The Biden Administration has released the National Cyber Workforce and Education Strategy, aiming to reduce the cyber workforce gap and to encourage individuals to enter the cyber workforce:
Technology and humanity are intertwined. Technology itself does not have a value system; rather it carries the values of its owners and operators. Cyberspace is composed not only of technology and protocols, but also people. People are an integral part of cyberspace, both in creating and using it. In less than a generation, technology has transformed our daily lives – among other things, we pay bills, connect with families and friends, build businesses, and build communities. We rely on cyberspace for our national security, economic development, and innovation. More than any other domain – air, space, sea, or land – people conceived of and created cyberspace and will continue to improve it. The Biden-Harris Administration’s 2023 National Cybersecurity Strategy establishes an affirmative, values- driven vision for a secure and resilient cyberspace that enables us to achieve our collective aspirations. To achieve a vision aligned with our values, we must ensure that people are appropriately equipped. This National Cyber Workforce and Education Strategy provides a critical element of the President’s approach to securing cyberspace.
I have secured some commentary on this strategy, which I have printed below:
Debbie Gordon, Founder and CEO, Cloud Range
We are excited to see the Biden Administration addressing the critical cyber workforce needs. While this is a significant step forward in direction, there are some areas where “the how” or more guidance could be beneficial. For example, in section 2, under Transform Cyber Education, it mentions “expand competency-based cyber education.” Expanding competency-based cyber education is only attainable by utilizing simulation based training to overcome the age-old conundrum of you can’t get experience without a job and you can’t get a job without experience. The only way to do this is to incorporate experiential learning in the form of advanced simulation into cyber education programs. Too many people are coming out of universities and community colleges with degrees or certifications that they still can’t get a job because they have no practical experience. Utilizing simulation based training to augment traditional cybersecurity training will enable students to be prepared to be productive on the job from day one, and will give employers the confidence that they have experienced candidates at the ready.
Sherron Burgess, VP Strategy, Cyversity
The National Cyber Workforce and Education Strategy sets a direction for both workforce and education, while taking an ecosystem-focused approach. This strategy builds on previous efforts from the administration—holistically approaching the gap—engaging stakeholders across education, industry, research, etc. and spanning federal and industry workforces.The Biden Administration’s strategy also represents an innovation in transforming cyber education, which is absolutely necessary in engaging underrepresented groups through new and existing initiatives. Finally, we commend the strong focus of the strategy on lifelong skills—and removing some of the conventional barriers to entry to cybersecurity. And, importantly, the strategy follows the newly released GAO Cybersecurity Workforce report, “National Initiative Needs to Better Assess Its Performance” on NIST’s NICE program, highlighting its strengths and the shortcomings.
Candy Alexander, President, ISSA
The cyber skills shortage has been an ongoing issue for more than 20 years and with the digital footprint encompassing all areas of our lives this comes at a great time. Current education does not provide hands on skills-based readiness to bring entry level and those changing careers to a real work situation. With the combination of skills needed in the industry and communities of individuals in need of skills and career paths, the National Cyber Workforce and Education Strategy couldn’t be timelier.
ISSA has long been studying the life and times of the cybersecurity professional for the past 7 years and has seen little change in the skills gap. In fact, it is widening. The Biden Administration’s strategy is exactly what the industry needs and addresses what we have been advocating for: the collaboration of education institutions, government programs, corporate organizations, and the cyber association communities to build pathways to bridge the gap between pure education and employment.
This is a good move by the Biden administration as having a skilled workforce enables so much when it comes to cyberspace.
UPDATE: I have one more comment:
Emily Phelps, Director, Cyware:
“We’re encouraged to see the Biden-Harris Administration recognize and take action to address the cybersecurity skills and diversity gaps that have continued to impact organizations and individuals. Improving diversity among cybersecurity professionals will not only help increase the volume of cybersecurity experts, but diversity of perspectives and backgrounds will make the industry more effective overall.
“In cybersecurity, we must think about our work as the industry vs. the adversary. Improving accessibility to cyber education, diversifying the cyber workforce, bolstering cybersecurity understanding, and increasing collaborative partnerships will help establish a strong foundation to close the skills gap and support resiliency.”
Cado Security Labs Releases Inaugural 2023 Cloud Threat Findings Report
Posted in Commentary with tags Cado Security on August 2, 2023 by itnerdCado Security, provider of the first cloud forensics and incident response platform, today announced the release of Cado Security Labs 2023 Cloud Threat Findings Report. The report reveals noteworthy discoveries about the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.
Cado Security Labs is the internal threat research division within Cado’s engineering team. Responsible for conducting industry-leading threat intelligence and cloud security research, the team proactively monitors the latest cloud attack trends and Tactics, Techniques, and Procedures (TTPs). Since its inception, Cado Security Labs have discovered numerous novel cloud-based malware and threat techniques. One such example being Denonia, the first publicly-known case of malware specifically designed to execute in an AWS Lambda environment.
Cado Security Labs researchers operate honeypot infrastructure to collect cloud attacker telemetry across services known to be targeted by cloud-focused threat actors. Findings are examined in real time and novel attack patterns are identified, reported on, and distributed to the security community.
As organizations increasingly embrace cloud technologies and inherently expose themselves to new and evolving risks, understanding emerging cloud trends on a deeper level is critical. In this report, Cado equips the security community with knowledge that will help them better protect against the latest threats.
Key findings from the report include:
From the attacker telemetry analyzed, Cado Security Labs has derived several projections and recommendations. The team anticipates attacks leveraging serverless functions will increase in severity and sophistication, ransomware groups will develop more non-Windows ransomware, and threat actors will continue to exploit cloud services to aid in phishing and spam campaigns.
In light of these predictions, Cado Security experts advise organizations to understand the AWS shared responsibility model, ensure access to relevant evidence, limit the exposure of services like Docker and Redis, check public repositories for cloud credentials, and apply the principle of least privilege.
To download the full report, please visit: https://offers.cadosecurity.com/cado-security-labs-2023-threat-findings-report.
Leave a comment »