Rick Howard, the chief security officer for Palo Alto Networks, said the cybersecurity consumption model will be disrupted by orchestration and automation in the cloud.
Federal agencies spend more than $13 billion a year on cybersecurity. A big chunk of that goes for people, whether federal employees or contractors. But we know that the there aren’t enough qualified workers with cyber expertise.
Agencies are required under the Consolidated Appropriations Act of 2016, which included the Federal Cybersecurity Workforce Assessment Act of 2015, to submit a baseline assessment of their existing cybersecurity workforce.
The results haven’t been good so far. For example, the Energy Department surveyed 624 IT or cybersecurity employees and found 281, or 45 percent, held “the appropriate industry-recognized certifications as identified under the National Initiative for Cybersecurity Education (NICE).”
The General Services Administration surveyed 38 IT or cyber workers and found 19, or 50 percent, had the certifications under the NICE program.
How can agencies–and really most organizations–make up for not having enough of the hard-to-find cyber talent?
Many agencies are looking toward an assortment of tools from the vendor community.
But as we’ve seen time and again, the tools have a hard time keeping up with the threats especially as the networks change to include more and more cloud and mobile devices.
Agencies need to figure out how to stay ahead of the threats, and if not, limit the damage by a successful attack and be resilient for the mission.
So how can agencies do that?
Rick Howard, the chief security officer for Palo Alto Networks, said the use of automation tools will help agencies deal with the ever-increasing need for cybersecurity workforce talent.
“Our traditional approach to solving cyber challenges is to throw people at it and we’ve reached the point where that doesn’t work anymore,” Howard said on the Innovations in Government show. “What has emerged as the solution is the cybersecurity platform–a single box that does most of the things agencies need, whether it’s what 15-to-20 tools or 200 tools do now. The second part of it is vendors doing the integration with the tools it doesn’t own inside box so the customer doesn’t have to do it themselves. We are getting rid of those best practices we discovered in the 1990s. We should jettison vendor-in-depth and best-of-breed because those aren’t as important any more. The best practice everyone should be pursuing is buy from vendors who will integrate for you so you can concentrate your people on the really important stuff.”
Howard said the vendor in-depth or defense in-depth approach became too difficult over the years because of the breadth of tools agencies were using.
“You buy the box. You have to buy someone who can manage the box. You have to buy someone who can understand the data coming off the box. And then you need a fourth person back in the security operations center who ties all the data from all the tools together in some coherent adversarial picture. That’s just too hard to with such small staffs,” he said.
Howard said one approach Palo Alto Networks and other cyber vendors are taking to develop this cyber platform in the form of an app store.
“If you think about just firewalls in general, it does three things: it’s a giant intelligence collection engine; it processes that intelligence looking for bad things; and once it finds bad things, it enforces a prevention point,” he said. “What all the firewall vendors have been doing in the last five years is moving the processing piece and delivery of enforcement up to the cloud. The cloud gives vendors pretty much infinite processing power and infinite storage space. We are opening this up to third parties. Another security vendor doesn’t have to convince someone like me to deploy, but do a software build an applications on the Palo Alto Networks app store.”
Palo Alto Networks announced this new approach earlier this year where customers can turn it on, test it out and either continue using it or turn it off.
“This completely disrupts the cybersecurity consumption model,” Howard said.
Palo Alto Networks also is addressing the workforce challenges by partnering with the Girl Scouts of America. Howard said this partnership will create 18 cybersecurity merit badges Girl Scouts can earn for online safety and network security engineering.
“Over the life of their educational careers, more than 2 million girls will be exposed and encouraged and nurtured to be cybersecurity professionals from kindergarten up through high school,” he said.
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps organizations achieve agency mission, all while maintaining complete visibility and the control needed to protect critical control systems and most valued data assets.
Jason Miller is a reporter whose work focuses mainly on technology and procurement issues, including cybersecurity, e-government and acquisition policies and programs.
Rick Howard, Chief Security Officer, Palo Alto Networks
Rick is the Chief Security Officer (CSO) for Palo Alto Networks where he oversees the company’s internal security program, leads the Palo Alto Networks Threat Intelligence Team (Unit 42), directs the company’s efforts on the Cyber Threat Alliance Information Sharing Group, and hosts the Cybersecurity Canon Project. His prior jobs include the CISO for TASC, the GM of iDefense, the SOC Director at Counterpane and the Commander of the U.S. Army’s Computer Emergency Response Team. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy.