This was delivered during National Apprenticeships Week 2018. The global shortage of Cyber Security Professionals is set to grow to 1.5 million in 2019. By harnessing apprenticeships organisations can train new talent and up-skill existing employees.
2. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Zeshan Sattar
From Cybernetics to Cybersecurity
2
2004
• BSc Cybernetics & Virtual Worlds
• IT Support Tech, UK & Japan
2007
• Systems Administrator
• Technical Trainer, Europe
2013
• IT Expert Consultant, Worldwide
• Head of Curriculum
2015
• CompTIA Evangelist
• DCMS, NCSC, IFA, DFE
3. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Voice of the World’s IT Industry and over 2 million IT Professionals
Higher Salaries
Growing Demand
Verified Strengths
Universal Skills
“Three of the ‘Top 10
Certifications That Help IT
Workers Get Jobs’ are CompTIA
certifications.”*
CERTIFICATIONS
Largest Provider of Vendor-
Neutral IT Certifications
A non-profit trade association with
more than 7,000 members and
business partners. Our members
drive our programs through their
participation in CompTIA
communities, research studies,
events, sharing of best practices and
more.
ASSOCIATION
7000+ IT Channel
Providers & Partners
A 501(c)(3) charitable organization
that creates on-ramps for successful
IT careers, serving individuals who
are underrepresented in IT and
lacking in opportunities to be
successful in IT, including veterans,
youth, and the unemployed.
PHILANTHROPY
Creating IT Futures
Our advocacy division encourages
collaboration and advancing of
legislation that allows the private
sector to develop new products and
services, find solutions and sell
them in the global marketplace.
ADVOCACY
Public Policy & Reform
* Source: The Dice Report, February 2012
4. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 4
Supporting 7,500+
premium members
worldwide
Partnering with 3,500+
schools and ICT training
groups worldwide
Certifying ICT
professionals in 150+
countries
2 Million+
Certified Professionals
A d v a n c i n g t h e G l o b a l I T I n d u s t r y f o r 3 0 + Ye a r s
5. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Worldwide Leading Provider of
Vendor-Neutral IT Certifications
5
Created by Industry for Industry
Relevant
Regularly updated
Internationally Recognised
Job Role Led
Span entry level roles – to help entrants to the
their first job – through to more advanced roles
Vendor Neutral / Inclusive
Independent of any particular technology,
product or platform
Reflect the diverse technologies deployed in
today’s organisation
6. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Skills: From Entry to Expert
8. CompTIA Security+ is the global benchmark for best practices in IT security.
Over half a million Security+ certified professionals worldwide
9. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 9
6 Skills Learnt with CompTIA Security+ (SY0-501)
# 2 T E C H N O LO G I E S
& TO O L S
# 1 T H R E AT S
# 5 I D E N T I T Y
& A C C E S S # 6 C RY P TO G R A P H Y
# 3 A R C H I T E C T U R E
& D E S I G N
# 4 R I S K
M A N A G E M E N T
11. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Wake up calls for the IT security world
12. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Disturbing trends
13
But the attacks are getting worse:
Automation
Scalable
On an “as a service” basis – hackers
are now on a “pay to play” basis
No longer need to be a security expert to wage attacks
IT security costs increasing
How do security professionals
justify expenses?
Hardware and software
solutions
Training – end users and
security professionals
13. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Technology changes
14
COMPLEXITY OF
PRIVACY
INCIDENT
RESPONSE
DISSOLVING
PERIMETER
EVOLVING
ENDPOINT
(IoT)
ENCRYPTED
TRAFFIC
VISIBILITY
SECURITY
POSTURE
NEW
SECURITY
CONTROL
ADOPTION
SECURITY
POSTURE
14. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Security trends
• Notice the “unknown” category
• Ransomware
• Social engineering
• Zero-day attacks
• Browser infections
• JavaScript
• Adobe / active content
• POS – still a problem
• DNS – again?!!
• Web-based attacks
• SSL/TLS
• SQL injection
• Malware
• Boot-based
• SCADA / industrial systems
• Mobile
• Botnet
15. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Where attacks tend to occur
• The interstices: Where one technology connects with another – the “in
between” places
• Examples
– Where “meat space” and
“cyber space” converge
• That evil television . . . Or notebook . . .
Or phone
• Business E-mail Compromise
• Coding issues
• Physical access to a building
– Wireless access points
(unencrypting data on the device)
– SMS/mobile/ and Web technologies: Facebook
– SQL and Web servers (SQL injection)
– Domain Name Server (DNS) network
17. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Advanced Persistent Threat (APT)
18
Long-term infiltration
– Requires significant reconnaissance
– Highly-skilled individuals
– Traditionally state-sponsored
– Not so much anymore
Planning
Malware
Introduction
Command
&
Control
Lateral
Movement
Target
Identification
Exfiltration
(Attack Event)
Retreat
Cloud implementation issues
– Weak authentication
– End points
– Practical monitoring
– IP theft issues
– Covert
channels
18. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Ransomware and BEC/BPC
19
19. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Hacking as a Service (HaaS)
20. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Just outsource for your hacking needs:
– No need to even be
technical
– Physical attacks
– Warehousing stolen data
and criminal data
– Hacktivism
– Attacks originate
from inside and
outside the company
21. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
DDoS attacks
22
Not just for script
kiddies anymore
Hacktivism
Misdirection
Managing DDoS
Network resilience
Traffic patterns
Attack traffic
Control
How do you manage the “hits”
22. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
A case in point – IoT: What it should be
1. Development of the IoT device
• Firmware / storage
• Connectivity
2. Network creation – making it work
• Smart cities
• Marketing
3. Maintenance – keeping it working
4. Data analytics
• Crunching numbers
• Identifying trends
• Determining product/service
placement
• Product features
• New data streams
Considerations: Speed to market, ease of communication,
ability to monetize.
23. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What IoT looked like in October 2016
• The Dyn attack heat map
• Just an example of what can – and will – happen worldwide
The question:
What was the
real objective of
this attack?
24. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Another heat map
• This is a map of the Wannacry attack
• 13 May 2017
25. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What if…
26. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
A conundrum
More resources are being directed
at security than ever before
Yet, attacks are on the increase
They’re also getting more severe
Why is this happening?
What approaches will help reverse this trend?
Moving beyond signature-based approaches is the
answer
According to the Ponemon
Institute, over the last five
years, 2,800 publicly disclosed
data breaches occurred to the
tune of roughly $139 billion.
Gartner: Over $75
billion spent in 2015
alone. Over $300
billion lost.
27. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Lessons learned
28
Apply behavioral analytics – known
as User Behavior Analytics and
Network Behavior Analytics – to
security workers.
We must focus on network behavior in
an organization’s interior network
We must identify network anomalies
that indicate bad behavior
Also, user-based anomalies
We must train IT security
professionals security analyst skills,
which include:
Threat modeling and management
Vulnerability management
Cyber incident response
Security and architecture tool sets
Anticipating ransomware
28. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
We asked over 2200 Security Analysts worldwide
about the skills needed…
29. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Critical skills
User / entity behavior analytics
– Targeted attacks
– ”Hidden” threats
– Machine learning algorithms
Threat modeling
– Threat hunting
– Determining susceptibility
Configuring threat detection tools
– Monitoring systems
– Proper placement
– Security Information Events Manager (SIEM)
30
Interpreting results
– Correlation between systems
– Creating risk ratings
Applying big data techniques
– Visualisation of the right data
– Structured and unstructured data
– Finding trends
Creating solutions
– Best practice solutions
– Organising and coordinating
a response
30. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cyber Kill Chain
31
Developed by Lockheed Martin
in 2010
A borrowed military concept
Potential to stop the bad activity at
any stage
Large scale breaches take weeks or
even months to unfold
– Hence the powerful nature of using
the Kill Chain approach as opposed
to the Security Onion
31. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Total number of job postings
Security Analyst job role
32
39,920
48,947
58,456
109,819
10,000
30,000
50,000
70,000
90,000
110,000
130,000
2012 2013 2014 2015
Information Security Analysts
Source: Burning Glass Technologies Labor Insights, January 2016
175% increase
from 2012 to
2015
Figure not just US data
– trend is worldwide
32. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Result
CompTIA Cybersecurity Analyst (CySA+)
Developed to address the need for IT Security Analysts.
As attackers have learned to evade traditional signature-based solutions, an analytics-
based approach has become extremely important. CSA+ applies behavioral analytics
to the IT security market to improve the overall state of security.
34. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The search for Cybersecurity Talent
Cybersecurity professionals combine broad
technical skills with specific security
expertise and an understanding of business
risk
Currently 1 Million unfilled Cybersecurity
jobs worldwide
In 2019, this number is set to rise to 1.5
million
UK has the third highest demand globally
for cybersecurity professionals
35
35. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
1. Emerging tech, i.e. IoT, AI, automation [59%]
Integrating different apps, data sources, platforms, devices [59%]
Cloud infrastructure / cloud apps [57%]
Digital business transformation / modernizing legacy HW or SW [57%]
Cybersecurity [55%]
Software or app development [55%]
Data management / data analytics [53%]
2.
3.
4.
5.
6.
7.
Top IT Skills Gap Areas
Source: CompTIA Assessing the IT Skills Gap | n=600 U.S. IT & business executives
Based on NET gaps (moderate gaps + significant gaps)
“Being able to integrate
new software quickly
enough, and having
efficient people to do so.”
-- Senior IT executive in
professional services
industry
36. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
1%
27%
29%
30%
40%
42%
42%
50%
57%
None of the above / other
Predictive analytics
Penetration testing / ethical hacking
Legal compliance / security policy development
and enforcement
Risk management / mitigation
Cloud security
Network monitoring / access management
Firewalls and antivirus
Data loss prevention / data security best practices
Cybersecurity Skills Gap Concerns / Priorities
A top concern for 42% of
firms reporting overall skills
gaps growing significantly
over the past 2 years
Source: CompTIA Assessing the IT Skills Gap | n=328 U.S. IT & business executives
reporting cybersecurity skill gaps
Areas of more
concern to IT
managers vs.
business managers
More of a concern for
business managers vs. IT
managers
37. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
National Cyber Security Centre (NCSC) initiatives…
Long term strategy of 5 – 20 years
Cyber Discovery Schools Programme
– Aimed at 14 – 18 year olds
Cyber First Programme
– Aimed at 11 – 17 year olds
– Bursaries for students
Supporting short term interventions e.g.
Certification-aligned training
Apprenticeships
38
38. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Upskilling and Reskilling the Workforce:
Cybersecurity Skills Pathway
39
39. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Security+ certified employees…
40
1 Are more confident
2 Are more knowledgeable
3 Reach job proficiency more quickly
4 Perform at a higher level
Source: IDC White Paper, sponsored by CompTIA, IT Support and Security Performance: The
Impact of CompTIA Certification on Organizational Performance, IDC #252603, December 2014
According to an IDC Report:
41. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CySA+ Performance-Based Assessments
The CySA+ exam includes hands-on, performance-based simulations.
To prepare for these performance-based assessments, trainers, educators and publishers
should emphasise open-source analytics tools and teamwork.
Recommended open source
software for training purposes*
Description URL
Wireshark Network protocol analyzer / packet
capture tool
https://www.wireshark.org
Bro and/or Snort Network intrusion detection
systems (NIDS)
https://www.bro.org
https://www.snort.org
AlienVault Open Source SIEM
(OSSIM) with Open Threat
Exchange (OTX)
Security Information and Event
Management (SIEM) software
https://www.alienvault.com/prod
ucts/ossim
Kali Linux Open Source Linux Distro used for
launching and protecting against
cybersecurity attacks
https://www.kali.org/
42. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certifications help to fill the Skills Gap
43
Certification
Sustainable Career
43. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 44
46. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Cyber Apprentice Experience
Application &
assessment
Pre-
Apprenticeship
Weeks 1-6: simple tasks,
progress reviews every
couple of hours
Months 1-4: simple
tasks, daily progress
review
Months 5-12: more complex tasks,
progress reviews twice a week
Months 12-18: like
a regular employee
START
APPRENTICESHIP
Months 18-24
Endpoint
Assessment
“A steep
development curve”
COMPLETE
APPRENTICESHIP
Confidence
Growth!
47. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 48
48. Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
For more information contact:
Zeshan Sattar
Senior Manager, Certification Evangelist
Mobile: : +44 (0) 7817 617 975
CompTIA UK, 11th Floor, City Point, 1 Ropemaker Street, London, EC2Y 9HT
Email: zsattar@comptia.org
Twitter: @zeshandotcom
49
Hinweis der Redaktion
Cybersecurity Skills: From entry to expert
501
Wake up call for the IT security world
Brought widespread attention to the “Advanced Persistent Threat”
Demonstrated that traditional security tools, such as firewalls and anti-virus, do not alone protect networks
Recent high profile attacks at Yahoo! and DYN (2016)
Everyday we wake up to a new cyber security breach. We have had a range of different attacks with the purpose of stealing data.
Source URLs:
http://www.zdnet.com/article/the-dyn-report-what-we-know-so-far-about-the-worlds-biggest-ddos-attack/
http://money.cnn.com/2017/02/28/technology/amazon-web-services-outages/
http://www.telegraph.co.uk/news/2016/11/17/three-mobile-cyber-hack--six-million-customers-private-data-at-r/
https://www.theregister.co.uk/2015/04/01/ethernet_alliance_plots_multiterabit_future/
1.2 Tbps – Ethernet Alliance hopes to have 1.6 Tbps out in 2025.
Spending on Security hardware and software has increased year on year. Yet, the skills required to carry out sophisticated attacks has decreased.
At the same time organisations are in a midst of a range of transformation.
Users are always on the go and are carrying sensitive data and access to company data on their mobile phones.
“where the meat meets the metal” – when connecting one system up with another one, there are always holes which attackers can exploit. Setting up a wireless routers to access the internet – using the default password or something that you can guess easily. Even worst where companies keep unencrypted files on devices which lists all these passwords.
Then we have to worry about our users. Users are always trying to get things done. This can introduce shadow IT – systems and platforms that are not monitored, secured or even known by IT.
This problem keeps getting worse, in spite of a marked increase in software and hardware spent on IT security.
We have a situation where attackers are getting into a system and monitoring communications.
Ransomware and BEC are closely-related.
As with the APT, BEC and BPC issues keep getting worse, in spite of a marked increase in software and hardware spent on IT security.
CEO story.
All available on the Dark Web.
The old is new again! DDoS attacks are the rage, now, because:1. Hacktivism.
2. Misdirection – people are attacking elsewhere. They want to draw your attention away from the real attack.
Useful Verisign report: https://blog.verisign.com/security/verisign-q2-2016-ddos-trends-layer-7-ddos-attacks-a-growing-trend/
Once again, this issue continues to be a serious problems.
And let’s take a look at what IoT can become:
Date of Wannacrypt attack: 12 – 15 May
Date of Manchester bombing: Monday 22 May
https://www.manchestereveningnews.co.uk/news/health/nhs-hospitals-cyber-attack-live-13027253
If multiple cyber attacks happen at the same time as a terrorist attack then there could be huge consequences
Air traffic control
Emergency services
Government services
The traditional approach isn’t working!
Signature-based IDS
Antivirus
Perimeter firewalls
So what we learnt is that we have to use behavioural analytics:
Geography
Data download
Traffic origin
Multiple password failure
Unknown device
Through surveys, roundtables, direct interviews, and Job Task Analysis sessions, we have asked thousands of people from these companies and many others about essential skills and job roles.
In contrast to the Onion security where once the attacker is in the system, it’s game over. The kill chain, on the other hand, is basically a workflow. It’s how the attacker approaches the “problem” of extracting data from an organization. The “kill chain” moniker is meant to encourage those of us in the Incident Response world that we have the potential to stop the bad activity at any stage of the game, and this is a powerful concept.
https://www.securestate.com/blog/2014/08/13/kill-chain
http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html
The U.S. Bureau of Labor Statistics predicts that information security analysts will be the fastest growing job category, with 18% overall growth between 2012 and 2022. Usual growth is 7%.
So in essence we NEED more Security Analysts or train current IT Pros to that level
Released: February 2017
On average, it takes around six months to fill a cyber security vacancy, and only 12% of the cybersecurity workforce are under 35 years old.
https://jps-selection.com/technology/2018/01/cybersecurity-skills-shortage-uk/
https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf
https://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html
http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/
Ensure the sustained supply of the best possible home-grown cyber security talent,
IDC Report #252603, December 2014
Most of the times to get to the end of a learning intervention you have to just “have a pulse”. You go through 1 to 5 days of training – whether online or in the classroom and the fact that you are still alive gives you a “certificate of completion”.
And support the lifelong learning agenda
18 months halflife
Apprenticeships are based on job roles. Our certs are based on job roles.
We are supportive of the UK government’s target of 3 million apprenticeships by 2020.
Employers want the certifications built in so that they have the peace of mind that their apprentices can function at an international level.
We’ve hired apprentices in the UK and US. Our certifications are used in a range of apprenticeship programmes in America and the UK>
Open-minded
Willing to learn
Can shape them how you want them to be
No age limits
Can use existing staff for retraining e.g. tech support to cyber apprentice