный анализ умк артиклисравнительный анализ умк артикли
сравнительный анализ умк артиклиAlisha_Rum
 
UNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVARUNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVAR
Jhonnatan Freire Quinatoa
 
TRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term ViewTRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term View
Md. Khairul Hasan Sujan
 
The Team Workshop Method
The Team Workshop MethodThe Team Workshop Method
The Team Workshop Method
JD Graffam
 
Thanh toan-quoc-te
Thanh toan-quoc-teThanh toan-quoc-te
Thanh toan-quoc-teHải Thành
 
Jessica Resume
Jessica ResumeJessica Resume
Jessica Resume
jlwill12
 
Lcf building life
Lcf building lifeLcf building life
Lcf building life
vinod kumar
 
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Marc Buitenhuis
 

Viewers also liked (20)

Catalogo ociplana Internacional
Catalogo ociplana InternacionalCatalogo ociplana Internacional
Catalogo ociplana Internacional
 
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
Kachniewska M. - podsumowanie dyskusji bloku tematycznego na Kongresie Turyst...
 
Winnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijsWinnaar #watishijmooi-prijs
Winnaar #watishijmooi-prijs
 
Pernambuco
PernambucoPernambuco
Pernambuco
 
Gabythaa
GabythaaGabythaa
Gabythaa
 
Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002Curso de idiomas globo inglês livro002
Curso de idiomas globo inglês livro002
 
Partnermogelijkheden wbtm day
Partnermogelijkheden wbtm dayPartnermogelijkheden wbtm day
Partnermogelijkheden wbtm day
 
Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)Inchiesta risparmiare-in-tempo-di-crisi (1)
Inchiesta risparmiare-in-tempo-di-crisi (1)
 
F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01F 3-2011-1-110623082754-phpapp01
F 3-2011-1-110623082754-phpapp01
 
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
Veilig leren lezen - Digiregie, Leerkrachtassistent en Leerlingsoftware voor ...
 
Bluebeauty
BluebeautyBluebeauty
Bluebeauty
 
Beautiful
BeautifulBeautiful
Beautiful
 
сравнительный анализ умк артикли
сравнительный анализ умк артиклисравнительный анализ умк артикли
сравнительный анализ умк артикли
 
UNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVARUNIVERSIDAD ESTATAL DE BOLIVAR
UNIVERSIDAD ESTATAL DE BOLIVAR
 
TRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term ViewTRUSTLESS Inc Long Term View
TRUSTLESS Inc Long Term View
 
The Team Workshop Method
The Team Workshop MethodThe Team Workshop Method
The Team Workshop Method
 
Thanh toan-quoc-te
Thanh toan-quoc-teThanh toan-quoc-te
Thanh toan-quoc-te
 
Jessica Resume
Jessica ResumeJessica Resume
Jessica Resume
 
Lcf building life
Lcf building lifeLcf building life
Lcf building life
 
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
Tp1 collector pipes in siphonic roof drainage systems to incline or not to in...
 

Similar to Deep sec talk - Addressing the skills gap

Presentation
PresentationPresentation
Presentation
Colin McLean
 
Issue4
Issue4Issue4
Issue4
Sriram Suruliandi
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2 Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2
Western Sydney University
 
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
sam lessin
 
CSR Plan for National Celular Operator - Award Winning CSR
CSR Plan for National Celular Operator - Award Winning CSRCSR Plan for National Celular Operator - Award Winning CSR
CSR Plan for National Celular Operator - Award Winning CSR
Christofer Felix
 
Keynote at Online Learning 2019 Toronto
Keynote at Online Learning 2019 TorontoKeynote at Online Learning 2019 Toronto
Keynote at Online Learning 2019 Toronto
Stephen Murgatroyd, PhD FBPsS FRSA
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
KevinAlt1
 
Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1 Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1
Western Sydney University
 
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
Massachusetts Institute of Technology
 
IIMT Studies Jobs
IIMT Studies Jobs IIMT Studies Jobs
IIMT Studies Jobs
IIMT Studies
 
ELH School Tech 2013 - Computational Thinking
ELH School Tech 2013 - Computational ThinkingELH School Tech 2013 - Computational Thinking
ELH School Tech 2013 - Computational Thinking
Paul Herring
 
So fast, too soon?
So fast, too soon?So fast, too soon?
So fast, too soon?
Alexandra Deschamps-Sonsino
 
Digital Technologies in the NZ classroom
Digital Technologies in the NZ classroomDigital Technologies in the NZ classroom
Digital Technologies in the NZ classroom
David Kinane
 
Reimagining authentic curriculum in the age of AI
Reimagining authentic curriculum in the age of AIReimagining authentic curriculum in the age of AI
Reimagining authentic curriculum in the age of AI
Charles Darwin University
 
e-magazine(readme.txt)
e-magazine(readme.txt)e-magazine(readme.txt)
e-magazine(readme.txt)
Dr.E.Syed Mohamed
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
Security Innovation
 
Assessment for Learning: Leveraging Technology
Assessment for Learning: Leveraging TechnologyAssessment for Learning: Leveraging Technology
Assessment for Learning: Leveraging Technology
Jeremy Williams
 
Putting Students First in the Academic Integrity Discussion - Keynote Present...
Putting Students First in the Academic Integrity Discussion - Keynote Present...Putting Students First in the Academic Integrity Discussion - Keynote Present...
Putting Students First in the Academic Integrity Discussion - Keynote Present...
Thomas Lancaster
 
BEMM129 Flipgrid 2020
BEMM129 Flipgrid 2020BEMM129 Flipgrid 2020
BEMM129 Flipgrid 2020
Lisa Harris
 

Similar to Deep sec talk - Addressing the skills gap (20)

Presentation
PresentationPresentation
Presentation
 
Issue4
Issue4Issue4
Issue4
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
 
Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2 Digital Futures: Courses and Careers Workshop 2
Digital Futures: Courses and Careers Workshop 2
 
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
ACM ICPC Regional Finals Talk re: drop.io, privacy, entrepreneurship by sam l...
 
CSR Plan for National Celular Operator - Award Winning CSR
CSR Plan for National Celular Operator - Award Winning CSRCSR Plan for National Celular Operator - Award Winning CSR
CSR Plan for National Celular Operator - Award Winning CSR
 
Keynote at Online Learning 2019 Toronto
Keynote at Online Learning 2019 TorontoKeynote at Online Learning 2019 Toronto
Keynote at Online Learning 2019 Toronto
 
Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222Pmd prospective students 2.22.2222
Pmd prospective students 2.22.2222
 
Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1 Digital Futures: Courses and Careers Workshop 1
Digital Futures: Courses and Careers Workshop 1
 
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
What is the Martin Trust Center for MIT Entrepreneurship & Why Is it So Awesome?
 
IIMT Studies Jobs
IIMT Studies Jobs IIMT Studies Jobs
IIMT Studies Jobs
 
ELH School Tech 2013 - Computational Thinking
ELH School Tech 2013 - Computational ThinkingELH School Tech 2013 - Computational Thinking
ELH School Tech 2013 - Computational Thinking
 
So fast, too soon?
So fast, too soon?So fast, too soon?
So fast, too soon?
 
Digital Technologies in the NZ classroom
Digital Technologies in the NZ classroomDigital Technologies in the NZ classroom
Digital Technologies in the NZ classroom
 
Reimagining authentic curriculum in the age of AI
Reimagining authentic curriculum in the age of AIReimagining authentic curriculum in the age of AI
Reimagining authentic curriculum in the age of AI
 
e-magazine(readme.txt)
e-magazine(readme.txt)e-magazine(readme.txt)
e-magazine(readme.txt)
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
 
Assessment for Learning: Leveraging Technology
Assessment for Learning: Leveraging TechnologyAssessment for Learning: Leveraging Technology
Assessment for Learning: Leveraging Technology
 
Putting Students First in the Academic Integrity Discussion - Keynote Present...
Putting Students First in the Academic Integrity Discussion - Keynote Present...Putting Students First in the Academic Integrity Discussion - Keynote Present...
Putting Students First in the Academic Integrity Discussion - Keynote Present...
 
BEMM129 Flipgrid 2020
BEMM129 Flipgrid 2020BEMM129 Flipgrid 2020
BEMM129 Flipgrid 2020
 

Recently uploaded

Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
PsychoTech Services
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
dot55audits
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
Leena Ghag-Sakpal
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
Wahiba Chair Training & Consulting
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
MysoreMuleSoftMeetup
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
BoudhayanBhattachari
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 

Recently uploaded (20)

Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
Bed Making ( Introduction, Purpose, Types, Articles, Scientific principles, N...
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
B. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdfB. Ed Syllabus for babasaheb ambedkar education university.pdf
B. Ed Syllabus for babasaheb ambedkar education university.pdf
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 

Deep sec talk - Addressing the skills gap

  • 1. Experiences of actually trying to fill the gap... Colin McLean, DeepSec, November 2014.
  • 2.  Colin McLean ◦ Abertay University, Dundee, Scotland. ◦ Lecturer for 24 years. ◦ Developer of the 1st Undergrad Degree in Ethical Hacking (started 2006).  Abertay? ◦ Small University. ◦ Vocational courses.
  • 3.  Far away from most of the action. Normal people live here someplace
  • 4.  Since 2010, our graduates have been employed by.... ◦ KPMG, Qinetiq, NCC Group, Cigital, PWC, RBS, HSBC, MWR Labs, GCHQ, Tesco Bank, West point security, NCR, NTA Monitor, Mandalorian, Context IS, GFI Software, Firstbase, White Stratos......  Many of these companies have more than one graduate. ◦ NCC employ TEN of our graduates.
  • 5.  Abertay has a good reputation amongst security companies in the UK for producing graduates with (roughly) the correct attributes.  Something has gone right at Abertay. ◦ Room for improvement.
  • 6.  The extent of the problem.  Academic courses. ◦ Producing the right course. ◦ Things that have happened (knock on effects)  Attracting people on to the course.
  • 7. When you think he is going to tell us how wonderful he is...
  • 8.  8 years....  Luck.  Some good judgement.  Timing?  Some awesome people.  Much of this talk is based around the experiences of this course.
  • 9. What is the scale?
  • 10.  The DoHS can’t find enough people to hire.” Mark Weatherford DoHS, USA  “This shortage of ICT skills hampers the UK’s ability to protect itself UK National Audit Office.   "The demand for cyber security experts is growing at 12 times the rate of the overall job market." Hord Tipton, managing director of (ISC)2.
  • 11. 2012 2017 Americas 1.181 2.081 EMEA .797 1.363 APAC .894 1.463 Total 2.872 4.908 EMEA = Europe, Middle East & Africa APAC = Asia PACific  (ISC)2 report..people working in the industry (now and estimated required in millions).  Europe needs ~>200K in the next 2 – 3 years.
  • 12.  “By 2017, there will be a global shortage of no less than two million cyber security professionals” http://www.itproportal.com/2014/11/03/house-of-lords-warning-uk-faces-devastating-cyber-security-skills-crisis-/#ixzz3IOQyyxlC
  • 13. Options for a company?
  • 14.
  • 15.  In the UK alone, 98 degrees have a cyber security element...  40 to 50 MSc’s....  We are on our way ..right?
  • 16.  “Part of this problem, seemingly, is down to courses which are too steeped in academia and not in keeping with the true demands of the cyber security field.”   “the right practical skills aren't being taught, such as configuring and reconfiguring systems, trying out exploits, compromising the security of boxes and hardening defences.” Sean Smyth, director at CyberSecurityJobsite http://www.scmagazineuk.com/more-jobs-but-cyber-security-skills-gap- widens/article/340103/
  • 17.  “The courses aren't right…they're great but not quite who the employer is looking for”.  “too many of graduates have learnt reactive skills not the stuff that comes up in real life”  “some professors say that these are often taught on industry placements”.
  • 18.  Academics traditionally produce theoretical courses. ◦ That’s what we do. ◦ It’s not our fault.  Companies are blaming academics for producing the wrong product. ◦ You aren’t giving us graduates with the 1337 skillz. ◦ It’s not our fault.
  • 19. What do we need to fix?
  • 20.  Web App Problems (SQLi, XSS etc)  Poor coding etc, etc.  Malware Attacks  Bad configuration/ setups, unpatched software.  Weak Authentication - bad passwords?  DOS  Known or unknown vulnerabilities  Educating staff  ...........
  • 21.  Networking.  Systems.  Developers.  Offensive.  Forensic.  Responders.....etc...  Also “softer skills” will be required ◦ intellectual property, internal security policies, HR Job writers, lawyers etc... ◦ Academia/Business must work to solve this.
  • 22.  Mathematical / theoretical courses are required (largely being addressed?)  Theoretical can (?) save the world.  But...more vocational graduates are required. ◦ Theoretical solutions are not being adopted.  More and better vocational courses required. ◦ Is this being addressed?
  • 24.
  • 25.  Some of the attributes are unusual for a degree (especially a technical subject).  This is perhaps a problem?  These CAN be catered for during a degree. ◦ Teaching/Tutorials/Assessments/Extra-curricular activities ◦ External speakers etc.
  • 26. Features. Points of interest that could help.
  • 27.  2005 – A two year UK government funded project – Abertay Uni & NCR R&D ◦ Employed a full-time researcher.  “Risk analysis of an NCR Automated Telling Machine (ATM).”  Jim Kirkhope of NCR “it would be great to be able to employ graduates who knew this stuff..”  Industry driven
  • 28.  NCR Student projects ◦ Covered by NDA..  Firstbase Techies. ◦ Guidance, talks, free training. ◦ Firstbase employ two Abertay graduates.  Cigital ◦ Talks, workshops, sponsorship, free software ◦ Cigital have employed 2 of our graduates.  NCC ◦ Talks, workshops, sponsorship, guidance etc. ◦ NCC employ 10 of our graduates.
  • 29.  Now, I have contact with many companies.  It's moulded the content.  Ethical Hacking “company contact week” for students in their final year. ◦ NCC Group, MWR, KPMG, NTA Monitor etc have given training/advice etc...
  • 30.
  • 31.  Other people have played a major role in our success. ◦ “Free" knowledge.  Our graduates are better equipped for the real-world because of this.  These companies are now getting a better product......
  • 32.
  • 33.  Let them do things. ◦ Build their own specialisms. ◦ Build their own brand. ◦ Builds community spirit. ◦ Publicity.  An example... ◦ Abertay Ethical Hacking society. ◦ Students meet every week.
  • 34.  Ethical Hacking Society. •Greg Scott: Fuzzing: Brute Force Vulnerability Discovery •Milo Farkner: Time for some Crypto •Rorie Hood: The Kernel, an int and the Null Pointer Dereference •Andy Redfield: Lockpicking •Georgi Boiko: XORing and Cryptography •Paul Dalton: Ping of Death revisited •Erden Eren: New ATMs: Secure? •Rorie Hood: The Gifar Attack •Jack Graham: Breaking the Boundaries with ToBmuD •Ian Soutar: You've Found a Vulnerability, Now What? Tony Roper: Reverse Engineering 32-bit Windows Executables Andrew Macdonald: Hacking for Homebrew: How to build your own PS2 Linux Kit Ian Soutar: Web Applications: Securing a Broken Website Jack Graham: The Power of TIFF, Screens and META Christopher Donnelly: Google Hacking Blair Dick: I2P - The Anonymous Network Rorie Hood: Rootkit Development Paul Dalton: USB Autorun on Windows Daniel Forse: Exploiting the Inherent Trust of Human Input Devices
  • 35.  BruCon Security Conference 2011 ◦ “Smart Phones – The Weak Link in the Security Chain, Hacking a network through an Android device” by Nick Walker and Werner Nel  BruCon Security Conference 2011 ◦ “Script Kiddie Hacking Techniques by Ellen Moar  BSides London Security Conference 2011 ◦ “DNS Tunnelling: It's all in the name!”, Arron Finnon  GrrCon (Grand Rapids, Michigan) Security Conference 2012 ◦ I’m the guy your CEO warned you about by Gavin Ewan  BSides London Security Conference 2013 ◦ The evolution of Rootkits into the mobile ecosystems Rorie Hood ◦ Seven students have spoken at the rookie track.  BSides Lisbon Security Conference 2013 ◦ NoSQL – No Security..Gavin Holt  BSides Manchester 2014 ◦ Gavin Holt & rookie track... Our students talking at cons.
  • 37.  2012 -20 people, 2013 – 110 people, 2014 – 150+people http://securi-tay.co.uk/
  • 38.  As well as the obvious...  Contacts & knowledge exchange between Universities. ◦ Leeds Beckett Uni, Sheffield Hallam, Dublin etc...  Publicity. ◦ TV/Radio/Newspapers..  School children have come to Securi-Tay
  • 39.  Largely untapped.  Initiatives. ◦ Students visit Schools. ◦ Women in science days. ◦ Publicity..  Increase in female students.
  • 40.  Schools visits.  School trips to Univerities.  School teachers training.  Planned awareness talks for the “elderly".
  • 41.  To (some) academics ◦ We are not producing the right product. ◦ Our courses need to change. ◦ We don’t have the skills to teach our students. ◦ We need to ask for them.  To (some) companies ◦ You need academia to make your product better. ◦ You need our product to be better. ◦ You are not helping academics get these skills. ◦ You need to give out these skills.
  • 42.  To some academics. ◦ Vocational CAN be academic. ◦ My student work has included..  Methodology, Taxonomy, Crypto, Risk analysis, Software development...  To some companies. ◦ “Look at this great deal that your graduates will get”. ◦ Moaning about academia will get you no place!
  • 43.  Don’t expect GRADUATES to be experts the day they start. ◦ A degree MUST be generic. ◦ It’s about lifelong learning and no other discipline expects this so ....don’t you. ◦ A University degree is not TRAINING.  Academia. ◦ We must make an attempt to make graduates “billable” as early as possible.
  • 44.  Fear of teaching the offensive.  What’s in a name?? Cyber-Hacking!  More specialist degrees.
  • 45.  Thanks for having me & for listening..  Questions?
  • 46.  Knowledge Transfer diagram  Colleges.  What’s in a name? ◦ Cyber/Ethical hacking  Fear of teaching offensive  Competitions – must be knowledge
  • 47.  Vocational is becoming important.  Must be investment in resources.  Education must be driven by the Industry.  Industry must invest time & effort in academia.  More specialist degrees.
  • 48.  If a company requires graduates then approach academia. ◦ Influence content. ◦ Influence graduate attributes. ◦ Influence assessment.  Student project work. ◦ it gives the company an indication of the skills of the student in question & the University.
  • 49.  Realise. The content MUST be requirement driven.  Some Universities are offering degrees. ◦ They teach what they know how to do. ◦ Uni’s jumping on the bandwagon is pointless.  Must be a breadth of topics. ◦ Graduates must be flexible.
  • 50.  Lack of practical security knowledge in Universities.  Companies need to encourage academics. Work alongside a security person?  In house training? ◦ Why not invite an academic.  Academics must also undertake difficult modules.
  • 51.  “Too steeped in academia” ◦ We are vocational  practical skills aren't being taught ◦ Our students practical skills have been developed with the assistance of companies.  not the stuff that comes up in real life ◦ Case study based and guided with the assistance of companies.  The courses aren’t right. ◦ Industry has guided our course.  These are often taught on industry placements. ◦ Many of ours are taught on the course.
  • 52.  Currently producing ~20 graduates per year who have a choice of job. ◦ Becoming more popular every year.  We also run an M Sc in Ethical Hacking (~10 grads per year).  No magic formula.  More programmes like ours required.
  • 53. How to tackle the problem?
  • 54.  “Governments, business and the IT security industry need to work together to make cyber security more visible and attractive as a career” Mark Weatherford DoHS.  “Industry and academia should ...raising awareness of the growing demand for cyber security professionals.”  Industry and government should invest in cyber security professionals who can address cyber threats “ Canadian ICTC Report. http://www.ictc-ctic.ca/wp-content/uploads/2012/10/ICTC_CyberSecurityReport1.pdf
  • 55. What is actually happening? Will it benefit business?
  • 56.  National security is highlighted and being addressed.  USA - Comprehensive National security initiatives.  Cybersecurity Strategy of the European Union. ◦ UK £650M investment. ◦ Most countries seem to be acting on this.
  • 57.  NSA & DoHS sponsor National Centers of Academic Excellence ◦ Identify excellence in Research & Education. ◦ Largely National defence related. ◦ Some community colleges (vocational).  UK heading down this same route  More vocational cyber security degrees in the USA than Europe. ◦ Still not producing nearly enough suitably qualified people. California 38M pop, 8 edu establishments Ohio 12M pop, 4 In the UK, similar scheme for research est.
  • 58.  Competitions  Boot camps  Scholarships.
  • 59.  Meetings to raise awareness.  Other awareness events/promotions  Certifications are also an avenue for business...
  • 60.  These help to raise awareness but.... ◦ Competitions.  Largely test existing knowledge. No great fundamental learning. ◦ Boot camps.  Two days training turns someone into a specialist? ◦ Certification  A 4 day course then a multiple choice exam? ◦ Scholarships to where?  To one of the very few specialist educational centres.
  • 61.  Europe need 100K’s of people!  Specialist centres and short courses are not enough. ◦ Bolt on security?  Every region in every country:- ◦ Will require people. ◦ Universities / Colleges must act. ◦ Business must act. A fundamental education review is required.
  • 62. ◦ Firm grasp of fundamentals. ◦ Have a security mindset. ◦ Experience of real attacks. ◦ Practical skills & technical knowledge. ◦ Research skills. ◦ Analysis skills. ◦ “Think outside the box.” ◦ Communication skills. .............
  • 63.  More vocational grads. ◦ Mathematical / theoretical still required but this is largely being addressed.  More vocational courses required. ◦ Is this being addressed? ◦ Colleges? Largely untapped.  However, not just any old vocational course.
  • 64.  Themed:- ◦ Programming, Computer Networking, Ethical Hacking.  Four year honours degree in Scotland. ◦ Year 1 and 2 – Basics & concepts. ◦ Year 3 and 4 - Research and self-learn.  General security, Penetration testing, Web Application testing, Exploit Development, Reverse Engineering, Malware analysis The syllabus (briefly!)
  • 65.  Culture of project work as assessments:- ◦ Year 1 Ethical Hacking – Project ◦ Year 2 Ethical Hacking – Project ◦ Year 2 Smart Programming – Programming Project ◦ Year 3 Ethical Hacking - Web security project ◦ Year 3 Ethical Hacking – Mini-project ◦ Year 3 Ethical Hacking – Exploit development ◦ Year 3 Group Project - Student chosen ◦ Year 4 Network Management – Network Security project ◦ Year 4 Honours project Student centred learning. RESEARCH & DOCUMENTATION ARE IMPORTANT