The onset of cyber fatigue
18 July 2017 – It was six years ago (the summer of 2011) that I was at the Johns Hopkins University School of Advanced International Studies in Washington, D.C. listening to a keynote address by Joseph Nye at a conference about “Power”.
Nye’s theories on “soft” and “smart” power need no introduction in the field of international relations. No one has done a better job addressing the evolving notion of power in a new world of non-state actors, weak state actors, and emerging economies and technologies. His latest book at the time, The Future of Power, had just been released.
He was prescient. The Information Revolution — the rapid technological advances in computers, communications, and software that have led to dramatic decreases in the cost of creating, processing and transmitting, and searching for information — would “flatten bureaucratic hierarchies and replace them with network organizations. More governmental functions will be handled by private markets as well as by nonprofit entities”. A much larger part of the population both within and among countries will have access to the power that comes from that information.
And then his “power shot”, so to speak. There was an explicit danger. He believed that the earlier “simple dream”– the rapidity and scope of communication would break down barriers between societies and individuals and provide transparency of such magnitude — was NOT the way this would evolve. Just the opposite: cyber networked transparency and the absence of privacy “will propel itself into a world without limits or order, forcing us to careen through crises without comprehending them. And it’s prime target: the U.S.”
His comments struck a chord and they launched me into a full study of cyber war and cyber security via a MOOC program at Johns Hopkins. Plus I attended 6-8 cyber events a year. This year alone I have attended five such events, including: Europe’s mega event, the International Cybersecurity Forum in Lille, France; several FireEye and Palo Alto Networks workshops; the Munich Security Conference in Munich, Germany; and now the recently completed Digital Investigations Conference in Zurich, Switzerland which is a mix of cyber security, e-discovery and digital forensics.
Yes, the relentless barrage of cybersecurity attacks and warnings have given all of us “cyber security fatigue” — much to the worry of cyber experts — but we need to soldier on and attend these events to learn about cyber technology, cyber warfare and cyber security; have the opportunity to meet the major players in cyber security; and take stock of the tendencies and trends regarding cyber attacks, and especially of the solutions now available.
One of the biggest issues facing the cyber security industry, both government and private: the mounting cyber security skills shortage. At a NATO cyber workshop earlier this year I learned that the U.S. Cyber Command, NATO militaries (and Western intelligence in general) have been slow to evolve a response to these new threats. Yes, we have seen some major investment in cyber defense. But the military mindset is still based on a career of training for physical battlegrounds and the use of kinetic weapons, not missions fought in the information space. The big take-away: a presenter from NATO intelligence said they believe there are currently more than one million Russian programmers engaged in cyber crime. These programmers are affiliated with 40 Russian-based cyber crime rings. The United States and its partners could not feasibly match this level of manpower using only government agencies and employees. Hence the heavy reliance on the private cyber security industry.
But the private side has issues, too. For corporations, the cyber security skills shortage is as great if not greater and this poses a significant threat to organizations’ defense strategies. The Frost & Sullivan 2017 Global Information Security Workforce Study (pretty much the premier guide in this area) lays bare the scale of the cyber security skills shortage, demonstrating that while demand for security professionals is growing, the supply of these professionals is not able to keep pace. The report estimates a global shortfall of information security staff of 1.5 million by 2019.
So it was refreshing over the weekend to read a piece by Jared Coseglia, CEO at TRU Staffing Partners, entitled Could e-discovery pros fill the insatiable demand for cybersecurity talent? For those of you who know Jared or who have worked with him he always seems to be ahead of the curve. I know him because of my e-discovery/cyber security job posting company. Jared has over thirteen years of experience representing talent in the e-Discovery space and cybersecurity space. He has worked with everybody: the AmLaw200, the Fortune 1000, the Cyber500, the Big 4, etc. He writes extensively and he has pointed out that if you are involved in cyber, some of the highest demand is for certifications like CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), and CISA (Certified Information Systems Auditor).
And as for the cyber security skills shortage, the e-discovery industry might come to the rescue. In the article I referenced above Jared says:
As the [legal technology] industry commoditizes, opportunistic experts in electronic discovery are looking at cybersecurity as their next logical career path. Cybersecurity and information protection experts would be wise to respect and self-educate on legal technology trends and talent, specifically the electronic discovery industry, as these communities are headed for a collision that will forever entwine the two disciplines.
He then goes on to discuss why e-discovery professionals will affect and permeate the cybersecurity job market, noting that many attorneys are coming from enriched backgrounds in e-discovery law and are quite technically oriented. He also notes that the yearning of legal technology sales talent to sell offerings beyond e-discovery coupled with the rapid consolidation of ESI vendors has caused the beginning of an exodus of business development talent.
And he has much more to say. For his piece click here.