Bridging the Skills Gap with Cyber Threat Intelligence

Talk Overview

• Who Am I?

• Who Are Crucial?

• Current Market Issues

• One Solution

• Our Process

• What is Cyber Threat Intelligence

• The Value of CTI

• Bridging the Gap

Tom Huckle – Head of Cyber

• Joined the Royal Marines as an Officer

• Specialised as a Royal Marine Mountain Leader

• Officer Commanding Reconnaissance Troop

• Joined Barclays Bank Cyber Operations Team

• Joined Crucial Academy

Crucial Academy is a Government-backed private entity

Set up by former Royal Marines specialising in cyber security

Delivering specialist courses in cyber security in order to strengthen the UK’s cyber security capability

We provide a pathway into cyber security

Crucial are quickly becoming the UK’s

number one cyber security training academy and are primed to help shape the future of Britain’s cyber

capability

Johnny Mercer MPMember of House of

Commons Defence

Committee

Who Are Crucial?

98% pass rate on accredited exams

84% of our students are now employed in cyber related roles

70% of CTI course, who graduated 12 weeks ago already in cyber related roles

Partnerships across industry and real-life training delivered

Awarded 2019’s Cyber Skills Immediate Impact Fund (CSIIF) to retrain

veterans in cyber security

Department for Digital, Culture, Media & Sport

Who Are Crucial?

Current Market Challenges

Current Market Statistics

• 350,000 unfilled European cyber security positions by 2022 being forecasted*

• The UK currently has vacancy rates varying between 20%-30%**

• New talent has declined with a 16.6% fall in the number of students sitting a computing-related topic in the UK**

• The Office of Budget Responsibility has estimated that the UK will lose a staggering 50% of its EU national workforce after Brexit**

Sources: *IFSEC Global, **ISACA.org

Why do we have a Skills Gap?

Some of the Reasons…

• 92% of hiring managers admit they prioritise previous cyber security experience when choosing candidates

• Most recruitment comes from professional and social networks

• Mismatch between what skills workers are prioritising compared to what employers are looking for

• Shortage of workers

• High staff turnover. 21% of the global workforce say they have left their jobs in the past year in information security

• Prioritising the wrong things in security

• Lack of a clear pathway

The Bottom Line…

Cyber talent cannot simply be produced fast enough to keep

pace with the demand…

How a potential journey looks with Crucial Academy

Candidate Process

13

Application

Our application process

involves online timed

assessments and telephone

interviews.

Online Training

We provide extensive online

resources and educational

tools to assist with our

courses and ensure

candidates are prepared

2/3-Week Course

Candidates begin our 2/3-

week intensive courses, which

are all accredited courses in

cyber security and information

assurance

Employment

Candidates put their past

experience and newly

acquired skills to good use in

potentially joining one of our

commercial partners

Support

Our team provide continued

support and advice throughout

candidate’s career

Online Training: Partnership

• Full partnership with access to entire portfolio with the worlds leading online cyber training platform

• Created unique curriculums in core training areas specific to Crucial

• Cover both online and practical training

• Potential CTI analyst can cover course content, micro courses, tests and extensive collection of virtual labs

• CREST CPSA & CRT qualifications

• Passive and active information gathering

• Scanning, enumeration and exploitation

• Web application testing

• Penetration Testing

Offensive Defensive

• CompTIA Cyber Security Analyst+ qualification

• Detection and defence against attacks

• Incident management and reconnaissance

• Monitoring and analysis

• Vulnerability testing

Information Assurance

• PECB ISO27001 Lead Implementer & PECB Certified Data Protection Officer

• Information security management systems

• Data protection implementation.

• GDPR implementation

• Framework & Policy implementation

Threat Intelligence

• CREST Registered Threat Intelligence Analyst qualification

• Cyber threat intelligence

• Tactical threat intelligence

• Investigations and open source intelligence

• Analysis and reporting

Crucial Academy

Cyber Threat Intelligence: Current Situation

• Growing requirement for businesses• More consumption of CTI, especially in form of finalised intelligence• CTI market expected to grow from £4.1B 2018 to £10B in 2023• Growing number of threats• Growing attack surface• Growing demand for CTI analysts

Examples of Threat Intelligence in ActionBefore an Attack:

• Automatically defend against attacks

• Integrate tactical threat intelligence directly in intrusion detection systems, firewalls and SIEMs

• Block known bad IPs, URLs, hashes etc

Examples of Threat Intelligence in ActionDuring an Attack:

• Threat intelligence can speed up the triage processes

• Allows security teams to prioritise more effectively and streamline their workflow

• Operational intelligence allows threat hunting

Examples of Threat Intelligence in ActionAfter an Attack:• Threat intelligence can provide the

required detail for forensics, investigations and reporting after an attack takes place

• Allows us to perform continuous cyber-hygiene to prevent future attacks

• Threat intelligence contextualisesincident information

• Threat intelligence also helps with red-teaming activities

Value of CTI

• Improving visibility into threats and attack methodologies impacting our environment

• Revealing vulnerabilities where new security measures should be implemented

• More accurate risk analysis

• Reducing time to identify and respond to incidents

• Prioritisation of efforts and resource utilisation

• Detecting unknown threats

• Improving accuracy (fewer false positives)

• Locating the source of events impacting our enterprise

• Measurably reducing the impact of incidents

• Reducing exposure of sensitive data

• Preventing breaches

• Preventing business outage

CREST Registered Cyber Threat Intelligence Course

• 3-week course

• Introduction to Cyber Threat Intelligence

• Understanding Intelligence

• The Process of Data to Intelligence

• Using Threat Intelligence

• Implementing an Intelligence Programme

• Diamond Model and Cyber Kill Chain

• OSINT Techniques

• Advanced Data Collection

• Case Studies

Week 3 – Real World Insights• Support from Director

Threat Intelligence & Professional Services –Stewart Bertram

• Collaborate and provide current industry standards and techniques to training

• Real world insights

• Case study review

Filling the Cyber Skills Gap?

0 5 10 15 20 25 30 35 40 45 50

Other

Business Group

Vulnerability Management Team

Enterprise Security Team

IT Operations Team

Dedicated CTI Team

Incident Response Team

Security Operations Centre

Where CTI Members are Drawn from within an Organisation

%

Source: SANS CTI Survey 2019

Incident Response

CTI Team

Security Operations Centre

IT Operations TeamNetworking

Why Military Personnel are Ideally Suited to CTI

• Experience with the intelligence lifecycle

• Happy to work to timelines and under pressure

• CTI principles have been inspired by military intelligence doctrine

• Technical skills are easily transferrable

• Quick to learn new skills

• Leadership skills

• Ability to work as part of a team

• High personal drive and pursuit of excellence

Crucial Case Study

• Daz Menzies

• 14 year military career

• Digital Forensic Analyst with UK Military

• Crucial Academy course

• IBM Cyber Threat Intelligence Analyst

Recommendations

• Skill sets matching pace of technology and requirements

• Looking beyond social and professional networks as the main channel of recruitment to open doors for new, younger and more diverse talent

• Accepting the need to invest in development and training because more talent is needed to stem the high levels of movement on job markets

• Better communication of current employer requirements because workers prioritise different skills for their professional development than what employers look for in the workforce.

Look to partnerships to help solve the skills shortage

Better to work together than strive alone

• Behind every attack is a human adversary

• Humans adapt and change TTPs in response to security controls

• Effective defence requires dedicated, capable and adaptable professionals

Final Recommendation

Email: academy@crucialgroup.comWebsite: https://academy.crucialgroup.co.uk