Month: March 2013

By understanding the needs of the industry and keeping on top of new technologies and threats, good CSOs can identify the special skills and expertise (such as analytics expertise or a specialty in malware) needed in their new hires on both the information- and physical-security fronts, says Young.

Tom Verzuh, president of recruiting firm SCW Consulting, is seeing great demand for physical-security professionals who are fluent in technology, especially digital-video software management and analytics.

“The way to increase your value as a physical security professional is to invest in learning the world of IP networking and Microsoft server technologies and data analytics solutions,” says Charles Foley, chairman and CEO of Watchful Software. “Security pros that know these two areas will be able to spearhead their companies efforts to streamline costs, increase value delivered, and will literally sell information collected to the rest of the organization.”

Information-protection skills are in great demand, according to Foley –in particular, knowledge of data-centric technologies such as enterprise rights management, multilevel security models, data classification techniques and biometrics.

This understanding is also important for recognizing where potential vulnerabilities might lie within the organization, such as with outsourced services or data, or lines of business that are popular targets for cyberattacks.

CSOs that have an advanced business degree such as an MBA are always going to be that much more desirable than those who do not, according to Jerry Irvine, CIO of IT outsourcing company Prescient Solutions and a member of the National Cyber Security Task Force. Not only must CSOs make complex security issues understandable to the enterprise at large, they must also make it clear how important security risk, particularly digital risk management, is to the executive suite’s agenda. David Luzzi, executive director of Northeastern University’s Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.

Link: http://www.cso.com.au/article/455664/hot_security_skills_2013/

In a paper (PDF) released late last year, “Proactive Defense for Evolving Cyber Threats,” Sandia researchers Richard Colbaugh and Kristin Glass outline a computer model that they claim can monitor the Internet to identify volatile situations weeks before they go south—with “perfect accuracy.” While that information may be enough for a retailer to bet that the “steampunk” look will be the next hipster fashion, it’s what spymasters call “non-actionable intel.”

They start by tracking how many times a specific phrase turns up, using a website that tracks memes daily—sort of an early early warning system. … Their approach works, Colbaugh says, because it’s a blend of social science (the power people have to influence others) and computer science (the power of Big Data).

Intelligence agencies, embarrassed by the unforeseen events that lead to the Arab Spring and historic changes in the region, have been working on open source tools (PDF) that will make them more prescient about world events.

The research, Colbaugh points out, is in the public domain and it wouldn’t be difficult for a large corporation concerned about cyber attacks, say in financial services, to modify the model for its use. Encouraging as the research appears, it is not designed to replace existing cyber security tools or traditional methods of intelligence gathering. It is best used to zero in on public chatter on the Web—not the modus operandi of your lone cyber criminal or a state-sponsored pro because, as John Pescatore, director of emerging security technologies for SANS Institute, points out: “They’re not going to yak about it on social media.”

Link: http://www.businessweek.com/articles/2013-03-04/this-research-paper-explains-how-to-predict-the-next-arab-spring-and-cyber-attacks#r=pol-s