Cyber Security Education: Remove The Limits
Highly technical and high-level strategic education must come together to achieve cyber security goals.
As we approach (ISC)2's 2014 Security Congress -- the organization's largest global event of the year -- I am very focused on what we can do to continually educate information security professionals and how we can broaden our educational offerings to produce a well-rounded cyber workforce.
While the White House Cybersecurity Coordinator was criticized last week in an article for suggesting that the lack of technical know-how can be an asset to those in cyber-security positions, he makes a strong point: "The real issue is to look at the broad, strategic picture and the impact that technology will have." To me, it is clear that ongoing and expanding education is vital for the cyber workforce, especially as we observe increasingly sophisticated attacks and more complex systems.
August was indeed a month rich in deep "techie" conferences with the trifecta of Black Hat, Def Con, and BSides. While experiencing first-hand the mastery displayed by the "in the weeds" techies at Black Hat, I am happy to report that we are indeed making progress toward growing a mature and balanced cyber workforce.
Historically, there have been two perceived approaches to cyber security -- the vertical, technical approach and the more horizontal, strategic approach. While at Black Hat, I experienced a parting from that perception, in that the traditional "techies" who attended to sharpen their technical skills/techniques were mindful of the goal of contributing such techniques toward their organizations' horizontal strategies. This would seem to indicate that individuals are recognizing the impact they have on the success of their companies' overall cyber-security strategies, and that those organizations that take the limits off the educational experience of their cyber workers are ending up with stronger and more mature cyber professionals.
[Homeland Security wants fresh tools. See Wanted By DHS: Breakout Ideas On Domestic Cybersecurity.]
I would encourage IT and information security managers to approach the fall season of conferences with an open mind and to make sure to nurture all areas of cyber security educational pursuits. So, should you expect your employees to come back from these conferences with all the answers -- both technical and strategic? No. You will inevitably be disappointed if you expect those attending a "techie" conference such as Black Hat to come back with solutions for debates such as:
Conventional warfare vs. cyberwar policy
Cyber offense vs. cyber defense policy
Balancing privacy vs. security
However, any education that moves your workforce a step closer to understanding the complexities (technical or strategic) of the many controversial issues will ultimately close the gap on the lack of consensus and contribute toward the progress of industry security programs and policy. Even the government is recognizing that a better understanding of cyber security is critical at even the basic level, recently announcing its Federal Executive Cybersecurity Seminar (FECS) that aims to educate executives on the basics of cyber security challenges, operations, and policies.
Cyber security is growing in complexity every day and requires continual refinement of the workforce's capacity for both skill and strategy. While Black Hat, Def Con, and BSides may not be the forum for tackling the controversial issues that face us domestically or abroad, the ultimate solutions will be achieved only when educated people bring both depth and breadth of knowledge to the discussion table.
Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 9, 2015.
About the Author
You May Also Like