By Sean Coons
The future of cybersecurity is like a puzzle that’s been laid out on a table. All the pieces are there – elements from private enterprise, government, academia, consumers, the needs and practices of the general public – but the challenge is, who exactly will coordinate the assembling of these pieces, which have ever-evolving edges and connections?
A good place to look for such leadership will be at the upcoming RSA Conference (RSAC), held at the Moscone Center in San Francisco, February 13-17. RSAC 2017 will feature keynotes and speakers Seth Meyers (Host, “Late Night with Seth Meyers”), Heather Adkins (Director of Information Security & Privacy, Google), Winn Schwartau (Founder, The Security Awareness Company), Abbie Barbir (Senior Security Advisor, AIS Security Innovation, Aetna), among many other industry leaders.
The RSA Conference has provided comprehensive exploration of all things InfoSec for the past twenty-five years, drawing tens of thousands to their events, including leading thinkers representing every imaginable piece of the cybersecurity puzzle: cryptography and data security, government policy and law, strategy and technology infrastructure, cloud and mobile security – and the master-piece that connects and shapes all of the other pieces: cybersecurity education.
In an effort to highlight the importance of education for the future of cybersecurity, RSA Conference 2017 will unveil its latest major platform, AdvancedU. As they describe it, “RSAC AdvancedU is an exciting series of educational programs offered by RSA Conference that teaches cyber-awareness for children, provides outreach to college students to introduce and encourage a career in information security, and supports education throughout the various stages of a career within the industry.”
In an industry defined by uncertainty, one thing is foundational: Success in the battle for information will be determined by how we recruit and prepare the next generation of InfoSec professionals. And right now, we’re like America before Pearl Harbor – massive potential in need of mobilization. According to the U.S. bureau of labor statistics, “Employment of information security analysts is projected to grow 18 percent from 2014 to 2024, much faster than the average for all occupations. Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.” Demand isn’t the problem, however – it’s the lack of supply.
It’s commonly understood that the cybersecurity talent gap is symbiotically tied to lack of clarity, opportunities, and recruiting in cybersecurity education. According to Redmond Magazine, Intel Security’s McAfee Center for Strategic and International Studies, in a survey of “775 IT decision makers in eight countries (including the U.S.) found that 82 percent are coping with a shortage of cybersecurity skills in their IT department, 71 percent report that the lack of talent is causing direct and measurable damage and 76 percent believe their respective governments aren’t investing adequately in educating or training cybersecurity talent.”
Fortunately, organizations like RSAC understand the scope and stakes of the problem. In an RSA-produced video released at this year’s conference, “25 Years of Information Security” (video below), the narrator tells us, “By 2003, the information on the internet surpassed all other information in human history. IT security is being asked to defend more ground than any other interest in the history of our species.” A connection is made between digital security and national security, as highlighted by America’s 9-11 attacks, with a chilling implication: When commercial solutions don’t protect us from rogue elements, government intervention increases; and as government intervenes, we all lose the freedom that has been the hallmark and glory of the internet.
Hopefully, it won’t take an IT Pearl Harbor or 9-11 to mobilize and change this present InfoSec picture.
According to RSA, there are 3.2 billion Internet users, representing 43% of the world. Given these breathtaking figures, it becomes clear that cybersecurity education is not simply a course of study for the tech savvy college student looking for a career in a growth industry – cybersecurity education will be part of life for us all in the Internet age.
“The InfoSec industry does a great job talking about security with security folks; people already in the industry and aware of the risks and challenges we face,” says Sean Martin, CISSP, co-founder, and editor in chief at ITSPmagazine. “I believe we will all be responsible for our own security – no vendor, service provider, or even government entity will save us… sometimes even from ourselves. We need more education to get more people involved. This program, AdvancedU, is a great step forward and we look forward to learning more as we cover the entire RSA Conference in February.”
RSAC AdvancedU will explore InfoSec education from several perspectives:
RSAC Security Scholar: “RSAC Security Scholar has grown to 60 students from more than twenty leading universities. Participating scholars engage and discuss with industry luminaries to share knowledge, gain experience and forge connections. The RSA Conference community can meet the selected scholars at Wednesday’s Open Poster session. To take full advantage of the RSA Conference experience, students are also given access to the 400+ sessions and expo halls.” Participating universities include United States Military Academy West Point, Columbia University (Center for Cybersecurity), George Mason University, University of North Carolina at Charlotte, and University of Southern California (Viterbi School of Engineering).
RSAC College Day: “RSAC College Day provides college students with free access to RSA Conference on Thursday, including an exclusive breakfast and a College Day Open House where they can meet with industry experts and corporate sponsors to discuss career opportunities.”
In an effort to equip parents as they navigate a digital world increasingly unsafe for their children, RSAC has created the CyberSafety Initiative, which includes three components:
RSAC CyberSafety Village Exhibit: “The RSAC CyberSafety Village (CSV) showcases services agencies and non-profit organizations that provide education and guidance to parents seeking to learn how to teach their children to be safe and responsible online. Some of these partnering organizations provide connections and opportunities for InfoSec professionals who would like to volunteer in their own local communities to spread education about cybersafety for kids.” Click here for dates and times of the CyberSafety Village Exhibit.
CyberSmart: Parents Education Workshop: “This seminar provides an overview to parents and caregivers on how to best support and secure their child’s online activities. This year’s session ‘The Always-On Generation and the Evolving Digital Landscape’ will provide an overview of how to support and secure a child’s online activities. Attendees will hear about the latest brain research on sleep and addiction, learn how to recognize and address cyberbullying, and find out what youth and teens are saying about the rewards and challenges they experience in a networked world.”
CyberSafety Presentation Stage: “Located within the CyberSafety Village, the Presentation Stage will host the Workshop as well as a daily schedule of industry influencers with expertise in the specifics of cybersecurity and parent education.”
Click here for the full RSAC 2017 agenda.
From the video “25 Years of Information Security”: “This is the job of the RSA Conference… [For] 25 years, this community has worked hard together to protect individuals, businesses, governments, children. Time after time, we have faced an abyss of new threat growing with each response. What will the next quarter century bring to our world? How will we connect to secure a better tomorrow?”
Who will coordinate the assembling of the pieces of our cybersecurity puzzle?
All attention will be turned to RASC 2017 this February. ITSPmagazine’s included. We hope to see you there!