Thursday 6 October 16:00 - 16:30, Green room
Stephen Cobb (ESET)
This paper addresses a number of increasingly urgent questions about the defence of information systems against criminal hackers, the first of which is this: can the world produce enough appropriately skilled human defenders of digital systems to defeat the humans who seek to compromise such systems for nefarious purposes?
Multiple studies suggest that a significant 'cybersecurity skills gap' currently exists and that it is hampering efforts to defend information systems against criminal hackers. As countries around the world scramble to increase the supply of cyber-skilled humans capable of making a worthwhile contribution to defence of the digital infrastructure on which so many economies now depend, massive education and recruitment efforts are being funded. The success of these efforts is predicated on an unproven assumption that there will be an adequate supply of willing participants who possess the necessary traits and abilities to become effective cybersecurity professionals. In other words, it is assumed that most people can be trained to become effective cybersecurity professionals and enough of them will want to do so. In questioning that assumption, this paper provides a critical review of existing efforts to assess cyber-aptitude and ability and considers the results of a number of experimental fast-track cybersecurity training programs. The challenge of recruiting and retaining participants in a profession that can be both highly demanding and lacking in some traditional forms of job satisfaction is also discussed. To address the problems raised, the paper presents several positive scenarios for consideration in the areas of technology, economics, and governance.
Stephen Cobb first spoke at Virus Bulletin and has been a CISSP for 20 years, helping companies large and small to manage their information security, with a focus on emerging threats and privacy issues. The author of several books and hundreds of articles on cybersecurity and data protection, Cobb heads a San Diego based research team for ESET North America and has been conducting post-graduate research in the Criminology Department of the University of Leicester in England.