It’s an increasingly common question these days, and not an easy one at that. That is, do you build your security operations capabilities in house, or do you go with a Managed Security Service Provider (MSSP)? There are certainly advantages to both and bottom line wise; it is hard to say which one actually is cheaper. Ultimately, as with all things, it is a business decision that is made with an acceptable level of risk in mind.
Cyber Security Training
Art Coviello at RSA often refers to the skills gap in the number of Cyber security professionals in his keynotes. A UK National Audit Office report out today quotes it could take “up to 20 years to address the skills gap.” The truth is the number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet and the NAO warns that the UK faced a current and future cyber security skills gap, with “the current pipeline of graduates and practitioners” unable to meet demand.
I like Star Trek. I’ve always wanted to be Captain Kirk (had to pick one…Picard is great too) sitting in that chair on the bridge of the Enterprise with seemingly endless resources at my disposal with a mission to protect the universe. I’m not giving up, but that’s probably not going to happen. However, I do get a bit of the same thrill as I have the opportunity to work in the Critical Incident Response Center lab we have set up at RSA for research and demonstration purposes.
Now that the Mayan calendar gives us until October 13, 4772, we have some time to focus on 2013 in earnest. As I was thinking of my resolutions for 2013, I thought I’d compile some of the things that I predict will be on the resolution list for many organizations in the New Year.
“We need to champion and develop a new breed of Cyber Security Analyst…This new breed of analyst must have the right analytical skills, ‘big picture’ thinking and much needed collaborative “people skills” to ensure smooth information sharing with multiple stakeholders.” – Art Coviello
Some of you may be familiar with the 90’s UK TV program called ‘Cracker’ starring Robbie Coltrane as a Forensic Psychologist. He is a classic antihero, unfaithful to his wife, alcoholic, a chain smoker, obese, addicted to gambling, manic, foul-mouthed and sarcastic, and yet cerebral and brilliant. He is a genius in his specialty: criminal psychology. In order to stay ahead of Advanced Threats one of the changes organizations will have to make is to ensure they have the right skills required to mitigate these threats and the new role of the ‘Cyber Security Analyst’ is born.
At RSA Conference Europe recently I did a joint session entitled ‘Training Employees to Recognize and Avoid Advanced Threat’ No matter what security technologies are implemented, every organization’s greatest vulnerability is its people. Social engineering is a predominant aspect of advanced threats and finding ways to increase the effectiveness of user training has become [...]
At RSA conference last week I did a joint session entitled ‘Training Employees to Recognize and Avoid Advanced Threat’ An interesting issue was raised by a member of the audience on whether organisations should use a carrot or a stick to encourage their employees to attend cyber security training. I guess it really depends on [...]