The RSA Conference 2014 has commenced, and a few of the folks from Tripwire who are here are providing some feedback on the sessions they attended on this, the first day of the show.
We were also quite fortunate to have Kelly Kingman available at some the the sessions to “visualize” some of the thoughts of the presenters in real-time as the talks were being given. See the picture below, and watch for more of Kelly’s fantastic visual interpretations from RSAC.
Closing the Cybersecurity Skills Gap – It’s Past Time (PROF-M01)
Session Abstract: This session discussed how the evolving threat landscape is altering cybersecurity roles and what essential skills are needed (technical or not) in future leaders. The session gave insight from a benchmark study on how cybersecurity academic programs measure up to the demand of new skills and discussed whether we should groom cybersecurity defenders with broad skills or specialize in technical areas.
Senior Analyst, 451 Research
Chief Security Officer, Akamai Technologies, Inc.
Chief Technology Officer, Tripwire
President and Chief Executive Officer, Council on Cybersecurity
Director, SANS Institute
Sarah Wilson (attendee): “This was a great panel discussion, during which Jane Lute repeatedly advocated to professionalize the cyber security field by finding a way ‘to distinguish the frequent fliers from the pilots in cyber security.’ Dwayne Melancon and Mike Assante encouraged seeking out people who are passionate, curious and show willingness to grow, learn and adapt. A central theme to the discussion revolved around the fact that cyber security professionals need to be able to talk to the business – bridging the gap between the technical and non-technical in a way that is focused on ‘enabling the business,’ as opposed to being ‘the protector of the business.’”
Some quotes form the speakers:
- “Traveling a lot by aircraft does not make you someone a pilot. So how can we tell the pilots from the frequent flyers?”
- “Hope is not a method to develop CyberSecurity skills…”
- “One of the biggest assets is the ability to talk to the business…”
- “Curiosity, tenacity and not being afraid to jump in even if you don’t understand how to fix it…”
- “Having a multi competency model and the ability to relay details to different audiences is the most important element in building a qualified security team…”
- “Adapt and learn in different dimensions. That is a critical skill in cybersecurity. Connect with the community…”
- “We can’t rely on certifications alone, but need those who can synthesize from these basic skills to make better decisions…”
- “Your job as a security pro is not to judge the risk, but allow the biz to judge the risks themselves…”
- “Your biz needs to understand risks and we need to enable them make wiser risk decisions…”
The Future of Security Education (PROF-M02)
Session Abstract: The info sec community dumps huge amounts of money into training their professionals. For countless years, the industry has focused on written assessments and tests. This is changing. This session gave attendees a better understanding of the changes coming and how their training needs will be addressed from some of the professionals who are leading the way in content design.
Sarah Wilson (attendee): “This session raised the importance of security professionals being ‘Life Long Learners (L^3).’ The industry is constantly growing and changing and it is very difficult to keep up with. There was also a debate around the value and role of certifications. The panel acknowledged the spectrum between education and training, emphasizing the importance of hands-on experience to establish true competency.”
Vice President, Federal Channel, Axzo Press LLC
Lead for the National Initiative for Cybersecurity Education (NICE), National Institute of Standards and Technology (NIST)
Executive Director, (ISC)2
Right Skills, Right Time, Right Industry: Women in Security (PROF-M04)
Session Abstract: Women account for 11% of the global information security workforce. Yet their diverse voice and problem solving approaches represent an opportunity while attempting to optimize the “people” part of the information security triad of people, process and proper technology. This (ISC) 2 Global Information Security Workforce Study discussed how women have had an impact in the field of Cybersecurity.
Sarah Wilson (attendee): “This panel discussion began with the fact that women comprise just 11% of InfoSec professionals. The panel recommended focusing on gender equality to close the gap in the security workforce (a win-win). The group recognized the important strengths women can bring to InfoSec careers, including communication, leadership, policy formulation and strategic thinking. The conversation also highlighted the need to encourage girls to pursue STEM education from a young age, in order to level the playing field and build a pipeline for future women in security.”
(ISC)2 Foundation Director, (ISC)2
Vice President of Corporate Responsibility, Symantec Corporation
VP, Worldwide Information Security, Johnson & Johnson
Officer MI Cyber, Booz Allen Hamilton
And be sure to join us at Tripwire’s RSAC Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock