October is National Cyber Security Awareness Month and week-two brings us an interesting and very relevant topic: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
A focus of ours at Security Innovation is to make security approachable, fun and interesting to all, and the very reason we support initiatives such as STEM ( Science, Technology, Engineering and Math Education) and ICMCP ( International Consortium of Minority Cybersecurity Professionals) as well as, WISP ( Women in Security and Privacy). We can all reap the technological and societal advancements that occur when we diversify the talent pool and bring new and fresh perspectives to the challenges in front of us.
We recently sat-down with Lisa Parcella, VP of Product Management and Marketing at Security Innovation and asked her, her thoughts on diversifying the cybersecurity talent pool:
Q. How did You get into security?
A. I fell into security from a non-technical role, coming in by way of designing and building security training alongside security experts and realized I had a great passion for helping others really embrace and excel in the security space. In my role as Vice-President of Product Management and Marketing, I am able to work with organizations such as EWF, WISP, ICMCP, corporate women's networks, colleges and regional STEM organizations to bring workshops and seminars around security to underserved populations to help them learn more about cybersecurity and further their careers in cybersecurity.
Q. What is your role with WISP?
A. Women in Security and Privacy is an organization dedicated to advancing women to lead the future of privacy and security and they do this through mentoring, networking, hosting events and workshops and sponsoring women to further their education in numerous ways. I currently serve on the WISP Management Team as their Marketing lead.
Q. Why do you support these initiatives?
A. Unfortunately, like too many women, I did not pursue a degree in STEM fields, though as an adult I came back to STEM through cybersecurity and technology. It is important to me to engage women of every age and keep their passion alive for STEM initiatives, so that we can increase the number of women in STEM fields and reap the technological and societal advancements that can occur when we diversify the talent pool and bring new and fresh perspectives to the challenges in front of us.
Q. Why are tools like cyber ranges so effective from a learning methodology perspective?
A. Cyber ranges are incredibly effective as a learning tool for many reasons. They are experiential learning tools, or learn-by-doing, so they encourage people to explore, search for solutions and learn in a way that is exciting while also helping to solidify the concepts they are learning about by seeing them come to life right in front of their eyes. It is educational to read or watch a video about how an attacker thinks, but it is transformative to become that attacker and use your wits and knowledge to perpetrate an actual attack.
Q. In regards to a recent Kids Camp at DEFCON this past summer, an 11-year-old girl was able to hack her way into a replica of the Florida State election website in under 10-minutes. This is a good example of utilizing tools to learn while engaging the younger generation. How is it that an 11-year-old appears to be "smarter" than the folks managing the site?
A. I don't think smarter is the focus, but rather the fact that the 11-year-old had the curiosity ( and encouragement to pursue her technology interest) and the time to pay attention to the web site and look for inconsistencies; she was observant, patient and intelligent, stitching together the clues she found until she was able to put them to use to disrupt the site. Is she that smart? Is her “learning by doing” a better way of getting smarter than the skills development programs the state of Florida may follow? Perhaps?
Q. Is security that difficult?
A. Security doesn't have to be difficult, it just has to be important to an organization. There are many ways to implement security, from processes, tools and technologies, to training individuals on security by design and secure coding best practices. When it comes to security, the combination of all three strategies is the best approach to ensure you are doing your due diligence to keep your applications and environment secure.
Q. Are people ignoring best practices?
A. I don't know that people are ignoring best practices, but it is true that the same vulnerabilities that have been plaguing applications since the dawn of the internet are still the top offenders in terms of application exploit. Today's security budgets are the same as they were last year, and likely even the year before, while the skill gap in the cybersecurity workforce has grown, as well as the exploitable attack surface and number of security concerns within any given organization. Security is a mindset that has to be considered at the most fundamental level of an organization when building an application or environment, and considered throughout the development lifecycle as well as reaching into the realm of an organization's infrastructure. There is no place within an organization that should be exempt from understanding how security plays a role for them both professionally and personally.
Security Innovation is currently hiring for several roles in the cybersecurity field. Check out our careers section on our website to learn all about these amazing opportunities: https://www.securityinnovation.com/company/careers
