Last week I had the opportunity to attend
InformationWeek/Dark Reading virtual symposium IT
Security the Next Decade. What an eye opener! This
session outlined the
most dangerous IT threats of the next ten years and what you can do today to
protect today’s enterprises. While the
threats are many, what was even more enlightening was the increased levels of
specialized training that will be required to meet these threats.
Specialization is nothing new. The fields of medicine, law and
architecture are fields that have existed for hundreds of years and individuals
have had to meet more increasing levels of training, development and internship
in order to be considered a professional in that field. None of us would
consider using our family medicine doctor to perform surgery and Tiger Woods
lawyers I assure you are not just specialized in getting their clients free and
clear from traffic violations.
The idea here is that the IT field, and especially the IT
Security field, is increasing in sophistication and will require specialists
that have the same advanced training, development and internship as doctors,
lawyers and architects. It won’t be good enough going forward with individuals
who are “just” certified, they will need more and the marketplace will demand
more in order to stay on top of the threats of tomorrow.
We see some specialization already inside the industry. Cisco Systems has added six new
education specializations that are modeled for a specific skill on a specific
platform. While they offer four tiers of technology specializations—Entry,
Express, Advanced and Master—presently they are only providing education
specializations that map to the Advanced. In other words, we are in the infancy
stages. Market demand will result in more and more product vendors offering education
specializations as well as vendor-agnostic technology platforms that will
require a deeper knowledge just to stay ahead. We are going deeper than ever
before.
Black Hat states that “As we come to the end of the first decade
in the new millennium, the IT industry faces some of the greatest security
challenges in its history. In fact, 2009 saw more breaches, more malware, and
more zero-day exploits than any year before. “Our dependence on the web will just
keep increasing and that only means that vulnerabilities against the
applications we are dependent on from the web will increase. I for one thought Malware and Phising were bad…These are nothing
compared to SQL injection, Cross Site
Scripting, Imperva ADC, and all the
threats that most of us haven’t even heard of.
So how will you be trained on or perhaps be providing the
training for these threats? How are we to lead in insuring we protect against
the security challenges
that not only are here today but will be coming in the future with Web 2.0 AND
Web 3.0? While cloud computing, open-source and seemingly unlimited data
storage may seem like nirvana, it’s a double edge sword. What good are all of
those if each one just contributes to the destruction of information integrity?
I look
forward to your continued feedback and as always feel free to contact me
anytime at bob.austin@itlearnblog.com
