Author Archives: John Shaw

NVTC Launches Infographic Series

August 2nd, 2016 | Posted by John Shaw in Research | Tech Talent Initiative - (Comments Off on NVTC Launches Infographic Series)

Did you know corporate ransomware cost companies $24 million in lost profits in 2015? Or that 55% of technology sector openings in Virginia are in cybersecurity?

These powerful cybersecurity statistics are just some of the data highlighted in NVTC’s newly published series of infographics, white papers and reports addressing important and trending industry topics. The first infographic in this series focuses on cybersecurity and highlights workforce issues, cybersecurity incidents and funding in our region. Access the cybersecurity infographic at this link:

In addition to infographics, future published items will include white papers and reports. Research topics under consideration include:

  • Skill gaps and pain points in the IT workforce
  • Regional economic snapshots, including an analysis of the impact of data centers on Virginia’s economy
  • Big Data and analytics
  • Cloud computing
  • Health technology
  • Human capital development
  • Innovation
  • Agile development and DevOps
  • Business development best practices
  • Networks and telecommunications
  • Governance
  • Mobility
  • Privacy and security
  • IT modernization
  • Open data
  • Leveraging the millennial workforce
  • Financial management systems
  • Acquisition and procurement
  • Emerging technology

Our first in-depth research project involves identifying and quantifying the skill set needs of the region’s technology employers, comparing those needs to the current workforce, and proposing changes that should be made to address any gaps. It will include a detailed analysis of talent pipeline issues, recommend training and certifications needed to upskill the workforce to help close the gap, provide needs assessment results to educators and training institutions and recommend actions to improve the regional workforce pipeline moving forward. The first part of this project is scheduled to be published in late October 2016.

Sponsorships for the infographic series, in-depth research projects and other NVTC research activities are now available. Please contact Yolanda Lee at for more information.

Is our list missing any issue areas you’ve been experiencing ? We want to hear your ideas – please contact me at to discuss potential projects and areas of research.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

NVTC Publishes Cybersecurity Infographic: The Human Element Elevates Risk

August 2nd, 2016 | Posted by John Shaw in Capital Cybersecurity Summit | Infographic | Research - (Comments Off on NVTC Publishes Cybersecurity Infographic: The Human Element Elevates Risk)

NVTC has published the first infographic in its new research series. In this cybersecurity-focused piece, we’ll take a look at the data behind the compelling numbers in the infographic.

NVTC July 2016 Cybersecurity Infographic

NVTC July 2016 Cybersecurity Infographic

The Cybersecurity Workforce Capacity Gap

Federal CIO Tony Scott estimates there are currently 10,000 unfilled cybersecurity positions in the federal government alone. Fifty-five percent of NVTC members responding to a recent survey indicated they are attempting to hire cybersecurity specialists this year. This capacity gap also exists in the commercial sector as well. At a fireside chat on May 26, 2016, Virginia Governor Terry McAuliffe indicated that of the 31,000 Virginia IT openings, 17,000 are in the cybersecurity sector. While Greater Washington is likely the cybersecurity workforce capital of the world, we still face a critical shortage of qualified professionals.

The Department of Defense is attempting to upskill 6,200 cyber professionals from active military and 2,000 from the National Guard and reserve units by 2018 and offered up to $50,000 in retention signing bonuses to current military cybersecurity professionals. Further, OPM authorized the U.S. Cyber Command in 2015 to hire up to 3,000 civilian cybersecurity professionals at the highest federal pay grade outside of senior management positions.

Cybersecurity Incidents and Threat Vector Area Increasing

When we take a look at cybersecurity incidents, we find that simple employee mistakes make up a large percentage of our current risk. The March 18, 2016 Federal Information Security Modernization Act (FISMA) report to Congress cited 77,183 information security incidents over the course of Fiscal Year 2015, which represents a 10 percent increase from FY 2014. Of those incidents, 13 percent were lost, stolen or confiscated equipment; 15 percent were driven by government employee error such as internal policy violations and improper usage; 16 percent were not related to IT, such as the loss of paper records. Strikingly, only 56 percent of all incidents represented an external cybersecurity threat.

Fifty-three percent of IT decision-makers in a SolarWinds and Market Connections survey reported that unwitting insider threats – human error – is the most serious cybersecurity threat. OPM Security Operations Manager Jeff Wagner said “I will have a job until the end of time simply because I have users” at a February 2016 cybersecurity conference in Washington, D.C.

The threat vector area continues to increase as well. In a Crowd Research Partners online survey of 882 IT professionals from across the world, 20 percent suffered a security breach associated with a mobile device, 24 percent indicated that an organizational mobile device connected to a malicious server while roaming and an alarming 39 percent of those devices downloaded malware.

According to Craig Williams of Cisco’s Talos Research, an internet scan by Talos revealed approximately 2.1 million systems vulnerable to the JBoss exploit used in common ransomware attacks. And other JMX-based exploits that have been known for more than a year are waiting in the wings to strike systems based on JBoss as well as related systems such as WebLogic, WebSphere, the open source Jenkins automation server and the OpenNMS network management platform. These are cases where simply updating those systems would patch the vulnerability.

Cost of Data Breaches and Intrusions Rising

The Ponemon Institute’s 2015 Cost of Breach Study: United States indicates the average cost of a data breach rose 11 percent year-over-year, to $6.53 million, with an average cost of $217.00 for each lost or stolen record.

In an official statement on the March 2016 MedStar Health hack, an FBI official disclosed that the reported loss from ransomware attacks in 2015 was $24 million. In its 2014 annual report, the FBI’s Internet Crime Complaint Center (IC3) indicated there were 269,422 complaints filed with reported losses totaling over $800 million. IC3 reports 7,694 ransomware complaints with $57.6 million in losses since 2005.

Cybersecurity Spending and Venture Capital Funding on the Rise

The U.S. government spends more than twice as much annually on cybersecurity than the combined public and private sectors of any other nation. The administration’s 2016 budget allocated $14 billion in cybersecurity spending while the 2017 budget submission calls for over $19 billion.

The 2015-2020 federal cybersecurity market is valued at $65.5 billion. Vendor-provided cybersecurity products and services are estimated to grow from $8.6 billion in FY 2015 to $11 billion in 2020 at a compound annual growth rate of 5.2 percent.

2015 venture capital funding in the Greater Washington region reached $647.85 million for organizations with cybersecurity products or services, representing 45.78 percent of the $1.415 billion in total 2015 venture funding in Greater Washington.


While cybersecurity threats and breaches can be devastating, they are also galvanizing for the technology community. Now, more than ever, there is an opportunity for NVTC members to come together and deepen their commitment and influence in driving innovation and workforce development in cybersecurity. NVTC is here to provide its members with the latest cybersecurity developments through research, communications publications, webinars, conferences and advocacy efforts. Stay tuned for NVTC’s upcoming cutting-edge research series that will feature infographics, white papers and reports.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS