Solutions to the Growing Cyber Security Threat Dr. Jane LeClair Rick Bawcum • COO National Cybersecurity Institute at Excelsior College • COO / CTO Bross Group • Virtual CIO to multiple associations Educating a Cybersecurity Workforce • CISSP (2004) • 30+ years in IT Strategy, Governance, Service Delivery • Regis University • “Where IT meets the business” Panel • • Cybersecurity in Our Digital Lives • Former Dean of the School of Business & Technology at Excelsior College • Doctorate from Syracuse University Marc Noble • Certified Information Systems Security Professional (CISSP) • Information System Security Architecture Professional (ISSAP) • Certified Information System Management (CISM) • Member Business Continuity Institute Certification (MBCI) • Certified Governance of Enterprise (CGEIT) • Cyber/Information Security Practices Manager Staggering Losses… Identity theft costs Americans $37 billion annually Worldwide cyber crime costs about $1 TRILLION annually Identity theft costs Americans $37 billion annually 90 / 10 Rule Integrating the Domains Cybersecurity is a People Problem… 16 Critical Infrastructures • • • • • • Chemical Commercial Facilities Communications Critical Manufacturing Dams Defense Industrial Base • Emergency Services • Energy • Financial Services • • • • • Food and Agriculture Government Facilities Healthcare and Public Health Information Technology Nuclear Reactors, Materials and Waste • Transportation • Water and Wastewater 7 Future Trends Association Cyber Focus • Social engineering is the #1 method of initiating a breach • ALL of us house personally identifiable information. This is a significant area of opportunity for the enemy. • If you don’t have the expertise… hire it! • You can build better mousetraps • Pay attention to Cloud and SaaS security • Integrate your Response supply chain Building a Cybersecurity Workforce • A Human Capital Crisis in Cybersecurity, Technical Proficiency Matters by Center for Strategic and International Studies (CSIS), July 2010. • Updating U.S. Federal Cybersecurity Policy and Guidance spending scarce taxpayer dollars on security programs that work, CSIS, October 2012. • CYBERSECURITY - National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented, GAO, February 2013. • Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cybersecurity by SafeGov, March 2013. • Professionalizing the Nation’s Cybersecurity Workforce? Criteria for DecisionMaking, National Academy of Science, 2013. Common Findings on Building a Cybersecurity Workforce • promoting education, awareness, and workforce planning; • Train resources to raise the level of technical competence; • Ensure there is a career path; • shortfall in trained personnel for cybersecurity and called for expanded education and rigorous certification; • IT unemployment 4%, cybersecurity unemployment 2%. Dr. Jane LeClair Rick Bawcum Marc Noble Audience Q & A