topic Re: The next generation of Infomation Security Professionals in Career Discussions

The next generation of Infomation Security Professionals

MDWtheTall — Fri, 12 Oct 2018 15:30:44 GMT

I am very interested in hearing from other Information Security professionals who are educating/training new blood in the field. I am the director of the CyberSecurity program at the Sage Colleges in Albany, NY, and am looking for new and interesting ways of stimulating student interest in the profession.

The Sage program takes a "non-academic" view of the field, and at the higher levels (300-400) that seems successful. The lower levels seem ot need a lot more structure.

I welcome any ideas, input and experience the the community may have to offer!

Thanks!

Michael Weisberg

Re: The next generation of Infomation Security Professionals

rslade — Fri, 12 Oct 2018 18:30:00 GMT

> MDWtheTall (Viewer II) posted a new topic in Career on 10-12-2018 11:30 AM in

LOVE the choice of screen name ....

(Is that another "short" joke? 🙂

> I am the director of the
> CyberSecurity program at the Sage Colleges in Albany, NY, and am looking for new
> and interesting ways of stimulating student interest in the profession.

Ha! Any student who does not realize that infosec is *the* most interesting field
in technology does not deserve to be here!

(Well, OK, I guess that still leaves the problem of convincing people who aren't in
the field to look inot it ...)

> The Sage
> program takes a "non-academic" view of the field, and at the higher levels
> (300-400) that seems successful.

I'm not sure how you're doing "non-academic" work at the higher levels ...

> The lower levels seem ot need a lot more
> structure.

Well, yeah, if they are new, you need to manage content to ensure they don't dive
down rabbit holes before they see the whole field, but ...

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
http://www.infosecbc.org/links http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

Re: The next generation of Infomation Security Professionals

CraginS — Fri, 12 Oct 2018 19:14:39 GMT

Michael @MDWtheTall ,

If by "non-academic" you mean hands-on straight tech skills, a la IT tech schools, I think such courses definitely are appropriate. Infosec folks need to know those skills to know how they are abused by the bad guys.

Note that many of the master's degree programs in our field lean heavily on such courses, because many degreed professionals are using teh grad degree to shift careers into infosec.

Side question: are you using any particular framework to guide the overall curriculum, e.g. CBK, COBIT, ISO 27000 Series, NICE, CSF, RMF, etc?

Love to learn more about your program.

Re: The next generation of Infomation Security Professionals

CISOScott — Mon, 15 Oct 2018 13:26:04 GMT

There is a saying, "You can lead a horse to water but you can't make him drink."

How do we make the horses more thirsty so they will want to indulge in this water of InfoSec that we clearly love to drink? This is a difficult challenge to undertake but it is not impossible.

The key is to make it attractive, see who shows interest and then develop them through mentoring. One of the tactics I use is to either show them a hacking demonstration or do a quick dive into a social media check up on themselves. If the response from the participants is "Cool, but meh!" move on to the next group to find your young grasshopper. If one person shows interest, then steer them to other opportunities.

We recently hired 2 college interns. I based my opinions on them from my interactions during the hiring phase. I thought we had hired 2 people who would blossom into InfoSec professionals. One turned out to be totally different and sadly, like that social media video going around about the young millennial girl doing a job interview, it seemed like this job was interfering with his life style. Constantly wanting to adjust his hours, wanting to reduce the hours but then complain he wasn't getting enough hours (keep in mind this was a paid internship). Wouldn't show up to meetings or return phone calls. Sad. We let him go after a couple of months. So we whiffed on one candidate but the other is going strong.

We will keep trying. Maybe there aren't enough Infosec "nerds" to keep the profession growing....

And in this instance I use the word nerd to mean someone who is intensely interested in, and extremely excited about a specific area of study.

Re: The next generation of Infomation Security Professionals

CraginS — Tue, 16 Oct 2018 11:34:23 GMT

@CISOScott wrote:
There is a saying, "You can lead a horse to water but you can't make him drink."
How do we make the horses more thirsty so they will want to indulge in this water of InfoSec that we clearly love to drink? This is a difficult challenge to undertake but it is not impossible.

Maybe this will work?

Re: The next generation of Infomation Security Professionals

Caute_cautim — Wed, 17 Oct 2018 18:28:28 GMT

In the future, who wants to work or have a role or place in society?

Recently it was predicted that there will always be a job in the ICT industry.

Who is going to have the capability to carry out risk assessments on this increasingly interconnected, measured, pervasive sensor driven society, who welcomes technology without rationalising the implications of their decisions? Who will want to listen, let alone understand the issues of secure by design, privacy by design etc?

Regards

Caute_cautim

Re: The next generation of Infomation Security Professionals

rslade — Thu, 18 Oct 2018 17:30:46 GMT

> Caute_cautim (Advocate I) posted a new reply in Career on 10-17-2018 02:28 PM in the (ISC)Â² Community :

> In the future, who wants to work or have a role or place in society?

Me! Me!

Oh, wait. No, in the future I want to be retired and forgotten.

> Recently it was predicted that there will always be a job in the ICT
> industry.

Mostly as a data entry clerk, or oiling robots.

> Who is going to have the capability to carry out risk
> assessments on this increasingly interconnected, measured, pervasive sensor
> driven society, who welcomes technology without rationalising the
> implications of their decisions?

But that's two different jobs, isn't it? One person (usually in the C-suite) welcoming technology with open arms and no thought of the risks, and another to assess the risks and get called a Cassandra.

> Who will want to listen, let alone
> understand the issues of secure by design, privacy by design etc?

That's not a job description. That's the role of the student. For every person who wants to teach, there are approximately 30 who don't want to learn.

Re: The next generation of Infomation Security Professionals

Caute_cautim — Thu, 18 Oct 2018 19:32:57 GMT

You will be too busy to retire, let alone enjoy it:

https://www.darkreading.com/cloud/(isc)-2--global-cybersecurity-workforce-short-3-million-people/d/d-id/1333060?_mc=NL_DR_EDT_DR_daily_20181018&cid=NL_DR_EDT_DR_daily_20181018&elq_mid=87233&elq_cid=23392365

You will be teaching the next generation of cyber personnel to apply the principles to an increasingly complex world.

Regards

Caute_cautim