Home Blog Page 2

Ways for Children to stay safe online

0

Below I will talk about 3 main ways children can stay safe online. First, children should be taught that they should not talk to strangers and provide too much information online either to strangers or friends, they should learn that there are people that specifically seek to harm children online, and that they need to not download anything that contains FREE software, music, videos, games, books.

 

Your sons and daughters need to be made aware that people are not always who they claim to be online, and that they should not talk to strangers online. These strangers may appear to be friendly but because they are unknown they should not be trusted. Your children should learn that the internet is no replacement for a diary or a confession, information that is too personal or private, should not be shared online with anyone. This information cannot generally be erased from the internet and later can be used to harm them, to deny them a job, or a college admission to the school of their choice.

 

Children should learn that not everyone is good, honest or trustworthy and that unfortunately the internet can be used both for good and evil. That a large percentage of online activity is malicious in nature, either involving unethical, illegal activity and that many times this is perpetuated by organized crime or specific individuals that want to harm children. They should be taught That these persons try to befriend children online trying to pretend that they are children in the same school etc. and to buy them gifts, but that eventually they will try to take advantage and hurt them.

 

The best way to deal with these folks is to avoid them altogether. In fact, that is one of the best ways of dealing with risk. You can either insure against it, mitigate it, set up compensating controls, or avoid it altogether. Since you can’t control always who is targeting your children, avoiding the risk means that once a stranger engages them online, your sons or daughters should immediately disconnect and cease all communications and block that person. Teach them that an ounce of cure is worth more than a pound of protection. Some people are so dangerous that they should not even try to talk to them.

 

“FREE” always comes with a price. Teach your sons or daughters that FREE movies, games, videos, music, apps come with Free and hidden malware that can ruin their computer forcing you as the parent to have to wipe or reimage the machine which means they will lose all their data or information, since once the computer is contaminated all files on it are considered suspect.

 

Moreover, they should learn that free means that they are stealing from someone. That these artists that create this content, or software have families too and that if we steal their music or games or software we are robbing them and their families. Other children are suffering if they steal music by downloading it for free on a pirate site.

It’s critical to lead by example. As parent’s especially if you work in IT and most especially in the field of cyber security, set the example for your children and family-set the tone, and the conversation, led by your example of integrity they will learn ethics in the first school of ethics-the home.

The benefits of Cyber Safety awareness for Children and Parents

0

There are many benefits of Cyber Safety awareness for Children and Parent’s today we will discuss 3 benefits for Children and 3 benefits for parents and shed some light on the importance of keeping our children safe online.

 

For children the three main benefits of cyber safety training online are: increased knowledge of the dangers of being online and how they need to be vigilant and what steps they can take in order to stay safe and how this applies not only online but offline as well; ethical training in that you don’t get something for nothing, everything useful requires hard work, so if you are offered “FREE music, videos, books, games, apps” this translates into Free viruses, malware, rootkits, worms, ransomware; understanding that they are accountable for their actions online as if they post anything questionable it could be used against them in the college admissions or hiring process.

 

For parent’s the three main benefits of cyber safety training online are: keeping your children safe from harm and teaching them how they can help protect themselves from danger; being able to teach children to challenge what they read online as a way to learn or reinforce critical thinking skills; a very direct and useful way to connect with you boys and girls and let them know that you as parent’s care, love them and are genuinely interested with what is going on in their lives-there is a huge gap between a 25-50 year old parent and a 10-17 year old child, spending time with them, teaching them, listening to them, asking questions, showing your concern and care for them is a great way to bridge that gap.

 

How can children learn to be vigilant online and what they need to stay safe? First you can start by explaining to them that they should generally not talk to stranger’s online. Explain that there are some folks that may wish them harm, and that they need to be mindful of who they talk too and what they say. Teach them early on what Phishing is and how it’s important not to give up too much information to strangers.

How can children learn that you don’t get something for nothing? Explain that it’s dishonest to steal but more importantly lead by example, let them know that you shouldn’t download “Stuff” for “FREE” as you will get Free malware and must reimage your computer and lose all information. Explain that the artists or people creating the software, music, books, videos, movies, games, have families too and that they need to make a living and that if we steal from them we are also stealing from their families.

 

Again, we should lead by example, if we are in IT we should not, especially if we are in the field of cybersecurity have pirated copies of windows or office lying around stashed away somewhere, this is not only against professional ethics, illegal, but also bad IT practice as “FREE” means Free trouble, problems, headaches. I don’t know about you, but I have enough issues that I am resolving daily, I don’t have time to be worrying about my own machines having malware installed by me. I am amazed when I hear that IT or Cyber Security Professionals are doing this. If you have children, you need to stop and think about being a good example to them. Ethics begins in the home.

Children should be taught that they are accountable for their actions online. What you say or do has consequences. If you post that picture or chat in High School that could hurt your chances of getting a job someday or of getting into your preferred college. People can use what you post online against you and it makes good common sense to have discretion about what you post online. You don’t want to have all your dirty laundry on Facebook. Remember Facebook, or twitter, is no substitute for a diary or a confession. They should be taught to keep it clean online and to not share too much information as hackers and aggressors can use this information to do them harm.

 

For parent’s keeping your children safe from harm and teaching them how they can help protect themselves from danger is a high priority. They should learn early on that an ounce of prevention is worth more than a pound of cure. Prevention is the best approach to staying safe online. You should teach your son’s and daughter’s how to fish not how to eat salmon already served on a plate. These skills will be invaluable to them as adults. Children should learn that not everyone is honest online, and that there are people that specifically target children to harm them, and that they need to be careful in everything they do, weather online or offline.

 

Being able to teach children to challenge what they read online to learn or reinforce critical thinking skills. I had a high school teacher that would always repeat the Mantra, question not to deny but to understand. The Socratic Method used by attorneys to question, observer, make inferences is a skill that will serve them for a lifetime.

 

For example, when I was in college years ago, I saw a news article that some official wanted funding for hiring more public employees-they wanted to increase funding by 100 million dollars and wanted to hire 100K more employees. If you do the math that meant that a full time public sector employee was being hired, not one but 100K of them at a wage of $10K annually which is way below the federal minimum wage and several times less than the average salary for that type of role.

 

Going through the news online is a good way of teaching children to question, challenge, observe, make inferences, make judgements or hold in doubt, and learn how to think critically. The problem with higher education today is that folks graduate from even the most prestigious universities not learning critical thinking skills. As parent’s you can start teaching them how to think and analyze at home.

 

For parent’s a very direct and useful way to connect with your boys and girls and let them know that you as parent’s care for them, love them and are genuinely interested with what is going on in their lives is by spending time with them observing, questioning, advising them, on their online activities.

 

Studies have shown that the reason most children that get into gangs, drugs, violence, young pregnancy is because they do not feel loved, cared for and protected by their parent’s. Let’s face it, there is a huge gap between what you as a 40-year-old are thinking on a day to day basis and a 12-year-old child. Because your children are vulnerable they need to feel safe and protected. If you let the TV Set, Social Media, or the Internet do the baby sitting for you, you will have a child that grows up with many problems. Let this be a way to connect with your sons and daughters. Spend time as a family watching the news online, teaching them that strangers are not to be trusted online, and that it’s important to restrict what information you share with others.

 

The benefits of keeping children safe online are numerous for both parents and children, the main benefit of course is that as parent’s you keep them safe, and that they grow into strong (not just physically but emotionally, spiritually), intelligent, and self-confident adults.

Why Cyber Safety is important for Children?

0

This is an easy question to answer, simply put there are many folks online that want to take advantage of and abuse children. The safety of your children online is just as important as their physical safety and well being as there have been numerous cases where aggressors have courted children online only to arrange an in person meeting later. Since we live in a connected world where children, especially if they are in good schools are taught about computers and how to use the internet from very early on, it is especially important for parents to be mindful of what their children are watching, reading, chatting online and with whom.

 

It is not a good idea for children to go online without some type of direct parent supervision as they are many times unaware of the dangers due to their youth and not prepared adequately themselves to protect and defend their own interests at times. It is critical that parents do everything in their power to ensure the safety of their sons and daughters. Additionally, it is a good idea early on to teach cyber security awareness to children.

 

Boys and girls need to be taught that “FREE” online games or applications come with a hidden cost, usually advertising or worse yet malware. Since parent’s as good leaders should lead by example, they should not observe their mothers and fathers downloading pirated movies or music. Not only is this type of activity illegal since you are stealing money in royalties to the artists’, but it can cause serious damage to your computer. As a matter of ethics children also should be taught that you should earn something, i.e. pay for what you have, not try to scheme to get things for free.

 

Children are like sponges and they keenly observe their parent’s so it’s a good idea to have your house in order so that you can be a good example to them as parent’s. Children should be taught that we are also all accountable for our actions, so by monitoring their online safety we can not only protect them, but they can learn that ultimately, they are responsible for what they do because someone is watching meaning their parents, teachers, bosses once they start working.

 

Your sons’ and daughter’s they should learn that you also need to be careful with what you post online since it never gets erased from the internet and a future employer or college can use that information against you if it’s is overly negative. I would have them read a few articles or watch a few news pieces about how some high school kids had their acceptance into Ivy League Schools revoked due to posting celebration pictures and such on social media or how you could get your security clearance revoked for certain online behavior.

 

 

 

How soon can I start teaching my children about Cyber Safety online? The short answer is as soon as they receive their first computer or have access to a computer at home or at school. Teach them that people are not always honest online, that they need to be careful when chatting with strangers, that “Free” online games, movies, music, or app’s means “Free Viruses” so they will have to reimage their computer and lose any data on it. That they are accountable for their activities weather online or offline, and that it’s important to have a certain natural curiosity about the world but also teach them critical thinking to ask questions, to challenge what people are telling them online in chats, to challenge news articles or stories online. You as a parent can leverage this opportunity to teach children critical thinking skills.

The safety of your children is critical for parent’s either online or offline and this can be an opportunity to teach and spend more time with your children so that they know that you are genuinely interested in their day to day activities. Many times, children get caught up into drugs or other problems at school etc. because they don’t feel loved at home. As parent’s spending time connecting with your children is something that can bridge that gap because let’s face it there is a huge gap between a 25-50-year-old and a 10 year old, and keep your sons and daughters keenly aware that you care for them and that are here to help. As children grow older this skill in Cyber Safety Online will not only help them in school but also in the workplace.

How to build an effective Cybersecurity Program from the ground up beginning with Physical Security

0

How do you build an effective cybersecurity program? One would argue that it would take if you were starting from ground zero at least 2-3 years. One of the ways that you could get a good start is by looking at the standards.

 

All of the IT Auditing Standards- NIST, SOX, GLBA, HIPPA, PCI, COBOL, COSO, ISO talk about physical security. You start by building the program based on the industry standard that you are accountable for. If you are a financial firm then SOX, GLBA, PCI, COBOL may be a good starting point. If you are in healthcare, look at the HIPPA and Hi-Tech requirements.

 

The standards are a great starting point, but you must be flexible and realize that no program is perfect so due to budgetary or management decisions you will need to adapt your program to the actual business needs, and create compensating controls where you need to diverge from the standard. It’s important that Security enable the business.

 

We cannot be as Information Security Practitioners folks in an Ivory Tower simply creating DENY DENY Rules on Firewalls, we must promote the business profitability and stability and create workarounds, add compensating controls as I mentioned and find creative ways of security the network ie not giving away the farm while allowing the business to be productive.

 

Additionally, Security works best in layers. Defense in depth is critical to the security posture of any firm. A strong case can be made that Physical Security complements other strong technical and administrative controls. You need to look at Physical Security in the big picture view where it is an important part of the solution but not an end. That is how you build an effective Cybersecurity Program from the ground up beginning with Physical Security

 

 

 

Pentesting for Physical Security

0

Below are some things to look for when pentesting for physical security. It is by no means an exhaustive list, just some quick and dirty entry pints into the network.

 

  1. Are you able to get into the building without a badge? Maybe you can strike a friendly conversation with the security guard and tell him you from out of town and wanted to meet the manager of the IT department, that you’re from a software vendor, while you’re talking to him take a picture of his badge and go home and make a copy, (Social Engineering Basics), if you do this right you may have full access to the building.
  2. Are there security cameras? If not just picking the lock at the right time will work.
  3. Are there guards? What time do they patrol the area? Look for patterns as you do your reconnaissance. When are they most vulnerable?
  4. Sometimes straight up social engineering will work. Go and talk to the receptionist and get the name of the CEO or IT Director, tell them you are there from the Phone Company and came because he called you out to fix his phone system in his office. Always beware of strangers offering you free phone service!

Strong physical security takes good planning. Below are some recommendations:

 

  1. Have a gate and if possible a guard at the gate allowing entry into the building campus
  2. Put strong lighting in place.
  3. Have guards at the entrance to every building.
  4. Have users swipe a badge for access.
  5. Have visitors sign in and be escorted to where they are going by the person that invited them.
  6. Have all vendors thoroughly checked and all consultants and vendors supervised by full time employees while onsite.
  7. Check ID cards.
  8. Challenge anyone unfamiliar to you, check their ID ask who they report to, what department are they in, are the visiting today for a special reason?
  9. Make sure the server room is locked at all times.
  10. Disable USB and CD/DVD Drives on all laptops and workstations.
  11. Make sure all conference rooms are secured when not in use as they have internet connectivity and phones usually.
  12. Make sure employees don’t leave any sensitive information on their desks and never write down their passwords.
  13. Make sure you have cameras and test them to make sure they work and that they are being monitored.
  14. Make sure that no one can just plug in a device to an Ethernet cable and get access. Use sticky ports that are tied to a MAC Address.
  15. Make sure that your guest wifi is password protected with a strong password WPA-2 Enterprise is recommended and make sure the password is only available upon request, don’t post it anywhere.
  16. Make sure that the wifi network is in the DMZ

As a pentester the absence or weakness of points 1-16 above will be your easy way into a network.

 

Just to recap:

 

Physical Security is often the last thing we think of when designing a security architecture but something that is critical to the overall robustness of a security program and can either help protect the assets of the organization and help the firm get and keep its auditing accreditations or it can be a revenue buster leading potentially to lawsuits and losses.

 

Strong physical security will only improve the security posture of the organization and make a pentester or hackers job more difficult. Conversely a weak physical security design is a great advantage to pentesters or hackers.

 

Physical Security and the ROI some ideas to consider

0

The topic of ROI for Physical Security expenditures is extremely complicated and not easily quantifiable, so we will only briefly discuss some basic points and scenarios to consider as you may wish to dig a lot deeper in your own corporate environment to come up with a specific game plan.

Security is often seen as a cost that yields no direct benefit to an organization. This point of view if not accurate, in order to dispel the myth, we must be able as Security Practitioners to communicate the value of the work that we do on a day to day basis. For example, having security cameras, guards with guard dogs, access control systems at all major points of entry internally and externally to the facilities can be a large expenditure, but what value does it produce or how much ROI is the company getting?

Let’s look at a few examples. Let’s take the case of a worker injured on the job, the average cost of a worker’s compensation claim is hard to determine as a general average it varies quite a bit by state, for example Florida has a very high rate of fraud so the premiums and the claims are much higher plus if it’s in a large city like Miami where the cost of living is also high the numbers will be quite large. The cost also varies by type of injury.

If overtime must be paid or another employee hired while the one that was injured recovers that will also bear additional costs, the increased cost of premiums resulting from the claim must also be weighed in. Very broadly speaking a single workers compensation claim in the US will cost a company generally at least $5-$10K. That being the case does a $3-$5K camera system seem like a good value?

Let’s look at another example, suppose someone where to break into your company and steal the laptop for the president of the company? What is the financial impact of that? Well, depending on how locked down and thorough your security controls the effect could either be devastating or practically zero. Why take the risk however?

What about the possibility of someone breaking into a file cabinet in the accounting, finance, or executive’s offices? What would be the impact of that? How much embarrassment would it cost the company if the information were leaked? What if the competitors of the firm got hold of the data? What would be the outcome financially if trade secrets or a competitive market advantage were put at risk?

All of the above is some of the hard questions that we as cyber security practitioners must be able to throw back in our defense when we are asking for budgetary expenses in physical security. What is the impact if so and so happened? What would it cost us if this or that was taken, stolen, revealed, happened-versus the cost of implementing a physical security control.

Let me ask one final rhetorical question-is a cybersecurity expenditure of $5 or $10 Million a bargain to protect the worth of a $4, $5 or $10 Billion enterprise? Put it in those terms and it’s obvious that the work that we do adds quite a bit a value and saves the company money and in some rare cases may actually prevent the firm from going out of business altogether from a potential breach.

Benefits of having good Physical Security

0

Having a strong Physical Security plan, strengthens the overall security design of your organization. Physical security is often the entry point into a company. By locking down the physical access of your company, you can be more proactive in focusing on strictly cyber threats. A strong physical security design will protect the assets and persons of the firm, it will allow only authorized individuals to use the systems, and it will ensure the proper monitoring of resources. This monitoring can prevent others from trying to attack your organization.

A robust Physical Security plan can deter cyber criminals. Just knowing that you have guards, cameras, controlled access to your facilities, will make the job of a would be criminal, hacker or pentester more difficult. Many times, these folks will look for low hanging fruit, rather than try to break into a heavily fortified fortress. If they notice that your building is locked down, they will probably first try somewhere else where they can get in much more quickly and without surveillance. They would rather have an easy jackpot than having to sweat for hours trying to get into a building while being videotaped and evading guards, knowing well that they are very close to being caught. It’s a basic control and one that is fundamental to improving your overall security.

Physical Security Controls help prevent other types of cybercriminal, pentesting, hacking from occurring. Why is that? It’s much easier to “Own” a network when you are physically inside or have access to a computer or server directly rather than over the wire. If you have physical access you can and very soon will, if you have the right skills “Own” the network.

With physical access you can disable other security features, disable monitoring, reconfigure the firewalls, cause a DOS on a major application if it’s hosted locally or exchange for example. You can eavesdrop or enable wire sniffing, once it’s setup you can monitor it remotely. Insert USB Discs on a server and reset the admin password on a server, take the hard drive off the Domain Controller and run an offline attack on the password database.

With Physical access you can go to the executive’s office and copy all their files, make fake badges to come back in the future, steal confidential files. You get the picture. If you are physically in a company, you are in the network, and there’s a good chance with the right skills that you can own a new piece of cyber real estate.

Defense in Depth-without it Physical Security cannot be effective

0

Physical Security is just one aspect of cyber security or information assurance. It cannot stand alone however. Physical Security needs to work in conjunction with a strong overall Cyber Security posture. One of the main aspects of a strong cybersecurity program is defense in depth.

Defense in depth means that you have multiple layers of security, without it you are not secure. Each layer of your Cyber Security Posture must involve defense in depth, physical security is no different. If you have a strong multilayered defense you will for the most part be secure. I say for the most part because if someone has enough technical skills and enough money and a high enough motivation they can get through.

How does defense in depth work when talking about physical security? I will provide some examples.

First, we start with the perimeter then work our way inside. Is there a guard gate with a manned guard checking or verifying that individuals are authorized to enter the facility or at least a gate which you must swipe a badge to gain access? Once you pass the gate, are there guards patrolling, with guard dogs?

Do you have security cameras all around the parking lot and entrance to the building? Are there high-powered lights at night to completely illuminate the area? Are there bollards to prevent someone from ramming a truck or car into the building itself? Is the facility unobstructed, all trees and debris cut so that no one can sneak in unperceived?

Once the entrance do you need to swipe your badge or to have your ID physically checked before entering the building? Are your bags checked? Do you need to swipe your badge at the elevator to gain access to certain floors? How about the different offices, is accessed controlled by permission levels or does every employee have access to the entire facility?

Is the server room locked? How many people have access to sensitive areas such as the server room, the offices of executives and senior management, the it offices, accounting, finance? Are these folks that have access thoroughly vetted? Are there cameras inside the facility? Are there guards inside with dogs patrolling? Do they regularly make their rounds? Are the schedules of the guards kept secret to avoid collusion?

These are some of the key elements of physical security implementations. In an ideal environment all companies or organizations would have these features and even more. However due to budgetary constraints and the type of corporate environment this may not be possible. The main key is that security weather it’s purely physical security or cyber security be layered and utilize defense in depth. Defense in depth works because if one layer fails you have multiple layers left to protect the firm’s assets. Defense in Depth works if you work it!

Standards that relate to Physical Security

0

One often overlooked aspect of an overall robust, well architected, mature security program is the physical security posture of the organization. In fact, physical security is often an easy target for Hackers and Pentesters and for Auditors seeking assurance that an organization is taking reasonable precautions to protect the Confidentiality, Integrity, and Availability of its Information Assets.

One of the main components of most auditing standards be it NIST, Centers for Internet Security and others is physical security. For the category of physical access to assets is managed and protected look at the standards referring to this:

·       COBIT 5 DSS01.04, DSS05.05
·       ISA 62443-2-1:2009 4.3.3.3.2, 4.3.3.3.8
·       ISO/IEC 27001:2013 A.11.1.1, A.11.1.2, A.11.1.4, A.11.1.6, A.11.2.3
·       NIST SP 800-53 Rev. 4 PE-2, PE-3, PE-4, PE-5, PE-6, PE-9

 

Not complying with basic physical security standards can make you fail an audit or have a qualified opinion in an audit finding. This is a major issue for a large company but even a much smaller organization looking to lure future prospects or larger clients and grow their business will find it hard to expand and grow revenue if they don’t have enough safeguards to get accredited.

 

Not having strong physical security can be a revenue buster for a company.

It should go without saying as well, that with a weak physical security posture, it will make robbery and theft of equipment and merchandise and money even, much easier. If an event occurs during working hours and any issues occur to any employees or customers you’re risk and liability for major litigation could be huge.

 

Furthermore, if you don’t have a strong physical security program in place you can say good bye to the insurance company policy reimbursing you for damages, they probably won’t’ cover you if you’re not adequately protecting yourself in the first place. For a small company of under 1000 users for example, a major lawsuit arising out of gross negligence for not providing a secure workplace for its employees or customers could literally put you out of business. This off course is an extreme example but one worth considering.

As stated above having strong physical security in in of itself is a strong deterrent.

Is it better to handle physical security in-house or to outsource this function?

0

The question below is not a simple one: Is it better to handle physical security in-house or to outsource this function? There are 2 camps involved, those that believe that Security is better served by an inhouse dedicated team of highly motivated professionals and those that see outsourcing to reduce costs and transfer the responsibility to another firm.

Let’s take a quick look at both sides of the coin. In my career, I have how outsourcing the security function has brought highly specialized and effective talent into an organization that the in-house team did not possess and personally I have found may times, consultants to be much more productive than their FT counterparts. Having the Security Team inhouse but with consultants on staff can be very effective in staffing for Cyber Security Roles and help with the heavy workload that security teams often face.

In an ideal situation all companies would have highly trained, efficient, hardworking full-time staff solely dedicated to the wellbeing of the firm. Consultants would not be needed as the inhouse staff was constantly training, sharpening their skills, and very specialized as well as having great generalist skills. Unfortunately, this situation does not exist in any company or at best in very few.

So, the question then is not should Security be outsourced but more precisely what level of outsourcing is ideal. Above I described the typical environment for mid to large sized companies. The FT Information Security Staff has great generalist skills and some specialization but are heavily under resourced in terms of head count, so consultants are brought in with specialist skills and to help carry the burden of the heavy workload and/or work on special projects.

When the entire security team gets outsourced to an MSP or an external security firm it’s where there is a lot of gray area in terms of the actual value and benefit to the organization. You can outsource the responsibility but not the accountability. You can outsource the work but not the risk. The company will still be accountable and still need to assume all risk in terms of its’ Cyber Security Posture.

Many companies that offer these services sell them to clients based on a huge cost savings which in my experience never adds up. It ends up costing the company a lot more. I once worked for a large multinational company that decided to spend half a million dollars to build a SOC in a 3rd world country. At the end of the day the total cost including the fees charged by the MSP were substantially larger than if they had hired 10 extra full-time engineers or even consultants and kept them inhouse.

There is one key exception to this however. There is something known as the CMI Model. The Carnegie Mellon Institute Model for an IT or InfoSec Program states that at a fully mature level a Level 5, where processes are predictable, written, auditable, repeatable, SOP’s are in place, management is stable, the organization is 100% on track, the IT Department and the Information Security Team is no longer part of the core business of the firm. Since it is not one of the company’s core competencies and market competitive advantages, it should be outsourced.

This provides the firm the benefit of focusing on its key strengths and outsourcing all nonessential functions. Very few organizations are the CMI Level of 5 or even 4 for that matter. As an Information Security Professional, I 100% agree that this scenario is a valid one. While you cannot outsource the risk and the ultimate accountability, in a fully mature organization whose key competitive advantage is nonrelated to technology of Cyber Security it would be ideal to outsource the day to day responsibilities for this work.

I am going to make a prediction. A bold one at that. Within the next 20-30 years, which mean within the next generation or generation and a half of Cyber Security Professionals there will be several large MSP Totally dedicated to Cyber Security that will do it cheaper, better, faster, than most inhouse Security Teams. These companies which are few and mostly small now except for maybe Optiv which is probably the largest Pure Cyber Security Consultancy in the US, will dominate the Security Arena and probably control at least 30% to 40% of all cyber jobs. I say within 20-30 years, meaning it could be much sooner, maybe 10 or 15 years’ time.

What does that mean for the profession? To stay current, you must constantly be learning, evolving pushing yourself to the next challenge. Always be your own best competition, keep taking on large projects at work, training, earning certs, writing code, teaching, pushing forward. As the consolidation begins in the Cyber Security field only those with sharp skills will be able to earn and keep the top positions. Never surrender!

Top Story

HOT NEWS

Patching and updating of Network Devices

Most mature security programs monitor the monthly patching of all client hosts and servers. Every single month all machines weather client or server weather...