cyber

now browsing by tag

 
 

The myth of the cybersecurity skills shortage

Cyberseuciryt skills shortage

Source: ComputerWorld by Ira Winkler

Interesting article up for a read at ComputerWorld. Which all in all, is a good thing. The article talks of “The myth of the cybersecurity skills shortage” Winkler calls out companies that are claiming there is a cybersecurity skills shortage; which I don’t necessarily believe there is.

From the article at ComputerWorld:

The approach that seems to prevail these days — seeking a new hire who already has the right skills and experience or hiring them away from another organization — just doesn’t work. But it is why so many people believe there is a shortage of security professionals.

Mr. Winkler hit the nail on the head with this statement. I have a significant amount of security experience, I’ve worked for the government, large companies, medium companies, and small companies. I will generally do reasonably well at any interview question poised for me. The problem I’m seeing, is there are companies out there, that have beaten it into the head of their employees, that they are looking for someone that is an absolute master of skillset X, and disregard everything else. I, like many other security practitioners have my weaknesses; if I am slightly weaker in skillset X, then I am immediately assumed not a good fit for the job. 

The way I like to pursue jobs, is I aim for something I want to do, with a company I wouldn’t mind doing it for. Whether I have 100% strength on skillset X, or whether I’m slightly weaker at X, but extremely strong, at skillsets Y and Z; I will still apply, but a decent amount of time, I’ll get shot-down, due to the assumption, that because my skillset at X isn’t the greatest, I’ll never be able to catch up. This is where the fallacy in the argument lies. Company X, needs to look at candidate skills, and make their decision the ability of the candidate to learn skillset X (if skillset X is truly the reason for hiring). So again, there are areas where I’m slightly weaker, such as DLP. That doesn’t mean I don’t know what DLP is, or how it functions, but I’ve never sat in front of a host that does DLP and used it on a day to day basis. Does that mean I’m not right for any position at your organization due to the fact I’ve not been a DLP administrator?

Just something to think about. I always judge interview candidates on not just what they know, but what I think they will learn, and how strong of learners they are.

Obama Authorizes Sanctions for Cyber Attacks

Source: PCMag.com

Continuing the policy first adopted (that we know of) for North Korea’s (disputed) attack against Sony Pictures, Pres. Barack Obama has authorized the U.S. to uphold sanctions against countries that initiate cyber attacks against the U.S., and companies within the U.S.

I’m personally against this action, as it is authorizing the U.S. to perform retaliation for something, that we have had a terrible time attributing to countries. I foresee that it would lead to increased tensions against the U.S.

From the PCMag.com article:

Several months after the White House imposed sanctions on North Korea for its alleged involvement in the hack of Sony Pictures, the administration is promising to do the same to anyone else that tries to hack American targets.

President Obama signed an executive order that authorizes the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to impose sanctions on individuals or entities believed to be involved in “malicious cyber-enabled activities” that could pose “a significant threat to the national security, foreign policy, economic health, or financial stability of the United States.”

“Starting today, we’re giving notice to those who pose significant threats to our security or economy by damaging our critical infrastructure, disrupting or hijacking our computer networks, or stealing the trade secrets of American companies or the personal information of American citizens for profit,” Obama said in a statement.

Report: U.S. did carry out cyber attack against North Korea

Source: Yonhap News Agency

According to this report by the Yonhap News Agency, the U.S. did conduct a cyber operation against North Korea, in retaliation for their alleged attack against Sony.

From the article:

North Korea’s Internet connections suffered outages for days in late December after U.S. President Barack Obama blamed the communist nation for the massive hack on Sony and promised a “proportional response.”

If this is true, it is actually quite a scary situation for everyone involved. If you consider that a U.S. company, like Sony, has the U.S. Government to do its bidding for it; it really makes you think. I’m not concerned that that the U.S. has a cyber operations center, we’ve known about it for quite some time; what we haven’t known, is how, when, or why it would lead an attack against a nation. Now we know, all your nation-state has to do, is attack a very large corporation in the U.S. and it will draw the eye of U.S. cyber operations.

What do you think? Do you think the U.S. should launch a full scale cyber assault on a nation because it was behind a supposed “attack” on a large corporation. What is the precedence being set here? If my small business gets attacked by a group in North Korea, will the U.S. launch a full-scale attack against them? What size does my business need to be, where the U.S. government will carry out a full-scale cyber attack against North Korea to defend my business?