bridging the skills gap with cyber threat intelligence · intelligence • analysis and reporting...
TRANSCRIPT
Bridging the Skills Gap with Cyber Threat Intelligence
Talk Overview
• Who Am I?
• Who Are Crucial?
• Current Market Issues
• One Solution
• Our Process
• What is Cyber Threat Intelligence
• The Value of CTI
• Bridging the Gap
Tom Huckle – Head of Cyber
• Joined the Royal Marines as an Officer
• Specialised as a Royal Marine Mountain Leader
• Officer Commanding Reconnaissance Troop
• Joined Barclays Bank Cyber Operations Team
• Joined Crucial Academy
Crucial Academy is a Government-backed private entity
Set up by former Royal Marines specialising in cyber security
Delivering specialist courses in cyber security in order to strengthen the UK’s cyber security capability
We provide a pathway into cyber security
Crucial are quickly becoming the UK’s
number one cyber security training academy and are primed to help shape the future of Britain’s cyber
capability
Johnny Mercer MPMember of House of
Commons Defence
Committee
Who Are Crucial?
98% pass rate on accredited exams
84% of our students are now employed in cyber related roles
70% of CTI course, who graduated 12 weeks ago already in cyber related roles
Partnerships across industry and real-life training delivered
Awarded 2019’s Cyber Skills Immediate Impact Fund (CSIIF) to retrain
veterans in cyber security
Department for Digital, Culture, Media & Sport
Who Are Crucial?
Current Market Challenges
Current Market Statistics
• 350,000 unfilled European cyber security positions by 2022 being forecasted*
• The UK currently has vacancy rates varying between 20%-30%**
• New talent has declined with a 16.6% fall in the number of students sitting a computing-related topic in the UK**
• The Office of Budget Responsibility has estimated that the UK will lose a staggering 50% of its EU national workforce after Brexit**
Sources: *IFSEC Global, **ISACA.org
Why do we have a Skills Gap?
Some of the Reasons…
• 92% of hiring managers admit they prioritise previous cyber security experience when choosing candidates
• Most recruitment comes from professional and social networks
• Mismatch between what skills workers are prioritising compared to what employers are looking for
• Shortage of workers
• High staff turnover. 21% of the global workforce say they have left their jobs in the past year in information security
• Prioritising the wrong things in security
• Lack of a clear pathway
The Bottom Line…
Cyber talent cannot simply be produced fast enough to keep
pace with the demand…
How a potential journey looks with Crucial Academy
Candidate Process
13
Application
Our application process
involves online timed
assessments and telephone
interviews.
Online Training
We provide extensive online
resources and educational
tools to assist with our
courses and ensure
candidates are prepared
2/3-Week Course
Candidates begin our 2/3-
week intensive courses, which
are all accredited courses in
cyber security and information
assurance
Employment
Candidates put their past
experience and newly
acquired skills to good use in
potentially joining one of our
commercial partners
Support
Our team provide continued
support and advice throughout
candidate’s career
Online Training: Partnership
• Full partnership with access to entire portfolio with the worlds leading online cyber training platform
• Created unique curriculums in core training areas specific to Crucial
• Cover both online and practical training
• Potential CTI analyst can cover course content, micro courses, tests and extensive collection of virtual labs
• CREST CPSA & CRT qualifications
• Passive and active information gathering
• Scanning, enumeration and exploitation
• Web application testing
• Penetration Testing
Offensive Defensive
• CompTIA Cyber Security Analyst+ qualification
• Detection and defence against attacks
• Incident management and reconnaissance
• Monitoring and analysis
• Vulnerability testing
Information Assurance
• PECB ISO27001 Lead Implementer & PECB Certified Data Protection Officer
• Information security management systems
• Data protection implementation.
• GDPR implementation
• Framework & Policy implementation
Threat Intelligence
• CREST Registered Threat Intelligence Analyst qualification
• Cyber threat intelligence
• Tactical threat intelligence
• Investigations and open source intelligence
• Analysis and reporting
Crucial Academy
Cyber Threat Intelligence: Current Situation
• Growing requirement for businesses• More consumption of CTI, especially in form of finalised intelligence• CTI market expected to grow from £4.1B 2018 to £10B in 2023• Growing number of threats• Growing attack surface• Growing demand for CTI analysts
Examples of Threat Intelligence in ActionBefore an Attack:
• Automatically defend against attacks
• Integrate tactical threat intelligence directly in intrusion detection systems, firewalls and SIEMs
• Block known bad IPs, URLs, hashes etc
Examples of Threat Intelligence in ActionDuring an Attack:
• Threat intelligence can speed up the triage processes
• Allows security teams to prioritise more effectively and streamline their workflow
• Operational intelligence allows threat hunting
Examples of Threat Intelligence in ActionAfter an Attack:• Threat intelligence can provide the
required detail for forensics, investigations and reporting after an attack takes place
• Allows us to perform continuous cyber-hygiene to prevent future attacks
• Threat intelligence contextualisesincident information
• Threat intelligence also helps with red-teaming activities
Value of CTI
• Improving visibility into threats and attack methodologies impacting our environment
• Revealing vulnerabilities where new security measures should be implemented
• More accurate risk analysis
• Reducing time to identify and respond to incidents
• Prioritisation of efforts and resource utilisation
• Detecting unknown threats
• Improving accuracy (fewer false positives)
• Locating the source of events impacting our enterprise
• Measurably reducing the impact of incidents
• Reducing exposure of sensitive data
• Preventing breaches
• Preventing business outage
CREST Registered Cyber Threat Intelligence Course
• 3-week course
• Introduction to Cyber Threat Intelligence
• Understanding Intelligence
• The Process of Data to Intelligence
• Using Threat Intelligence
• Implementing an Intelligence Programme
• Diamond Model and Cyber Kill Chain
• OSINT Techniques
• Advanced Data Collection
• Case Studies
Week 3 – Real World Insights• Support from Director
Threat Intelligence & Professional Services –Stewart Bertram
• Collaborate and provide current industry standards and techniques to training
• Real world insights
• Case study review
Filling the Cyber Skills Gap?
0 5 10 15 20 25 30 35 40 45 50
Other
Business Group
Vulnerability Management Team
Enterprise Security Team
IT Operations Team
Dedicated CTI Team
Incident Response Team
Security Operations Centre
Where CTI Members are Drawn from within an Organisation
%
Source: SANS CTI Survey 2019
Incident Response
CTI Team
Security Operations Centre
IT Operations TeamNetworking
Why Military Personnel are Ideally Suited to CTI
• Experience with the intelligence lifecycle
• Happy to work to timelines and under pressure
• CTI principles have been inspired by military intelligence doctrine
• Technical skills are easily transferrable
• Quick to learn new skills
• Leadership skills
• Ability to work as part of a team
• High personal drive and pursuit of excellence
Crucial Case Study
• Daz Menzies
• 14 year military career
• Digital Forensic Analyst with UK Military
• Crucial Academy course
• IBM Cyber Threat Intelligence Analyst
Recommendations
• Skill sets matching pace of technology and requirements
• Looking beyond social and professional networks as the main channel of recruitment to open doors for new, younger and more diverse talent
• Accepting the need to invest in development and training because more talent is needed to stem the high levels of movement on job markets
• Better communication of current employer requirements because workers prioritise different skills for their professional development than what employers look for in the workforce.
Look to partnerships to help solve the skills shortage
Better to work together than strive alone
• Behind every attack is a human adversary
• Humans adapt and change TTPs in response to security controls
• Effective defence requires dedicated, capable and adaptable professionals
Final Recommendation
Email: [email protected]: https://academy.crucialgroup.co.uk