This document outlines a proposed solution to address the shortage of cybersecurity experts through education. It identifies the problem of not enough cybersecurity professionals to meet demand. The solution involves defining objectives like attracting more people to the field, and developing a strategy that includes creating new university cybersecurity programs, marketing cybersecurity as an appealing career, and learning from other countries' approaches to grow their cybersecurity workforce through public-private partnerships and scholarship programs. The strategy would aim to develop a complex curriculum approach to cybersecurity education from the ground up rather than just adding it onto existing computer science programs.
2. Future of Cyber Security
“The next battle will be the battle for the hearts and minds.”
“Capability and will.”
Dr. Jarno Limnéll, CyCon 2014
CC-BY-SA • Petr Špiřík
3. Problem Statement
There are not enough cyber security experts.
It is not going to fix by itself.
CC-BY-SA • Petr Špiřík
4. Solution
1. Identify the problem
2. Find the stakeholders
3. Define objectives
4. Form the strategy
5. Execute
CC-BY-SA • Petr Špiřík
5. 1. Problem Identification
Missing People
”I graduate about 35 students a year, and even if I were to
quadruple it, I wouldn't be able to fill the demand." - Lance
Hoffman, director of George Washington University's, 2010
“The demand for cybersecurity professionals has risen
sharply since 2007. This rise may be due to multiple factors,
including increased connectivity, increased vulnerability,
increased recognition by hackers of the value of attacking
networks, and an increased awareness of hacking.” – RAND,
2014
Predictions
“In 2017 there will be a global shortage of two million cyber
security professionals.” – Stephanie Daman, Digital Skills
Committee meeting in the House of Lords, October 2014
“The more expensive and knotty is the cyberthreat, the
greater the odds that the target may turn to radically new
technology and architectures, which can sharply reduce the
harm that threats can cause, and with it the need for so
many talented cybersecurity professionals.” – RAND, 2014
CC-BY-SA • Petr Špiřík
6. 2. Finding Stakeholders
Public Sector
Governments
Cyber war. Cyber espionage. Defense and offense. Strategic
interests. “Cyber” as an equalizer. Information society.
Universities
New research opportunities. Critical for attracting young
people. Natural thought and opinion leaders. Moral
obligation?
Private Sector
Companies
Defend own business. Security as a service. The need of
security for doing business.
Students
Interesting area of science. Impact on society, cutting edge.
Career, money and perspective. Importance of security in
“post Snowden era”.
CC-BY-SA • Petr Špiřík
7. 3. Objectives
We Need
More people with cyber security skills
Wide range of expertise and levels among them
Better definition of what skills are needed
Curriculum and who is going to teach it
More people even considering this career!
We Offer
Career (money talks!)
Cross-disciplinary challenges
Up-to date and relevant content
Extraordinary teachers and role models
University programs for more students, stipends, internships
CC-BY-SA • Petr Špiřík
8. 4. Strategy
Curriculum
Traditional “+1” approach
Take a bit of computer science, add cryptography and
network security – and you are done!
Complex approach
Start from scratch. Take the opportunity to create
something new. Cut the waste.
Do nothing
Sure. Because it worked so well in the past.
Marketing
Why “cyber” security
Cyber is the new sexy. Electronic signals, information or
computer security does not sound cool.
Sell it to decision makers
Increase student capacities. Create programs. Do
partnership with business.
Attract students
Remove barriers. Support the best. Bring in women.
CC-BY-SA • Petr Špiřík
9. 4a. What Is This Cyber Security, Anyway?
Common Understanding
Firewalls
Cryptography
Programming
Reality
Telecommunications and Network Security
Cryptography
Software Development Security
Access Control
Information Security Governance and Risk Management
Security Architecture and Design
Operations Security
Business Continuity and Disaster Recovery Planning
Legal, Regulations, Investigations and Compliance
Physical (Environmental) Security
CC-BY-SA • Petr Špiřík
10. 5. Execute – Learn From Others
US
Strategy
Strong government-driven approach. Top down execution.
Military requirements defining University programs.
Demand from multiple government entities.
CyberCorps
Scholarship for service. Unique program. Started in 2001 at
the University of Tulsa. Currently 13 Universities involved.
Threat information sharing
UK
Strategy
“Our strategy sets clear priorities – counter-terrorism, cyber,
international military crises and disasters such as floods.” UK
National Security Strategy, 2010.
Public-private partnership
Since 2011 part of an agenda. Tight interaction. Bidirectional
communication. Easier government-private career moves.
Women to cyber security
CC-BY-SA • Petr Špiřík
11. Thanks For All the Fish!
Petr Špiřík
Cyber Threat Intelligence
petr.spirik@gmail.com
@HidenatNet
CC-BY-SA • Petr Špiřík