The Gender Gap in Cybersecurity Can, and Should Be, Closed

The challenge at hand, to ameliorate the shortage of cybersecurity professionals and close the gender gap, is to educate, train, and facilitate women to fill the pipeline for a qualified information security workforce.

There are huge, growing demands for a modern cybersecurity workforce in both the private and public sectors; there is also a significant shortage of skilled professionals. There is an especially wide gender gap in cybersecurity and in many technology jobs as well. But this is a gap that can, and should, be closed. Continue reading “The Gender Gap in Cybersecurity Can, and Should Be, Closed”

Grading Global Boards of Directors on Cybersecurity

Despite apparently being way ahead of their contemporaries in the E.U. countries surveyed, US and UK directors and executives clearly have work to do. One cybersecurity executive aptly noted: “Cyber security is ‘no longer a dark art but an everyday business practice that must pervade every level of the organization.’”

On April 1, 2016 NASDAQ, along with Tanium (a leading-edge cybersecurity consultant), released a detailed survey of nonexecutive (independent) directors and C-suite executives in multiple countries (e.g., the US, UK, Japan, Germany, Denmark, and the Nordic countries) concerning cybersecurity accountability. [1] NASDAQ and Tanium wished to obtain answers to three basic questions: (1) how these executives assessed their company’s vulnerabilities to cybersecurity threat vectors; (2) how they evaluated their company’s readiness to address these vulnerabilities; and (3) who within the company was held “accountable” for addressing these cybersecurity vulnerabilities. Continue reading “Grading Global Boards of Directors on Cybersecurity”

Navigating the Cybersecurity Storm in 2016

“Our nation is being challenged as never before to defend its interests and values in cyberspace. Adversaries increasingly seek to magnify their impact and extend their reach through cyber exploitation, disruption and destruction.”

—Admiral Mike Rogers, Head of US Cyber Command September 9, 2015

A very recent article in the UK publication The Guardian, entitled “Stuxnet-style code signing of malware becomes darknet cottage industry,” [1] raises the specter of bad actors purchasing digital code signatures, enabling their malicious code to be viewed as “trusted” by most operating systems and computers. Two recent high profile hacks utilized false or stolen signatures: Stuxnet, the code used to sabotage the Iranian nuclear program, allegedly jointly developed by America and Israel, and the Sony hack which was allegedly perpetrated by the government of North Korea. Both of these instances involve sovereign states, with effectively unlimited resources. Continue reading “Navigating the Cybersecurity Storm in 2016”