cybersecurity supply-chain - fbcinc.comfinal).pdf · isaca’s 2014 apt study, isaca, ... from...
Post on 06-Jul-2018
217 Views
Preview:
TRANSCRIPT
Cybersecurity Supply-ChainWorkforce Management and Skills‐Gap Development
TRANSFORMING THE NEXT GENERATION WORKFORCEStudents learn the skills employers look for!
Global Problem - Critical Issues
Scaling a workforce of cyber skilled
resources
Accelerate training of students
Winning the War for Talent
Enterprise Skills Inventory and DevelopmentWorks for internal use cases too
Cut Cost And Time To ProductivityNew hires hit the ground runningHiring grads at $60K on 24‐month development; leave in 9‐months at $120K – unsustainable” – NY Bank.
Workplace SkillApplied Project Based
Learning
Winning the War-for-TalentAll fishing in the same pond for the top
5% when there a thousands of good candidates outside of traditional hiring
methods.
Greater Scalability - Less CostWider/Global reach for candidates
Students gain workplace skills while still at University .
Industry Recognised Transferable SkillsCommon taxonomy for job-role definitions agreed - andCertificates recognized by industry
Imbalance
External Threats• 62% increase in breeches in 20131
• On average, an advanced threat goes unnoticed on victim’s network for 8 months2
• $3 trillion total global impact of cybercrime1
• 1 in 5 organizations have experienced an advanced persistent threat (APT) attack3
• 2.5 billion exposed records as a result of a data breach in the past 5 years1
• Approx. 1 million new malware variants a day, for an overall total of 1.7 Billion4
• 1 in 6 mobile applications are classified as malware4
Insider Threats• About 58% of data security threats originate from
employees, ex-employees, and trusted partners5
• A single insider attack costs a company on average $412,0005
• Estimated 75% of all insider attacks go unnoticed6
• 62% of organizations did not increase security training in 20143
• 1 out of 3 security pros are not familiar with APT attacks3
• < 2.4% of graduating students hold computer science degrees7
• 1 million unfilled security jobs worldwide8
• 83% of enterprises currently lack the right skills and human resources to protect their assets9
Too Many Threats Too Few Professionals
While enterprises are under siege from a rising volume of cyberattacks, the global demand for skilled professionals sharply outpaces supply. Unless this gap is closed, organizations will remain at risk. Comprehensive educational and networking resources are required for everyone from entry-level to experienced professionals to meet the needs of organizations.
Sources: 1. Increased Cyber Security Can Save Global Economy Trillions, McKinsey/World Economic Forum, January 2014; 2. M-Trends 2013: Attack the Security Gap, Mandiant, March 2013; 3. ISACA’s 2014 APT Study, ISACA, April 2014; 4. Symantec ,2015; 5. C. Bunn, 'How IT Teams can Prevent Insider Threats from both Malicious and Careless Activity. - Enterprise Network Security Blog from ISDecisions', 2013; 6. SpectorSoft 2014 Insider Threat Survey, 1st ed. 2015, pp. 1-2; 7. Code.org, February 2014; 8. 2014 Cisco Annual Security Report; 9. Cybersecurity Skills Haves and Have Nots, ESG, March 2014
“Mind the gap!”Cybersecurity Workforce Alliance (CWA)
1. Standards, Approach and Engagement– NICE Taxonomy, Role Profiles, Assessments
2. Aligning Education with Industry– Awareness, Experience, Workforce Ready
3. Human Capital Supply Chain– Workforce Management and Skills Development
Supply
PassportTrusted Data
User Experience Skills & Work Product
ProjectsReal-World Challenges
AssessmentsLesson Plans
Resources
Role ProfilesCompetencies & KSAs
MatchingLibrary
• Federal Reserve Bank NY• Bank NY Mellon• Morgan Stanley• Goldman Sachs• Fidelity Investments• Capgemini• JPMorgan Chase• Express Scripts• Standard Chartered Bank• FCC• Perkins Coie• RANE Network
Original Founders
Cybersecurity Workforce Alliance (CWA)
Improve the cyber security skills and scale the college student and employee workforce, so they are more
attractive to hire and can provide almost immediate value to the public & private sector by improving a company’s Cyber
Security capabilities.
Purpose
Focus
Increase Awareness and Experience
Reduce the amount of training for college hires
Create the “perfect student candidate profile”
Real-World Experience - the "Epic Challenge"
Align Professional Certificates to Role Profiles
CWA Mission
CWA Members/Momentum• Jan 15 – SIFMA & CUNY (Securities Ind. Financial Markets Assn
480 members) supports Launch at City University of New York• April – NICE asks iQ4 to lead Workgroup for Private Sector• July – FSSCC (Coordinating Council 10k members) launches
Workforce Workgroup • August – Internal Adoption large FS institutions begins• September ‐ SUNY launches University at Albany• October – Federal Communication Commission discuss alignment• October – Utilities Telecoms Council discuss alignment • October – CWA‐EMEA Launch in London• November 2015 – NICE presentation !
Education and Industry - StandardsRole Profiles – Professional Certificates
TECH-RISKInteresting, highly paid, front end challenging
Business ResilienceNeeds sector and employer’s business awareness and time on the job
Gov, Risk,
ComplianceNeeds GRC understanding, Jurisdiction
Examiners/Regulators“Not enough skills and people in GRC –as they are all moving to the front line”
CWA Extensions Private Sector
VirtualEpic
Challenges
Learned Knowledge
Professional Certificates
Applied Knowledge
Job Roles.
Competency BasedReal-World Challenges
Connecting Education And Industry’s Via Epic Challenges.
Competency Alignment
Workforce Ready Candidates
Education Industry
People Not Aware Of Need Or Opportunity
79%Never spoken to a cybersecurity professional. This affects how much millennials know about the types of work involved in the field
Academia2-3 hours per week. Credited Course / Project
Industry MentorsIndustry team mentors2-3 hours per week. AssessmentsDefines Challenges
Students10-12 hours per weekAwarenessExperience
Epic Challenges Accelerate Training While Students in School“Having the poise, confidence and knowledge equal to someone with 12‐months experience”
(Federal Reserve Industry Mentor)
Currently running “The Threat Within” designed by the CWA to develop the skills they for priority next-hires.
U.S. Employee Training
$590 Billion
Savings$30 Billion
CWA FUNDING
1%$590 Million
† 1.5 million positions @ $20k industry cost savings per position with iQ4.
SUNY & University at Albany &CUNY & John Jay College of Criminal Justice
Connecting Industry and EducationTRANSFORMING THE NEXT GENERATION WORKFORCE
Students learn the skills employers look for!
Student Demographics
• 17 Students Selected
• 4 Role Profiles (Governance, Risk, Behavioral, IT)
• None with prior applied learning experience
• Only a few had Cybersecurity experience
“The students presented with the poise, confidence and knowledge of a newly hired student completing one year of training”
– Industry Mentor
Epic Challenge Statistics40 Students
34,545 Page Views 2x 2,853 Sessions 30%+ 13.35 Avg Pages / Session 12:11 Mins / Session 50%+
NOW YOU CAN JUDGE THE RESULTS 6 WEEKS – IMAGINE WHAT WE CAN DO?
30% of students participating switched concentrations to Cybersecurity
Human Capital – The Next Supply ChainJob-Roles On A Common Taxonomy
SourcingStudent SupplyAlignment of Education with Industry, connecting students with Real-World projects
SCALINGVirtual InternshipsProject-based team learning experience; industry mentored, stackable credentials
ProductivityCut Time and Cost6-12 week virtual-Internships = 12 months of work experience (Industry Mentor). Saves $10 -$30K per month
Next Generation (CWA)
Resilience/AgilitySkills Gap ClosedHuman Capital Supply Chain Management – take care of our greatest assets
Career PathwaysProgression mappingPersonal and team, retention, retirement / succession planning,
InventorySkills Profile PassportsCritical Roles, Staffing and Proficiency Levels, Career TrajectorySkills-Gap Development
Internal Use Case
Nullam eu tempor purus. Nunc a leo magna, sit amet consequat risus. Etiam faucibus tortor a ipsum vehicula sed suscipit.
Resource Inventory
Common Standards/ Frameworks Job Roles, Taxonomy And Platform
Student Employee
Skills GapsDashboard
Career Development
Productivity AgilityAssurance
Verified Data
StackableCredentials
IndustryCurricula
ScalableVirtual Reach
Life Cycle of Learning
• Awareness• Experience• Workplan: Syllabus, Curriculum,
Role Profiles, Assessments
Epic -Challenges
Cyber-InternshipsIndustry greatest challenges
• Role Based• Critical Staffing and Gaps• Career Pathways• Progression Mapping
Tooling (iQ4 Platform)
Workforce Management and Skills Development
• Level the Playing Field• Broaden reach• Cast a wider net
Accelerates Training
Slash cost and time to productivity
CWA - Alliance Objectives
• Taxonomy: Competencies, KSAs• Role Profiles• Professional Certificates
Standards /Frameworks
NICE - CWA defines extensions for Industry
CWA -USA
CWA -EMEA FutureCWA-APAC
CWA – A Global Response To Cyber ThreatCWA Agreed Extensions To NICE –
BY MEMBERS, FOR MEMBERS
New York City & StateIncludes:SIFMA, FSCC, FCC, UTC,Banks, Healthcare, City Uni NY, State Uni NY Capgemini,Universities, Community Colleges
London/EMEAIncludes:Lloyds Banking Group, BNY Mellon, Morgan Stanley, Goldman Sachs, Police Cybercrime Unit, Emergency Planning Centre, Capgemini,Universities, Community Colleges
(Future) India/APACIn discussionCWA Member’s Offshore workforce – USA & EMEA members with APAC Operations or Offshoring
Global Promotion & Adoption
Summary
NICE Framework is Systemized ‐ NowCWA extensions supported by DHS/NICE for all Public Sector Growing adoption by industry and industry bodies: SIFMA, FSSCC, NCC, UTC…..It works!
g y
“The students presented with the poise, confidence and knowledge of a newly hired student completing one year of
training” – Industry Mentor
top related