Training tomorrow’s security talent

Monster and the Center for Internet Security team-up to bridge the supply and demand gap that exists in InfoSec

The Center for Internet Security (CIS) has partnered with Monster to create Cyber Comp X, a virtual community designed to engage cybersecurity talent.

From 2013 to 2014 there was a 46 percent increase in the number of reported data breaches, followed by a continuous stream of high-profile cyberattacks. Last year, Cisco reported that there were 1 million unfilled jobs in the cybersecurity field. The lack of qualified cybersecurity talent and the demand for professionals to defend against future attacks is a major concern for the intelligence communities in both the private and public sectors.

[ ALSO ON CSO: How to find qualified people for your security team ]

In the United States Intelligence Community’s 2015 assessment of threats to US national security, U.S. Director of National Intelligence, James Clapper, said that threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact.

“The ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding,” he added.

While the threats and the level of sophistication of threat actors will continue to advance, the ability to detect and address those threats is a major concern for a majority of enterprises.

Released in July, the 2015 Black Hat Attendee survey revealed a serious shortage of IT security resources in the days ahead.

The report noted: “While nearly three quarters (73 percent) of respondents think it likely that their organizations will have to deal with a major data breach in the year ahead, a majority also feel that they do not have enough budget, staff, and training to handle the load.”

All signs point to a need for significant changes in cybersecurity, specifically in training young talent and developing pipelines for them to enter into cybersecurity careers.

Maurice Uenuma, senior vice president of workforce development, CIS, said, “We look at the work force challenge on two fronts. First is the supply challenge, and we need to grow a larger more robust workforce of talent, and second is the education of the work force as a whole.”

Toward that end, CIS has a Workforce Development Program, which includes a number of initiatives to enhance performance-based learning for students and professionals.

“The greatest need is to fill those cyber security fields with capable talents whether they exist at large enterprises from federal agencies to commercial enterprises, regardless of the nature of the enterprise, those skills are in great demand,” Uenuma said.

Cyber security needs to focus on more than filling the void of talent, and by educating the work force as a whole, enterprises can build better defenses.

“There is a great need for the rest of the work force in general to exercise cyber hygiene. It’s not enough just to have more and better qualified candidates but the companies that have to hire them also have to understand how to leverage their workforce for cybersecurity,” Uenuma added.

Because enterprises will always be vulnerable, educating the work force on cyber hygiene best practices is one layer of defense that is critical in any organization. In order to help agencies provide continued best practices information to their employees, CIS has published a free cyber security work force handbook.

CIS knows that cybersecurity at any enterprise is very much tied to its entire work force, and that the ability of an enterprise to properly manage its work force still remains the largest vulnerability at any organization.

Educating the work force and training and recruiting the next generation of leadership are only a few of the programs offered by the non-profit organization, CIS.

CIS hosts the U.S. Cyber Challenge, which runs competitions and cyber camps to train new talent.

“Some of the areas where there is a greatest shortage of talent are the most technical areas of cyber security: Incident response, forensic analysis, secure coding, network monitoring, and security operations,” Uenuma noted, adding that regardless of the enterprise, these skills are in high demand.

[ ALSO ON CSO: Why the perception of a security talent shortage is really a leadership opportunity ]

The U.S. Cyber Challenge, in its mission to develop a pipeline of future cyber security talent, hosts competitions for high school and college students training them in all things cyber. Jerrod Bates, information security instructor, Delaware Technical Community College, organized his sixth cyber security camp this summer.

The joint effort among Delaware Community College, University of Delaware, Wilmington University, and Delaware State University hosted 65 students in a week-long competition focused on different security topics.

“We teach training in ethical hacking in order to be able to learn defense. There is also SANS training, network penetration, packet crafting where kids craft specialized data packets,” Bates said.

In addition to students learning web application pen testing software like Metasploit, the week culminates in a four and a half hour capture the flag competition. CIS provides scholarships for students to attend the camps in Delaware, Utah, Vermont, and Illinois. At the Delaware camp, eight different companies held a career fair for participants to build sustainable relationships and learn the value of networking.

Networking is a critical tactic that CIS realizes will help to build bridges to opportunities for both the enterprise and the talent pool. Their partnership with to build the Cyber Comp X platform was designed, “to create a meaningful pipeline of cyber talent,” said Susan Fallon, vice president of business development at

“Our mission is to align with whatever their workforce needs are, whether that is a federal agency or a private enterprise. We work with 14 federal agencies today, and we are also working with education institutions and other nonprofits on how to best engage both job seekers and employers,” said Fallon.

Cyber Comp X is set up to engage a wide range of participants, from those who may only want to dip their toes in the water, to those who are trying to lead. While on one level the technology is set up as a social networking site where parties can engage in conversation, share ideas, and network, the platform is also set up with a gamification layer.

“The site has competitions available with hot topics at different competitive levels, and after you engage in a competition, you can come back and report your results. That data is then aggregated,” Fallon explained.

The next step is bringing jobs to the site, which Fallon said is what is passionate about. Using their 6Sense technology allows employers to look at conceptual and contextual information in a resume, said Fallon. The technology will “whittle down the talent pool on the employer side but is also able to do the same thing on the job seeker side,” Fallon said.

The relationship between CIS and Cyber Comp X, said Fallon, “Is focused on the solution to this very big talent crisis, which demands we take new approaches.”

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kacy Zurkus

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts