In the great 1978 classic movie “Halloween,” the boogeyman doesn’t die despite repeated stabbings and shootings by people trying to stop him. It’s not a bad metaphor for cyber. The battle against the boogeymen never ends.
The most recent Wikileaks disclosures of John Podesta’s and Hillary Clinton’s email demonstrates a new front in the cyber wars. Politics joins the list of hacker motivations, along with theft of intellectual property and money, and disruption in online service as typified by the Dyn attack earlier this month.
The workforce challenge got a boost from the White House’s July Cybersecurity Workforce Strategy. More recently (ISC)², the big certification organization, sent its ideas for developing the cyber workforce to Greg Touhill, the newly appointed federal chief information security officer. Hear more about them in my interview with (ISC)²’s Dan Waddell.
Also noteworthy is a census of cybersecurity companies in Maryland, Virginia and D.C. compiled by the non-profit consortium Tandem NSI. It shows that most of the 650-odd companies surrounding Washington provide services, not products. In my interview with him, report author Jonathan Aberman says that means their growth depends directly on their ability to hire qualified people.
If the evil Michael Myers in “Halloween” met his match in the character played by Jamie Lee Curtis, then non-fictional adversaries in cyberspace could meet theirs in people like Lauren Mazzoli, a real-life cyber software engineer at Northrop Grumman. She’s on the vanguard of the cyber and cybersecurity workforce that everyone seems to agree is too small to meet commercial and federal requirements. I got to know Mazzoli after moderating a panel discussion on the cyber workforce (disclosure: I received a fee for moderating). Also participating was Dr. Freeman Hrabowski, the president of the University of Maryland Baltimore Campus. UMBC’s cybersecurity program is highly tied in with industry and federal agencies. It produces people like Lauren Mazzoli.
Mazzoli’s story is one of how a combination of good science and math education, federal internships and corporate networks can enhance the cybersecurity workforce. If you think those in the so-called millennial age bracket can’t work effectively in cyber, listen to Mazzoli.
Like, say, baseball, cybersecurity is hard. It requires math and analytic skills, and in some cases specific engineering disciplines in an age when even adults run around playing Pokémon Go. But Hrabowski says the cybersecurity field also needs people with sociology, legal and managerial skills.