developing cyber skills: a job role centric approach4/1/17 1 developing cyber skills: a job role...
TRANSCRIPT
4/1/17
1
DevelopingCyberSkills:AJobRoleCentricApproachJane Dickinson, Senior Manager, Skills Certification, Western Europe
Thevoiceoftheworld’sinformationtechnology(IT)industry.
§ Non-profit:ITTradeAssociationadvancingtheglobalinterestsofITprofessionalsandITchannelorganisations
§ Membership:Individualandcorporatecommunities,includingtheAITP
§ Philanthropy:CreatingITFuturesFoundation
§ Advocacy:Governmentlobbyingforbestpractices
§ Educationandcertification:Provideindustryleadingcredentialsandcertification:
AboutCompTIA
4/1/17
2
We’llbetalkingabout:
1. OurviewoftheITSecuritylandscape
2. Resourcesyoucanaccessforyouandyourbusiness
3. JobroleledcertificationsforITPros
OurAgenda
THEITSECURITYLANDSCAPE
4
4/1/17
3
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
Thechangingsecuritylandscape– increasing“attacksurface”
5
COMPLEXITY OFPRIVACY
INCIDENT RESPONSE
DISSOLVING PERIMETER
EVOLVINGENDPOINT
ENCRYPTEDTRAFFICVISIBILITY
SECURITYPOSTURE
NEW SECURITYCONTROLADOPTION
SECURITYPOSTURE
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
Theimportanceofcybersecurity
6
6%
18%
49%
27%
3% 18%
43%
35%
NETLower NoChange ModeratelyHigher
SignificantlyHigher
TodayTwoYearsFromNow
InternationalSummary
66%NETofUK
businessesexpectITsecuritytobecomeahigherpriorityoverthe
nexttwoyears
79%NETHigherPriority
inTwoYears
4/1/17
4
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
Topdriversforchangingthecybersecurityapproach
7
1. ChangeinIToperations(e.g.cloud,mobility)2. Reportsofsecuritybreachesatotherfirms3. Internalsecuritybreachorincident4. Changeinbusinessoperationsorclientbase5. Knowledgegainedfromtrainingorcertification
InternationalSummary
1. ChangeinIToperations(e.g.cloud,mobility)2. Internalsecuritybreachorincident3. Changeinbusinessoperationsorclientbase4. Reportsofsecuritybreachesatotherfirms5. Changeinmanagement
UnitedKingdom
Source:CompTIAInternationalTrendsinCybersecurity|Overallresults,n=1,509
4/1/17
5
EDUCATING&EMPOWERINGALLUSERS
9
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
HumanErroristhe#1threattoITSecurity
52% 48%
Humanerror Technologyerror
FactorsinSecurityBreaches
Source:CompTIA’sTrendsinInformationSecuritystudy|Base:400U.S.endusers
10
4/1/17
6
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
TopReasonsWhyHumanErrorhasCulpabilityinSecurityIncidentsandBreaches
Increaseduseofsocialmediabystaff
Failureofstafftogetuptospeedwithnewthreats(e.g.mobility,cloud,etc.)
Generalnegligence/carelessnesstowardssecurity
Lackofsecurityexpertisewithwebsitesandapplications
FailureofITStafftofollowsecurityproceduresandpolicies
1
2
3
4
511
Source:CompTIA’sTrendsinInformationSecuritystudy|Base:400U.S.endusers
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
ARealisation…
12
Therearealsoadditionalattacksandtrendsthatthepublicusually
doesn’tsee
Vendororserviceprovider
impersonation
Insiderattacks
Attackershaverealizedthat
simple,powerfultoolsareavailable
Veryeffectivemalwareisavailableas
well
Alltheyneedtodoisfindthatoneuser
4/1/17
7
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
IntroducingCompTIACyberSecure
13
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
LookinginsideCyberSecure
§ Onlinetraining– Self-paced,60minutes– Accessibleviadesktoportablet– Shortpreandpostassessments– Providescertificateofcompletion
§ Audience– EveryonefromCEOtoAdministrativeStaffto
Apprentice
§ Informationsecurity– Providesheightenedawareness– Helpstochangeonlineandofflinepractices– Focusesonworkplaceand“afterwork”settings
14
4/1/17
8
DEMOATCYBERSECURE.ORG
15
ITCERTIFICATIONS
4/1/17
9
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
Certifications
17
• CreatedbyIndustryforIndustry• Relevant• Regularlyupdated• InternationallyRecognised
• JobRoleLed• Spanentrylevelroles– tohelpentrantsto
theindustrygettheirfirstjob– throughtomoreadvancedroles
• VendorNeutral/Inclusive• Independentofanyparticulartechnology,
productorplatform• Reflectthediversetechnologiesdeployedin
today’sorganisation
ITCareerRoadmap
4/1/17
10
Copyright(c)2017CompTIAProperties,LLC. AllRightsReserved.|CompTIA.org
Askills-basedlookattheCompTIACertificationRoadmap
Wecertifyessentialskillsfor theentireITdepartment/“ecosystem”
Jobrole Certification
HelpDesk /ITSupportTech/FieldTechnician A+
Operatingsystemsupport/virtualization Server+,Linux+
Network technician Network+
IT /cloudarchitect CloudEssentials,Cloud+
Security analyst/consultant/SIEMEngineer CSA+
Securityengineer/IAtechnician CASP
Any employee CyberSecure
Securityadministrator/net techspecialist Security+
Project manager Project+
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org 20
Cybersecurityisavitalelementtoconsiderineveryjobrole.Whilerisinginpopularity,CompTIASecurity+isn’ttheonlyCompTIAcertificationthatcoversthisessentialITneed.EveryITprofessional,regardlessoftheirjobrole,needstohavecybersecurityexpertiserelevanttotheirjobroleThat’swhyoursubjectmatterexpertsensuresecurityisinallofourcerts.
SecurityFocusThroughoutAllofOurCertifications
In2015,largeU.S.organizationshadanaveragetotalcybersecuritycostof
$15million
Averagetimetocontaina
cyberattackis46days.
Companiesthatinvestinadequateresourcesandemploycertifiedstaffsave
$1.5millionannuallyincybercrimecosts.
%ofObjectivesCoveringSecurity
CompTIA Security+ 100%
CompTIA CSA+ 100%
CompTIA CASP 100%
CompTIAITFundamentals 30%
CompTIAA+ 28%
CompTIANetwork+ 37%
CompTIAMobility+ 36%
CompTIAServer+ 33%
CompTIA Cloud+ 20%
4/1/17
11
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org 21
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
CompTIASecurity+CompTIASecurity+certificationis100%focusedoncybersecurity.Theexamcoversfoundationalprinciplesfornetworkandoperationsecurity,threatsandvulnerabilities,accesscontrolandidentitymanagementandcryptography.
1.0NetworkSecurity,20%
2.0ComplianceandOperationalSecurity,18%
3.0ThreatsandVulnerbilities,
20%
4.0Application,DataandHostSecurity,15%
5.0AccessControlandIdentity
Management,15%
6.0IndustryStandards,
Practices,andNetwork
Theory,12%
22
Jobroles:• SecuritySpecialist• SecurityConsultant• SecurityEngineer• SecurityAdministrator
Security+ExamDomains: Skillscompetencies:
• Understandnetworksecurity• Identifyandmitigatesecuritythreats• Understandapplication,data,and
hostsecurityissues• Implementaccesscontroland
identitymanagement
4/1/17
12
39,920
48,947 58,456
109,819
10,000
30,000
50,000
70,000
90,000
110,000
130,000
2012 2013 2014 2015
InformationSecurityAnalysts
Totalnumberofjobpostings:SecurityAnalystjobrole
Source:BurningGlassTechnologiesLaborInsights,January2017
175%increasefrom2012to2015.DataforU.S.only,butreflectsaninternationalneed.
Asof2016:The#1fastestgrowingjobinthehistoryoftheBureauofLaborStatistics(BLS)- ever
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
CompTIACSA+(CybersecurityAnalyst)SeamlesslyfollowingSecurity+,CompTIACybersecurityAnalyst(CSA+)appliesbehavioural analyticstogreatlyimprovenetworkthreatvisibility.Asattackershavelearnedtoevadetraditionalsignature-basedsolutions,ananalytics-drivencyberdefence hasbecomecritical.
1.0ThreatManagement
27%
2.0VulnerabilityManagement
26%
3.0CyberIncidentResponse
23%
4.0SecurityArchitecture&ToolSets
24%
24
Jobroles:• SecurityAnalyst• VulnerabilityAnalyst• CybersecuritySpecialist• SecurityEngineer
CSA+ExamDomains: Skillcompetencies:• Configureandusethreatdetection
tools• Performdataanalysis• Interpretresultstoidentify
vulnerabilities,threatsandrisktoanorganization
4/1/17
13
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
CompTIACASPCompTIAAdvancedSecurityPractitioner(CASP)validatesenterprisesecurityabilitiesinrequirements,riskmanagement,incidentresponseandcriticalthinking.CompTIA’sfirstmasterylevelcertification,CASPisthehands-on,performance-based,technicalcounterparttotheCISSP.
1.0EnterpriseSecurity29%
2.0RiskManagementandIncidentResponse
19%
3.0ResearchandAnaylsis
18%
4.0IntegrationofComputing,
CommunicationsandBusinessDisciplines
18%
5.0TechnicalIntegrationofEnterpriseComponents
16%
25
Jobroles:• CyberSecurity/ISProfessional• InformationSecurityAnalyst• SecurityArchitect• ITSpecialistINFOSEC
CASPExamDomains:Skillcompetencies:• Conceptualize,engineer,integrate
andimplementsecuresolutionsacrosscomplexenvironments
• Translatebusinessneedsintosecurityrequirements,analyzeriskimpact,andrespondtosecurityincidents
Copyright(c)2014CompTIA Properties,LLC. AllRightsReserved.|CompTIA.org 26
4/1/17
14
Copyright(c)2014CompTIA Properties,LLC. AllRightsReserved.|CompTIA.org
AnoverwhelmingmajorityofITprofessionalsandtheirhiringmanagersagreeonthevalueofcertifications
27
Sources:CompTIA’s 2nd AnnualITCareerInsightsstudyBase:1,381U.S.ITprofessionalsand
2nd EmployerPerceptionsofITTraining&CertificationstudyBase: 400 US HR professionals
70%OfITprofessionalsbelieveCompTIAcertificationsarevaluableorvery
valuable
93%Ofhiringmanagersbelievecertifications
arebeneficial
ValueonbothsidesValueonbothsides
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
ReportedBenefitsofHavingITCertifiedEmployees
89%
89%
88%
90%
More likely to stay with ourorganization
Perform better in similar IT job roles
Rewarded (via e.g. bonus, payincrease) for obtaining IT certification
More likely to be promoted
Source:CompTIA’sHRPerceptionsofITTrainingandCertificationstudyBase:400U.S.HRprofessionals
*Sometimes+Often
HRPerspective
ITcertifiedemployeesvs.non-ITcertifiedemployees
28
4/1/17
15
TheValuetoIndividuals
CompTIAcertifiedemployees:
1. Aremoreconfident2. Aremoreknowledgeable3. Reachjobproficiencymorequickly4. Aremorereliable5. Performatahigherlevel
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org 30
4/1/17
16
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org 31
Copyright(c)2017CompTIAProperties,LLC.AllRightsReserved.|CompTIA.org
§ MechanismtoenablestudentstopurchaseCompTIAExamVouchersandCompTIACertMasterdirectlyattheacademicrate
§ Studentswillrequireaac.ukemailaddress
§ Personaluseonly(volumeofpurchasesrestricted)
§ URL:http://academic.comptiastore.co.uk
New:AcademicMarketplace
4/1/17
17
‘As you probably know I'm really keen to do this cert especially since I just found out that if I complete this certificate I will definitely end up in an employment with a company’
Anton JorgenssonCyberSecurity Challenge Edinburgh University Camp 2015 Attendee
Talking about Security+ and his associated offer of employment
Usefulresources
Available to Registered Users (free of charge):
Quick Start Guide to Security Compliance - https://www.comptia.org/resources/comptia-quick-start-guide-to-security-complianceQuick Start Guide to Physical Security - https://www.comptia.org/resources/comptia-quick-start-guide-to-physical-securityInternational Trends in Cybersecurity – UK - https://www.comptia.org/resources/international-trends-in-cybersecurity---ukPractices of Security Professional - https://www.comptia.org/resources/practices-of-security-professionals
All Security related resources (some free of charge; some can only be accessed as a Premier Member):https://www.comptia.org/insight-tools/technology?tags=security
4/1/17
18
Everyone:1. Sign up as Registered Users for free, offering access to much of our
content - www.comptia.org/register/registration2. Demo CyberSecure at www.cybersecure.org3. Email me at [email protected] if you’re interested in finding out
more about our new Association of IT Professionals
Students:1. If you have an ac.uk email address you can buy CompTIA CertMaster
and certifications at up to 50% off list price at http://academic.comptiastore.ac.uk – enhance your employability!
IT companies: 1. Join the UK Channel Community which is the voice for IT companies in
the UK www.comptia.org/communities2. Join the LinkedIn Group - www.linkedin.com/groups/20992123. Attend the UK Channel Community meeting in Cardiff on 15th March,
with networking dinner on 14th (open to any IT companies at no cost) www.comptia.org/events
4. Sign up for Premier membership - receive 50 complimentary CyberSecure licences, 15% off certifications & access to a host of other great benefits https://www.comptia.org/register/become-a-premier-member
Copyright(c)2014CompTIA Properties,LLC. AllRightsReserved.|CompTIA.org
Formoreinformationcontact:
JaneDickinsonOffice:+44(0)2073306075Cell:+44(0)[email protected]
36
Thisphotoisforplacementonly
4/1/17
19
Thankyou!