The cyber security workforce gap continues to grow, and the availability of qualified cyber professionals is predicted to decrease in the coming years. In fact, a Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million cyber security workers by 2022. Some resources claim upwards of 3.5 million within the next two years too. While this can feel like impending doom and gloom for the industry, AI, or artificial intelligence, can help to quell the concerns while empowering existing cyber workers.
While many other industries have seen robotic systems replacing the need for human workers, this doesn’t appear to be the case in cyber security. Humans are able to accomplish more when supported by the right set of tools. Allowing AI to support and react to human behavior allows cyber professionals to focus on critical tasks, utilize their expertise to analyze potential threats, and to make informed decisions when rectifying a breach.
How? AI can do the legwork of processing and analyzing data in order to help inform human decision making. If we were to rely completely on AI to manage security risks, it could lead to more vulnerabilities because such systems have high risks for things like program biases, exploitation, and yielding false data. Nevertheless, if utilize and deployed correctly for cyber teams, AI has the ability to automate routine tasks for processionals and augment their responsibilities to lighten the workload.
So, is AI going to take over the jobs of seasoned cyber pros? The answer is no; however, AI will drastically change the kinds of work cyber engineers are doing. In order for IT teams to successfully implement AI technologies, they will need a new category of experts to train the AI technology, run it, and analyze the results. While AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insights or understanding of the field. There are some data points that require a level of interpretation that even computers and algorithms can’t quite support yet.
AI can help to fill the workforce gap in the cyber security sector, although it may create a need for new skillsets to be learned by humans in the industry. AI and the human workforce are not in conflict with one another in this field, in fact, they complement each other. Thefuture is bright for AI and humans to work in tandem at the front lines of cyber defense.
For more information, check out our white paper on AI and gamification!
To celebrate National Cyber Security Career Awareness Month in November, we’re highlighting the many ways that aspiring cyber security professionals and career changers alike can enter the field with confidence and competency.
To start, join us as we share tips and recommendations for learning cyber at every stage from basic comprehension to skills application.
Speaker Dr. Dan Manson will discuss:
- Current landscape of cyber workforce (from the skills gap to diverse work roles)
- Where to start learning about cyber security (resources, tools, experiences)
- How to develop the technical and hands-on skills needed for any cyber job
What You’ll Learn
- How to find resources for learning cyber at any knowledge-level
- Where to develop basic and advanced cyber skills using digital and on-demand platforms
- How to develop a holistic cyber skill set to impress prospective employers
ColoradoBiz magazine features expertise from Circadence on how to start a cyber security career whether beginner or seasoned pro looking to advance.
It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cyber Security Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cyber security safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.
This industry faces some unique cyber security challenges:
- Historically, this industry is based on the free exchange of information, i.e the philosophy that information should be readily available to all. The use of computers and internet in education has allowed information to be stored and accessed in many different ways, creating vulnerabilities in storage, network security, and user error which leaves systems susceptible to hacks.
- Students and staff may have limited technical skills and prowess to know how to stay safe online.
- Online education systems are highly distributed across multiple schools in a district or across state lines, making it easier to infect one system to gain access to all.
- Computer systems used by schools often lack a single application, or “source of truth” to safely manage student and employee identities.
- There’s a significant change in the user population every year due to students graduating and new students enrolling, making it difficult to track who is using certain resources and who has access to them.
- Remote access is often required, with students and parents accessing systems from home computers and smartphones. When you access an online resource repeatedly from potentially vulnerable or unsecure networks, it creates more opportunity for hacks.
So how can educational institutions better protect themselves against looming cyber threats?
- Shift the focus to prevention instead of mitigation – by making the focus on securing data before an attack happens rather than after, organizations will be better prepared to protect students and staff against a breach.
- IT directors and security operators within educational institutions would be wise to consider persistent training solutions for their teams to optimize existing cyber skills so they don’t go “stale” after a period of time.
- Likewise, perform a security audit and work across departments to understand all the digital systems in place (financial, teacher, student portals, etc.) and where vulnerabilities might exist.
- HR departments of institutions should consider updating or adopting employee security awareness training to ensure every education-employed professional working on a computer understands the basics of cyber security and how to stay safe online.
- Minimize internal threats – Verizon’s 2019 Data Breach Investigations Report found that nearly 32% of breaches involved phishing and that human error was the causation in 21% of breaches. Proper and continued training and awareness around security issues is key in preventing possible attacks.
- Make cyber security a priority in IT budgeting – Schools and other educational institutions need to recognize the growing cyber threatscape and prioritize allocating funds to training tools, IT teams, and continued education for internal staff.
Circadence is here to help. Our immersive, gamified cyber learning platform, Project Ares, can help ensure that your cyber team is ready to defend against malicious attacks, and our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cyber security tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cyber security for the education sector!
If you’re still looking for more information on education and cyber security, check out these handy references:
We’re getting in the Halloween spirit (with a cyber security spin of course)! We started wondering about the mysterious (or not-so-mysterious) world of hacking. We wondered just how frightfully easy it might be to gather intel from social platforms with minimal prerequisite knowledge.
To that end, we did a little experiment in an attempt to understand the hacking process. We asked ourselves…
- What details can hackers find about us online?
- Are there enough details out there for a hacker to really manipulate us?
Are we “sharing too much” as a population committed to living our lives on social media?
To answer these questions and learn if we’re just asking to be tricked or if what hackers can find out about us is really their treat to exploit…[insert gloomy music here], we simulated an online “stalking” exercise.
<< See this cool graphic to your left or read below for the simple steps we took to find personal details of someone online.
- Identify a known person you want to learn more about
- Go to the ol’ Google to dig up articles and social profiles about that person
- Easily obtain properties like their full name, interests, employer, etc.
- Search their social accounts in greater depth to find:
- Their interests and passions
- Their work history
- Education level
- Previous co-workers and friends
- Geographic residence
- Links to their Instagram profile (for visual data)
- Pet’s name
- Marital status
- Search through their friend list on Facebook, connections on LinkedIn, or followers on Twitter to isolate any missing social profiles or details on the person
- Find their hometown, family members, and political/religious views
So gosh. This turned out to be a frighteningly straightforward path to take to find intel on someone….even if some of their social accounts are private! And, you might be shocked to know that it took us less than an hour to discover enough information about a random person.
So what might a hacker do with the intel like what we just dug up? They use the information to manipulate us and make us vulnerable to an attack.
- A hacker might craft a Twitter message asking about this person’s pet or commenting on the weather in her place of residence to start a conversation.
- A hacker might name drop her former co-worker as a “friend” of ours and thereby “established a connection.”
- A hacker might have contacted the persons parents or a friend claiming we were associated with individual’s previous employer to get his/her phone number to call them.
- The TRICKS are endless!
And it can happen fairly quickly. Are you surprised?
There’s good news here though. While we did learn from this exercise that what we each choose to share online is, indeed, asking to be tricked by hacker, the fact is WE have some control of what information is “out there”. Hackers LOVE any data they can use about our interests and personal information to gain access to something they want (e.g. bank accounts, social security numbers, credit cards, etc.); but we can limit our personal information and lock down our profiles to minimize how much intel is out there to start with.
There’s never a dull moment at work for Circadence Software Engineer Raeschel Reed. Between learning ways to use new technology, improving coding techniques, and operationalizing cyber innovations, Raeschel is a critical part to the success of the company’s product suite.
She currently works on Orion, a curriculum development application that allows learning coordinators or security managers to customize cyber training exercises based on specific needs. Raeschel has been a part of the Orion development team for over nine months, working on the back-end operations to create the logic behind the functionality. The best part about working on this product is the level of collaboration Raeschel gets to experience.
“We do a lot of pair-programming on Orion, where we work in groups of two or three to move tasks along quickly. Everyone has good ideas to share and suggestions that build on one another and it helps expediate the problem-solving aspect of software engineering,” she said.
Prior to joining Circadence, she served as a senior software developer supporting the Naval Integrated Tactical Environmental System Next Generation and before that, at the Battelle Memorial Institute supporting various government contracts for the Department of Defense and Homeland Security. Those experiences helped her learn critical technical skills and computer languages that diversified her understanding of programming and software development. She’s also an alumnus of George Mason University (master’s degree in Computer Science) and Mary Washington College (bachelor’s in Computer Science).
For Raeschel, the process of working with and applying a new tech stack like Kubernetes, back-end tools like Golang (an open-source programming language), and working in Azure, keep the act of software development truly unique and on the cutting-edge of innovation.
While unique hobbies like soccer, sewing and improv feed her need to try new things, it is the tech industry she keeps returning to for career fulfillment.
“Tech stuff I keep coming back to,” she said. “I have a growth mindset where I want to keep learning new things and trying new things and the field of cyber allows me to do that.”
And if that wasn’t enough for Raeschel to feel inspired and innovative at Circadence, the team she works with is second to none in her eyes.
“Team Orion is the BEST!” she exclaimed. “I feel very fortunate to be here and to have found ‘my people.’ Mondays never feel like Mondays.”
November 12, 2019
11 a.m. MT/10 a.m. PST
Celebrate National Cyber Security Career Awareness Month in November. Join us and Dr. Dan Manson for a live webinar on how to kickstart a career in cyber security. It’s easier and more fun than you think!