Author Archives: Alexa Magdalenski

Transforming Security Operations through Machine Learning

December 5th, 2016 | Posted by Alexa Magdalenski in AI | Guest Blogs | Member Blog Posts - (Comments Off)

Our latest NVTC member guest blog post is by ePlus Chief Security Strategist Tom Bowers. Bowers discusses the latest advancements in machine learning and its impact on cybersecurity.

eplusAccording to a Ponemon Institute study released in March, 63% of survey respondents said their companies had been hit by “advanced (cyber) attacks” within the last year. Only 39% felt their company was highly effective at detecting cyber attacks. And worse, only 30% considered their organizations highly effective at preventing them.

A few weeks ago, I moderated a panel discussion at the ePlus/EC-Council Foundation CISO Security Symposium in National Harbor, Md. Our purpose was to gather together leading security experts to get their insights on the latest security threats and to discuss ideas and strategies. CISOs from many different industries were there. And as you might imagine, given the importance of cybersecurity today, the event was well-attended.

During the session, we covered various pressing topics in the realm of cybersecurity. But the most intriguing “future-looking” trend we discussed was machine learning.

That’s not a surprise because machine learning is a hot topic in tech circles. But it’s more than just the latest buzzword in the industry, and vendors are responding accordingly. In March, Hewlett Packard Enterprise (HPE) announced the availability of HPE Haven OnDemand, their cloud platform “machine-learning-as-service” offering. In October, IBM, whose Watson system is known as a leader in artificial intelligence (AI), changed the name of their predictive analytics service to “IBM Watson Machine Learning” to emphasize their direction “to provide deeper and more sophisticated self-learning capabilities as well as enhanced model management and deployment functionality within the service.”

Simply speaking, machine learning refers to the ability of computers to, in effect, “learn and grow in knowledge” based on past experience. Machine learning begins with a base set of teaching material and through subsequent experiences (i.e. the processing of more and more data sets and responses), the machine learning algorithm adds to the base material—it’s body of knowledge, so to speak—and the program becomes more intelligent. As a result, machine learning programs are able to answer questions and to make predictions with increasing accuracy.

What are the implications for security operations?

Machine learning has made tremendous strides in the last few years. From self-driving vehicles to medical research to marketing personalization to data security, machine learning algorithms are being used to churn through huge stores of data to identify patterns and anomalies, enabling data-driven decisions and automation. And that capability continues to mature and extend into the area of cybersecurity.

For years, those of us in IT security have worked tirelessly to increase the maturity of security operations in our companies. We’ve strived—in the face of increasing complexity and rising threats—to advance our information security capabilities beyond simple “detect and respond” reactive methods to risk-based “anticipate and prevent” proactive approaches. Machine learning is playing a role in that mission today and will play an even larger part in the years to come.

As more security vendors incorporate machine learning engines into their solutions, security operations will change. For example, log scanning—a tedious, labor-intensive effort—will become automated. Instead of a security analyst scrolling SIEM output, scrutinizing correlated events and analyzing their meaning, machine learning engines will parse huge log files, identify anomalies, and make decisions in near real-time.

In addition, machine learning engines will identify trends, threats, and incidents much faster. Instead of waiting on a security analyst to conclude their analysis, machine learning engines will parse reams of security data collected from enterprise machines, such as servers, smartphones, tablets, network devices, applications, and others. Through big data analytics and machine learning, this machine data will be searched and analyzed to gain insight into what is happening inside corporate networks, enabling trends to be exposed and incidents to be identified much faster than they are today.

But more importantly, machine learning engines will be able to “hunt” for exploits. By combining input from learned behaviors, known indicators of compromise (IOCs), and external threat intelligence feeds, machine learning engines will be able to predict malicious events with a high degree of accuracy, preventing major incidents before they materialize or become widespread problems. And we are seeing examples of this capability today. For instance, the cyber solution Endgame operates at the microprocessor level, analyzing pre-fetch instruction cache searching for zero-day exploits so they can be detected and eliminated long before an incident occurs.

Not to be overlooked is the ability of machine learning to enable automated responses. Machine learning engines not only can detect malicious behavior faster, based on IOCs and “experience,” but also can take action to eliminate the threat early in the kill chain without requiring human involvement. This enables incidents to be avoided proactively and lessens the workload on short-handed staff.

The benefits of machine learning are clear and compelling. But many security professionals are asking, “Is the technology really ready?” There are valid concerns, such as the validity of data from external threat intelligence feeds into machine learning engines and the potential for machine learning algorithms to be attacked and fed false models, but work continues by vendors and academia alike to sort out those questions. In fact, Georgia Institute of Technology just launched a new research project to study the security of machine learning systems.

Like most technology, machine learning will continue to evolve. But if expectations prove out, machine learning will transform how CISOs manage security operations within the next three years.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Recruiting the Millennial Workforce: All About the Connection

December 2nd, 2016 | Posted by Alexa Magdalenski in Guest Blogs | Member Blog Posts - (Comments Off)

Did you know?

  • Only 7% of federal employees today are age 30 or under – the lowest percentage in the last ten years
  • By 2017, 31% of federal workers will be eligible to retire
  • The government loses about 5,000 information technology employees each year

In a recent Government Executive blog post, NVTC member Susan Fallon Brown of Monster Government Solutions shared these astounding statistics and highlighted the growing opportunity for the federal government to bolster its millennial workforce and reduce overall hiring gaps with millennial talent. Here are some of the key themes she shared in the blog:

  • The importance of federal agencies being able to articulate their missions – millennials want to be a part of organizations that serve the greater good; an agency’s mission statement, often the first point of entry into an organization for a candidate, must clearly express the positive impact the agency is making
  • Digital channels are key to millennial recruitment – millennials are using social networks and digital channels in their job search more than ever before; agencies should leverage their digital channels as an extension of their recruitment efforts, utilizing clear and enticing messaging
  • Transparency and engagement are a must in the recruitment process – millennials want to be continually engaged in the hiring process. They want feedback from recruiters at all stages of the hiring process – and to hear from recruiters after the interview process, even if they didn’t get the job

Millennials make up about one-third of the workforce in Fairfax and Arlington Counties according to a 2016 Millennial Research report conducted by NVTC’s NextGen Leaders Committee. The report explored what attracts and retains millennials in organizations in Northern Virginia.

The notion of connection – millennials’ desire to feel connected to the community they live in, to their employer’s mission and charitable efforts, and to their colleagues, emerged throughout the report. Here are some interesting points from the research:

  • Millennials place strong emphasis on flexibility in their positions – in their schedule, in the physical location of their job and in their responsibilities. Instead of the amount of hours they work, millennials want to be evaluated on the quality of their output.
  • Millennials place strong value on ongoing learning and development opportunities; career progression and mentorship is highly important, even though company loyalty isn’t always a driving career factor for millennials.
  • Millennials highly value employee recognition in a variety of forms, including constructive feedback, awards, perks and promotions.
  • A company’s social responsibility efforts and commitment to being ethical is critical for millennials and a driving recruitment factor; millennials place strong value in the trust they have for their employer, their transparency and commitment to bettering the world.

Interested in learning more about recruiting and retaining millennials in our region? Read the full NextGen Leaders Millennial Research report.

Check out Government Executive’s blog here.

NextGen Leaders Millennial Graphic

Click to enlarge infographic above – just one of the interesting infographics you’ll find in the NextGen Leaders Millennial Research report

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Monster and Military.com Release 2016 Veterans Talent Index

November 29th, 2016 | Posted by Alexa Magdalenski in Veterans - (Comments Off)

VEI Logo SizedOn Nov. 10, Monster Worldwide Inc. and Military.com released their 2016 Veterans Talent Index survey illustrating over five years of data from Veterans and employers on Veteran recruiting, hiring and retention. Here are some of our key takeaways from the Index:

For employers, understanding Veterans’ unique experiences and skill sets is critical in recruiting and retaining Veterans. Veteran job seekers should be able to confidently articulate their own skill sets and military experiences and take advantage of resources like military skill translators and job coaching to do so.

  • 78% of employers surveyed responded that Veteran skills are relevant to civilian careers; but 48% of employers want a better translation of military skills into jobs

Employers have an opportunity to promote new career paths based on emerging technologies and areas of need. Employers should find new ways to inspire Veterans to these focus areas. Employers also have an opportunity to create programs to support hired Veterans that will set them apart from other companies.

  • 39% of Veterans are trying to figure out what to do for their next career
  • 53% of Veterans are seeking organizations that are “Veteran-friendly”
  • 43% of employers have Veteran-specific mentoring programs in place, up from 26% in 2014

Veterans are utilizing digital platforms in their job searches more than ever. Employers should continue to use on online recruiting channels and leverage the online networks of nonprofits and other organizations to reach and engage new candidates.

  • 54% of Veterans surveyed have used Facebook on their mobile device to look for jobs
  • 42% of Veterans have used Military.com as a preferred resource

The growing role nonprofits serve as a pipeline to Veteran candidates for employers was another key theme in this years’ Talent Index. Veteran candidates are working with nonprofits more than ever, alongside with Veteran Support Organizations and government agencies, to find employment opportunities. For the NVTC Veterans Employment Initiative (VEI), this reflects a growing opportunity to bolster partnerships with more member companies to work together and fill critical positions with Veterans.

Here are some of the ways VEI is leveraging opportunities in the 2016 Veterans Talent Index:

  • Hosting Veteran Recruiting Days, VETWORKING events  and transition summits at local military bases and companies in the region:
    • These events not only connect Veterans with prospective employers, they also provide a setting for companies to meet with Veterans in an important mentoring and job coaching capacity. VEI has engaged NVTC member companies across the spectrum of its programming.
      • In the last three years, over 650 Veterans have attended VEI’s Recruiting Days.
  • Building strong partnerships across the private, government and academic sectors:
    • VEI continues to galvanize a strong network including NVTC member companies, regional universities, nonprofits, policymakers, Virginia Veteran organizations like Virginia Values Veterans (V3) and military bases in the National Capital region.
  • Creating student Veteran internship opportunities:
    • The VEI Scholars Program connects student Veterans from our region’s colleges and universities with meaningful work-based experiences at NVTC member companies. Companies can identify their skill set needs and be matched with a Veteran candidate who fits those needs.
  • Promoting novatechvets.org:
    • VEI’s novatechvets.org Veteran career site (operated by Monster and Military.com) currently hosts over 7,000 open jobs at NVTC member companies and has a database of over 950,000 Veteran resumes.
    • The site also has a military skills translator for Veterans to match their skills to civilian jobs and other educational resources.

Learn more about the VEI’s mission and programs here.

Click here to view the full Monster and Military.com 2016 Veterans Talent Index survey.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Greater Washington’s Cyber Talent is Unmatched

November 28th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off)

1021Capital Cybersecurity Summit Logo 3We continue to share content from our inaugural Capital Cybersecurity Summit that took place on Nov. 2-3, 2016 at The Ritz-Carlton, Tysons Corner.

The Summit’s engaging Force Multipliers to Future Cybersecurity Panel explored the Greater Washington Region’s unparalleled cybersecurity talent and the cyber workforce gaps that exist in the region. US Cyber Challenge National Director Karen Evans, MACH37 Managing Partner Rick Gordon, MITRE Innovation Area Lead for Cybersecurity Dr. George Roelke and In-Q-Tel Executive Vice President and Director of Cyber Reboot Teresa Shea participated in the panel. Virginia Tech’s Hume Center for National Security and Technology Director Dr. Charles Clancy moderated.

Dr. Clancy opened the discussion by asking panelists what they thought was the region’s biggest cybersecurity opportunity. All panelists agreed – the region’s cyber talent and expertise are unmatched anywhere. Gordon shared that because of its cyber talent, Greater Washington is at the “center of mass” when it comes to cyber innovation, is able to compete on a global level and offer high cyber investment returns.

Shea stressed that entrepreneurs are flocking to the region to join its cyber movement, driven by their passion to solve cyber problems. Shea also noted that the region has some of the top cyber thought leadership, which is helping to fuel cyber investment and recruitment in the region.

The conversation dove deeper into the region’s cyber hiring gaps and strategies needed to combat those gaps. Some key points from the discussion:

  • By 2020, there will be a 1.5 million shortfall of cybersecurity professionals in the U.S.; this cyber hiring gap requires new recruitment promotion tactics
  • New, customized cyber training and job pathways must be created; not all cyber professionals will have the same educational and professional backgrounds. As the business and communications sides of cyber evolve today, not all cyber positions are created the same
  • The opportunity for personal growth in the cyber field, especially in the Greater Washington region, is tremendous; a personalized approach to promoting different cyber career paths is required to recruit the best talent

Dr. Clancy asked panelists which new college cybersecurity courses they think should be required today. Here are their suggestions:

  • Reverse engineering coding
  • Technology for the liberal arts
  • Mandatory cybersecurity training
  • Experiential learning

In promoting the region’s unique cyber assets, especially its talent, the panelists agreed that a fundamental public relations shift is needed. No longer is cybersecurity in the region strictly entrenched in the federal government. Cyber providers in the region are solving a vast range of problems across the public and private sectors for global clients.

As illustrated by the panelists, cybersecurity culture is in its infancy, especially in the Greater Washington region, and its evolution will be extremely exciting to watch – and shape.

Force Multipliers 1 Force Multipliers 2

Check out the full Capital Cybersecurity Summit photo gallery

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

1021Capital Cybersecurity Summit Logo 3Throughout the coming weeks on the NVTC blog we’ll be sharing content from our inaugural Capital Cybersecurity Summit that took place on Nov. 2-3, 2016 at The Ritz-Carlton, Tysons Corner.

One of the Summit’s highlights was the Investment Capital for Cybersecurity Panel, which focused on how to raise sufficient capital to fund promising cyber technologies and applications. The discussion featured Crosslink Capital Venture Partner Matt Bigge, Bessemer Venture Partners Vice President Sunil James, Blackstone CISO Jay Leek and Paladin Founder and Managing Partner Michael Steed. Raymond James Managing Director and Co-Head of Technology & Services Stefan Jansen moderated.

Jansen’s opening question for the investor panelists, “What does it take for cybersecurity startups to matter?” brought to light two themes that emerged throughout the panel: (1) to attract and maintain investors, promising cyber businesses must be inherently committed to innovation; (2) the human capital side of cyber startups and the teams that drive them are as important as the technologies themselves for investors.

Steed shared that he looks to invest in cyber companies that are disruptive in the cyber space and filling a void that solves a distinct cyber problem. James noted that his organization looks for a vitality in startups – energy for innovation that inspires engagement in all ranks of the organization and is infectious.

Bigge noted that his most successful cybersecurity investments have been made in organizations with strong founding teams that are passionate about solving their customers’ problems. Leek agreed, stating that investing in a company’s management team is just as important as the technology itself. Leek encouraged promising cyber businesses to take a deeper look into the efficiency of their operations, a critical factor for investors.

Some of the other noteworthy investment factors panelists shared included:

  • The importance of a quality and diversified revenue base for cyber startups
  • Rising cyber businesses must be able to provide ROI for their products and services after their first year
  • Cyber startups should have the ability to pinpoint opportunities for expansion within their existing customer base

View the full video from the Investment Capital for Cybersecurity Panel below and stay tuned for more Capital Cybersecurity Summit content here on the NVTC blog!

Investment Capital for Cybersecurity Panel Video: 

Check out the Capital Cybersecurity Summit photo gallery!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

8 Things to Consider Before Selecting a Dedicated Server

November 16th, 2016 | Posted by Alexa Magdalenski in Guest Blogs | Member Blog Posts - (Comments Off)

leaseweb-logoThis NVTC guest blog post is written by Marc Burkels, manager of dedicated servers at LeaseWeb. LeaseWeb, an NVTC member company, is an Infrastructure-as-a-Service (IaaS) provider offering dedicated servers, CDN and cloud hosting on a global network. LeaseWeb recently exhibited at the Capital Cybersecurity Summit on Nov. 2-3, 2016.

Let’s say you want to become the new Facebook. Believe it or not, I regularly run into people who have this ambition. The number one question these new Mark Zuckerbergs ask me is which server they need.

It is always a challenge to convince them to not rush into anything. Instead, I have them sit down and tell me what they really want. Since many companies switch servers within a few months after buying and this is always time consuming (not to mention the costs), it is certainly worth your while to think well before you decide. What is the service you want to deliver? What is your workload? Does it involve large databases?

I always discuss the following 8 things to help people decide on the right hosting provider and hardware configuration of a dedicated server:

1. Business impact of downtime

What is the business impact of potential failure of your hosting environment? One of the first things to consider when selecting a dedicated server is how to deal with potential downtime. In a cloud environment, the setup of the cloud protects you against hardware failures. With a dedicated server, you know you are not sharing resources with anyone else. But since there is always a single point of failure in one server, you need to decide whether you are able to accept potential downtime – if you do not have the option to scale to multiple dedicated servers.

2. Scalability of your application

Scalability is another important issue when choosing a dedicated server. How well does your application scale? Is it easy to add more servers and will that increase the amount of end users you can service?

If it is easy for you to scale, it doesn’t matter whether you use a dedicated server or a virtual solution. However, some applications are difficult to scale to multiple devices. Making sure a database is running on multiple servers is a challenge since it needs to be synchronized over all database servers. It might even be easier to move the database to a server that has more processing capacity, RAM and storage. Moving to a cloud environment – where you can clone a server, have a copy running in production and can add a load balancer to redirect traffic to multiple servers – could also be a good option for you.

3. Performance requirements of your server

What are your performance requirements? How many users do you expect and how many servers do you potentially need? Several hardware choices influence server performance:

Processor/CPU

Generally , you can choose the amount of processors and cores in a server. It depends on the application you are running whether you will benefit from more cores (but any multi-threaded application will benefit from more cores, for instance web servers or database servers). Consider also the performance of the core defined in clock speed (MHz): some processors have a better turn-around time with less cores and more GHz per core. The advice on which processors and how many cores to choose will ideally come from someone who is managing the application or the vendor of the software. Of course, they need to also take into account the expected amount of users.

RAM

The faster the CPU and the more cores it has, the more RAM options are available to you. If you are unsure about your RAM needs, choose a server that allows you to add RAM if needed since this is relatively easy. The ranges of RAM choices, especially with double processors, are enormous.

The size of your server is important when choosing RAM, as is the latest technology. Current generation servers use DDR4-technology, which could have a positive effect on database performance. DDR4 is priced interestingly nowadays, since it is the standard.

Hard Drives

Choose a RAID set-up for your hard drives, so you are well protected against the failure of a single hard drive. Your system will still be up and running – with some performance loss – until the hard drive is replaced.

The larger the server, the more hard drive options you have. SATA drives stand for high volume but relatively low performance. SAS performs twice as well as SATA, but has a higher price and lower capacity. SAS has been succeeded by SSD, which is 50 to 100 times faster than SATA.

4. Load balancing across multiple dedicated servers

If your application can scale across multiple dedicated servers, a form of load balancing where end users are split across all available servers- is necessary. If you are running a website and traffic is rising, at some point you will need to use multiple web servers that serve a multitude of users for the same website. With a load balancing solution, every incoming request will be directed to a different server. Before doing this, the load balancer checks whether a server is up and running. If it is down, it redirects traffic to another server.

5. Predictability of bandwidth usage

The requirements in bandwidth naturally relate to the predictability of data traffic. If you are going to consume a lot of bandwidth but predictability is low, you could choose a package with your dedicated server that has a lot of data traffic included, or even unmetered billing. This is an easy way of knowing exactly how much you will be spending on the hosting of your dedicated server.

6. Network quality

As a customer, you can choose where a dedicated server is placed physically. It is important to consider the location of your end user. For instance, if your customers are in the APAC region, hosting in Europe might not be a sensible choice since data delivery will be slow. Data delivery also depends on the quality of the network of the hosting provider. To find out more about network quality, check a provider’s NOC (Network Operation Center) pages and test the network. Most hosting providers will allow you to do this.

7. Self-service and remote management

To which degree are you allowed to manage your server yourself? If you are running an application on a dedicated server, you probably have the technical skills and the knowledge to maintain the server. But do you have access to a remote management module? Most A-brand servers are equipped with remote management modules. Providers can allow you secure access to that module.

A remote management module can also help if you are in a transition from IT on premise to a hosted solution (perhaps even a private cloud solution). It can be an in-between step that will leave existing work structures intact and ease the transition for IT personnel, since they will still be able to manage their own software deployments and the customized installation of an operating system.

8. Knowledge partner

And last but definitely not least: make sure your hosting provider involves his engineers and specialists when trying to find a solution tailored to your needs. A true knowledge partner advises on best practices and different solutions. This may involve combining different products into a hybrid solution.

The above will probably give you a good idea of what to consider before renting a dedicated server. If you are looking for specific advice or need assistance, please feel free to contact the LeaseWeb team. They can help you find the solution that is right for you.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The Week’s Top Cybersecurity Headlines

October 27th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off)

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit NEXT WEEK on November 2-3, 2016, we’re sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

National Cyber Response Plan + Cybersecurity Strategies:
DHS Races to Get Obama’s Signature on Cyber Response Plan   NextGov

Good Cybersecurity Doesn’t Try to Prevent Every Attack   Harvard Business Review

Why the Auto Industry Is Tapping a Boeing Executive to Lead Its Cybersecurity Group   Fortune

DDoS Attack:
Hobbyist hackers probably caused Friday’s Internet meltdown, researchers say   Washington Post

Cybersecurity Meets Privacy Concerns:
Is Facebook’s Facial-Scanning Technology Invading Your Privacy Rights?   Bloomberg Technology

AI + Cybersecurity:
As Artificial Intelligence Evolves, So Does Its Criminal Potential   The New York Times

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit and register? Click here or watch the video below. #CapitalCyber

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Rethinking How We Hire Cybersecurity

October 25th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy | Guest Blogs - (Comments Off)

Doug Logan, chief technologist at US Cyber Challenge and CEO of Cyber Ninjas, is the author of our latest cybersecurity guest blog post on new approaches to cybersecurity hiring and retaining top cybersecurity talent. US Cyber Challenge’s National Director, Karen Evans, will be speaking on the Force Multipliers to Future Cybersecurity panel at the 2016 Capital Cybersecurity Summit on Nov. 2-3, 2016.


us cyber challenge logoWith over 209,000 vacant cybersecurity jobs in the U.S and job postings up 74% over the last 5 years; it is an understatement to say that cybersecurity is a growth field. Yet with my work with the US Cyber Challenge, I am routinely told by some of America’s best and brightest that they’re having difficulty finding a job. Once a person reaches the six month mark in a cybersecurity role, recruiters will call like crazy. Getting that initial experience is another story. If we’re going to secure our companies and our country, this is a problem we need to solve.

Traditional hiring practices suggest that we find people who have performed the job function in the past. By this measure, studies have shown that fewer than 25% of cybersecurity applicants are qualified to perform the job functions. I’ve actually had even less optimistic results with less than 10% of candidates qualified. In many cases this is despite certifications, or even similar past job experience. The resource pool is simply not large enough to readily find skilled candidates; and those who are skilled are extremely expensive. I’d like to suggest a different approach: hire the inexperienced and train them.

Time and time again I’ve been surprised at how quickly smart, passionate, but inexperienced individuals out-perform more experienced but “normal” candidates. On average I find that the right candidates learn about twice as fast as your typical candidate. This means that at six months in, my passionate candidate is functioning at the one year experience level; and that one year in, they already function at the equivalent of two years of experience. At this pace it does not take long before they surpass those with more experience; and best of all, home-grown talent is more loyal and won’t typically jump ship. But how do you find this talent?

The best way I’ve found to find smart, passionate, individuals who are interested in cybersecurity is taking a look at those candidates who find the time to learn cybersecurity topics even though they are not required to. This is often showcased in resumes that are littered with self-study topics related to the field, or with participating in one of the many cybersecurity competitions available. This list includes Cyber Aces, Cyber Patriot, the US Cyber Challenge and the National Collegiate Cyber Defense Competition. If you want to check out a site that specializes in showcasing this type of talent, this is why the site CyberCompEx was created.

Unlike the inflated prices of experienced cybersecurity professionals, truly entry-level candidates can typically be picked up at a fraction of the cost. However, with this discount in salary you should be planning on spending a good $5,000-$10,000 the first year on investing in their training. In addition, you should be sure to review their performance at the six month mark and bump their pay appropriately at that time. While home-grown talent is less likely to jump ship, you always need to be in the ball park of their current worth.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Modernizing Government Technology

October 20th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy | Events | Guest Blogs - (Comments Off)

Jack Huffard, president, COO and co-founder of Tenable Network Security, discusses the latest legislation on legacy IT in the federal government in his NVTC guest blog post. Huffard will be participating on the Collaborating for Cyber Success Panel at NVTC’s Capital Cybersecurity Summit on November 2-3, 2016.


jack-huffard-2015-2-webIn government IT, the old adage “if it works, don’t fix it” no longer applies. While legacy systems may still technically be working, they can harbor risky vulnerabilities without vendor support, regular security updates or patch management. This point hit home for many in May when a report from the Government Accountability Office revealed that the country’s nuclear arsenal was still controlled by a system with an 8-inch floppy disk.

More recently, the House Oversight and Reform Committee released its report analyzing the OPM Data Breach that exfiltrated personally identifiable information (PII) of over 4 million government employees and over 21 million more cleared individuals. One of the report’s key recommendations was to modernize existing legacy federal information technology assets to help prevent another such egregious attack.

The Modernizing Government Technology Act of 2016

Earlier this year, to address this urgent situation, two bills were introduced in Congress to help modernize government IT systems – the MOVE IT Act and the IT Modernization Fund. Both bills have since been combined into the Modernizing Government Technology Act of 2016 (the MGT Act). This Act would create individual funds for government agencies and a broader centralized fund to which agencies could apply for financing modernization efforts. The bill states that the funds could be used “for technology related activities, to improve information technology, to enhance cybersecurity across the Federal Government.”

Details of the MGT Act

More specifically, MGT stipulates several areas in which modernization funds can be used, including:

  • Replacing existing systems that are outdated and inefficient
  • Transitioning to cloud computing (using the private sector as a model)
  • Enhancing information security technologies

The Act states that the government currently spends almost 75% of its IT budget (which now totals over $80 billion) on operating and maintaining legacy systems, leaving little left over for modernization efforts. Not only are these systems subject to failure, but as they get older and older, they present greater and greater security risks as well. So it is good to see that the Act encourages not only the simple replacement of agencies’ IT systems, but the addition of cybersecurity technology. Regardless of which new technology is chosen – on-premises, virtual, or cloud-based – there is also a pressing need for better information security solutions for government infrastructures, as evidenced by recent agency breaches.

MGT is unique and different than previous proposals because it does not appropriate funds. Rather, it enables agencies to transfer monies – that they have saved by retiring legacy systems and moving to newer technologies – into individual IT working capital funds. They could then reinvest those funds over the next three years for other modernization initiatives, avoiding the “use it or lose it” cycle.

The Act also calls for a general government-wide IT Modernization Fund. This centralized fund would be overseen by the General Services Administration (GSA) and an IT Modernization Board in accordance with guidance from the Office of Management and Budget. Agencies would apply, and present business cases for access to the funds to modernize their legacy IT infrastructures. The centralized fund would then be replenished with savings from those modernization initiatives.

The 8-member IT Modernization Board would include the Administrator of the Office of Electronic Government, a GSA official, a NIST employee, a DoD employee, a DHS employee, and three tech-savvy federal employees.

Moving forward in the 21st century

The MGT Act was introduced by Rep. Will Hurd (R-Tx.) who is one of the few members of Congress with a computer science degree. It was co-sponsored by Rep. Gerry Connolly (D-Va.) in a welcome display of bipartisan collaboration. The House passed the bill at the end of September 2016. It is now up to the Senate to act on the bill. Prospects for passage are encouraging, and this bill would be a good step towards updating legacy IT systems, strengthening cybersecurity and embracing 21st century technologies.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

This Week’s Top Cybersecurity Headlines

October 19th, 2016 | Posted by Alexa Magdalenski in Capital Cybersecurity Summit | Cybersecurity and Privacy - (Comments Off)

1021Capital Cybersecurity Summit Logo 3Leading up to our Capital Cybersecurity Summit on November 2-3, 2016, we’ll be sharing a weekly roundup of some of the top cybersecurity stories. Here are the last week’s top headlines. Tweet us interesting cyber articles at @NOVATechCouncil.

IoT:

As cyberthreats multiply, hackers now target medical devices  CNBC

Leaky IoT devices help hackers attack e-commerce sites   CIO

Election:

Connolly: cybersecurity at stake in election  FCW

Government:

U.S. CISO wants to lean on freelance hackers to improve .gov security  FedScoop

CIA Prepping for Possible Cyber Strike Against Russia  NBC

General:

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth   Motherboard

 

Want to learn more about NVTC’s 2016 Capital Cybersecurity Summit? Click here or watch the video below.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS