Cyber Security Minorthread

[Admiral Yi]

Glenn Greenwald? 

[Valmy]

Israel is the only fucking country in the middle east that is a fucking democracy with values aligned with the US.

Well I used to think that was good until I realized what sorts of parties other democracies in the Middle East would vote for.

[Eddie Teach]

Israel is the only fucking country in the middle east that is a fucking democracy with values aligned with the US.

Well I used to think that was good until I realized what sorts of parties other democracies in the Middle East would vote for.

Hence the "values aligned with the US" qualifier. Now, to what extent that is true... /shrug

[Siege]

Israel is the only fucking country in the middle east that is a fucking democracy with values aligned with the US.

Well I used to think that was good until I realized what sorts of parties other democracies in the Middle East would vote for.

Hence the "values aligned with the US" qualifier. Now, to what extent that is true... /shrug

Why do you shrug?
Israel is a western democracy.
Do you really doubt it?

[Valmy]

Why do you shrug?
Israel is a western democracy.
Do you really doubt it?

In what sense?  Most people in Israel are not westerners.  It is certainly a functional democracy.

[Eddie Teach]

Why do you shrug?
Israel is a western democracy.
Do you really doubt it?

They're not as secular as we are, for one.

[CountDeMoney]

They're the "Judeo" in "our common Judeo-Christian heritage", dammit.  Don't start getting all anti-semitic on me even though Siegy is a dick, people.

[Valmy]

They're the "Judeo" in "our common Judeo-Christian heritage", dammit.  Don't start getting all anti-semitic on me even though Siegy is a dick, people.

Plenty of the "Christians" are not Western either.

[The Brain]

Israel is the only fucking country in the middle east that is a fucking democracy with values aligned with the US.

Well I used to think that was good until I realized what sorts of parties other democracies in the Middle East would vote for.

[Valmy]

Having Middle Eastern Democracies

[CountDeMoney]

They're the "Judeo" in "our common Judeo-Christian heritage", dammit.  Don't start getting all anti-semitic on me even though Siegy is a dick, people.

Plenty of the "Christians" are not Western either.

But we love them anyway.  So what's your point?

[CountDeMoney]

OK, an actual article on Cybersecurity I found very intriguing, and wanted to see what the Groundlings thought of it, particularly the five premises in bold--

Networking Nuggets and Security Snippets
By Jon Oltsik
Opinion
0% Cybersecurity Job Unemployment in Washington
A microcosm that demonstrates the consequences of the global cybersecurity skills shortage
Network World | Feb 26, 2015 7:11 AM PT

I've written a lot about the global cybersecurity skills shortage over the past few years.  Here's some recent ESG data that illustrates this problem (note:  I am an ESG employee):

    Of those organizations hiring additional IT staff in 2015, 43% plan to hire IT security professionals – the highest percentage of all types of IT skills.
    At the same time, 28% of organizations say they have a "problematic shortage" of IT security skills – the highest problematic shortage of all types of IT skills.

This data indicates strong demand and weak supply of IT security skills across mid-market and enterprise organizations around the world.

This week, I attended an event sponsored by Hexis Cyber Solutions.  As part of his presentation, Hexis's CTO, Steve Donald, provided yet another metric about the cybersecurity skills shortage when he mentioned that there is 0% unemployment for cybersecurity professionals in the Washington DC area.

Now this may sound like an ideal situation where supply and demand are balanced but the opposite is actually true.  In fact, economists tend to believe that the economy is most healthy when unemployment rates hover around 3%.  So what happens at 0% unemployment?  The Hexis CTO stated that 0% cybersecurity unemployment in DC has led to:

    Salary inflation as everyone is competing for the same pool of potential applicants.
    Productivity issues as cybersecurity professionals are barraged by headhunters and recruiters.
    High turnover since cybersecurity professionals are constantly job hopping.
    Inefficiencies as marginally-qualified cybersecurity professionals are getting jobs that they otherwise wouldn't be offered.
    High costs as organizations are forced to pour money into training the inexperienced cybersecurity professionals they have to hire.

Aside from the overall situation in DC, these issues are most acute in the federal government itself – mostly for civilian agencies but defense and intelligence is also feeling the pain.  Cybersecurity pros who cut their teeth in defense and intelligence can make 2x to 3x in the private sector – especially when they are offered jobs in the financial services industry.  And with job offers coming from all directions, few experienced cybersecurity professionals have the patience for time-consuming federal recruiting/hiring processes.

So in addition to the organizational woes described above, 0% unemployment in DC touches all US citizens.  Government agencies remain understaffed and under-skilled putting us all at risk.

While Washington DC is somewhat unique it is also represents a microcosm of a global problem.  The same thing is happening in London, New York, Ottawa, and Tokyo, albeit at a slower pace.

I truly believe that the cybersecurity skills shortage represents one of the biggest challenges we face and it deserves a lot more public/private sector attention.  We need to invest in STEM programs and cybersecurity education on a more strategic basis before we face 0% cybersecurity unemployment – and the associated ramifications – everywhere.


Jon Oltsik is a principal analyst at Enterprise Strategy Group ESG and has been quoted in the Wall Street Journal, Business Week, and the New York Times.

[viper37]

Back on Lenovo and Superfish, the threat was not just theoritical and has been used against real people by similar softwares:
Researchers unearth evidence of superfish style attacks in the wild

Of note:

The common thread among all the titles was a code library provided by an Israel-based company called Komodia.

So, is Israel the biggest threat to world peace now? In front of the US?

[viper37]

OK, an actual article on Cybersecurity I found very intriguing, and wanted to see what the Groundlings thought of it, particularly the five premises in bold--

    Salary inflation as everyone is competing for the same pool of potential applicants.
    Productivity issues as cybersecurity professionals are barraged by headhunters and recruiters.
    High turnover since cybersecurity professionals are constantly job hopping.
    Inefficiencies as marginally-qualified cybersecurity professionals are getting jobs that they otherwise wouldn't be offered.
    High costs as organizations are forced to pour money into training the inexperienced cybersecurity professionals they have to hire.

these are the consequences of manpower shortage, it happens everywhere there's a shortage, either naturally (market) or legally (govn't) induced.

You take unskilled people and your train them on spot because you can't afford to not have people working.  We've been living with this for years now, we get used to it.

[grumbler]

OK, an actual article on Cybersecurity I found very intriguing, and wanted to see what the Groundlings thought of it, particularly the five premises in bold--

    Salary inflation as everyone is competing for the same pool of potential applicants.
    Productivity issues as cybersecurity professionals are barraged by headhunters and recruiters.
    High turnover since cybersecurity professionals are constantly job hopping.
    Inefficiencies as marginally-qualified cybersecurity professionals are getting jobs that they otherwise wouldn't be offered.
    High costs as organizations are forced to pour money into training the inexperienced cybersecurity professionals they have to hire.

these are the consequences of manpower shortage, it happens everywhere there's a shortage, either naturally (market) or legally (govn't) induced.

You take unskilled people and your train them on spot because you can't afford to not have people working.  We've been living with this for years now, we get used to it.

Yep.  The old saying applies:  "If a job is worth doing, it is worth doing poorly." Sometimes there just aren't the resources to do it well.

The idea that "we need to invest in STEM programs and cybersecurity education on a more strategic basis" is part of the reason why we have shortages:  strategic decisions are wrong far more often than right.  As pay rises, people will seek the training and the shortages will therefor ease.  If we wait until "we" come up with a strategic "investment" plan,  get it approved, get funding for it through the budgeting and procurement process, and write and promulgate all the regulations, the problem will never end, because the strategic plan will be solving the problems of ten years past.