Cybersecurity Supply-Chain - fbcinc.comfinal).pdf · ISACA’s 2014 APT Study, ISACA, ... from ISDecisions', 2013; 6. SpectorSoft 2014 Insider Threat Survey, 1st ed. 2015, pp. 1-2;

Cybersecurity Supply-ChainWorkforce Management and Skills‐Gap Development

TRANSFORMING THE NEXT GENERATION WORKFORCEStudents learn the skills employers look for!

Global Problem - Critical Issues

Scaling a workforce of cyber skilled 

resources  

Accelerate training of students

Winning the War for Talent

Enterprise Skills Inventory and DevelopmentWorks for internal use cases too

Cut Cost And Time To ProductivityNew hires hit the ground runningHiring grads at $60K on 24‐month development; leave in 9‐months at $120K – unsustainable” – NY Bank.

Workplace SkillApplied Project Based

Learning

Winning the War-for-TalentAll fishing in the same pond for the top

5% when there a thousands of good candidates outside of traditional hiring

methods.

Greater Scalability - Less CostWider/Global reach for candidates

Students gain workplace skills while still at University .

Industry Recognised Transferable SkillsCommon taxonomy for job-role definitions agreed - andCertificates recognized by industry

Imbalance

External Threats• 62% increase in breeches in 20131

• On average, an advanced threat goes unnoticed on victim’s network for 8 months2

• $3 trillion total global impact of cybercrime1

• 1 in 5 organizations have experienced an advanced persistent threat (APT) attack3

• 2.5 billion exposed records as a result of a data breach in the past 5 years1

• Approx. 1 million new malware variants a day, for an overall total of 1.7 Billion4

• 1 in 6 mobile applications are classified as malware4

Insider Threats• About 58% of data security threats originate from

employees, ex-employees, and trusted partners5

• A single insider attack costs a company on average $412,0005

• Estimated 75% of all insider attacks go unnoticed6

• 62% of organizations did not increase security training in 20143

• 1 out of 3 security pros are not familiar with APT attacks3

• < 2.4% of graduating students hold computer science degrees7

• 1 million unfilled security jobs worldwide8

• 83% of enterprises currently lack the right skills and human resources to protect their assets9

Too Many Threats Too Few Professionals

While enterprises are under siege from a rising volume of cyberattacks, the global demand for skilled professionals sharply outpaces supply. Unless this gap is closed, organizations will remain at risk. Comprehensive educational and networking resources are required for everyone from entry-level to experienced professionals to meet the needs of organizations.

Sources: 1. Increased Cyber Security Can Save Global Economy Trillions, McKinsey/World Economic Forum, January 2014; 2. M-Trends 2013: Attack the Security Gap, Mandiant, March 2013; 3. ISACA’s 2014 APT Study, ISACA, April 2014; 4. Symantec ,2015; 5. C. Bunn, 'How IT Teams can Prevent Insider Threats from both Malicious and Careless Activity. - Enterprise Network Security Blog from ISDecisions', 2013; 6. SpectorSoft 2014 Insider Threat Survey, 1st ed. 2015, pp. 1-2; 7. Code.org, February 2014; 8. 2014 Cisco Annual Security Report; 9. Cybersecurity Skills Haves and Have Nots, ESG, March 2014

“Mind the gap!”Cybersecurity Workforce Alliance (CWA)

1. Standards, Approach and Engagement– NICE Taxonomy, Role Profiles, Assessments

2. Aligning Education with Industry– Awareness, Experience, Workforce Ready

3. Human Capital Supply Chain– Workforce Management and Skills Development

Supply

PassportTrusted Data

User Experience Skills & Work Product

ProjectsReal-World Challenges

AssessmentsLesson Plans

Resources

Role ProfilesCompetencies & KSAs

MatchingLibrary

• Federal Reserve Bank NY• Bank NY Mellon• Morgan Stanley• Goldman Sachs• Fidelity Investments• Capgemini• JPMorgan Chase• Express Scripts• Standard Chartered Bank• FCC• Perkins Coie• RANE Network

Original Founders

Cybersecurity Workforce Alliance (CWA)

Improve the cyber security skills and scale the college student and employee workforce, so they are more

attractive to hire and can provide almost immediate value to the public & private sector by improving a company’s Cyber

Security capabilities.

Purpose

Focus

Increase Awareness and Experience

Reduce the amount of training for college hires

Create the “perfect student candidate profile”

Real-World Experience - the "Epic Challenge"

Align Professional Certificates to Role Profiles

CWA Mission

CWA Members/Momentum• Jan 15 – SIFMA & CUNY  (Securities Ind. Financial Markets Assn 

480 members) supports Launch at City University of New York• April – NICE asks iQ4 to lead Workgroup for Private Sector• July – FSSCC (Coordinating Council 10k members) launches 

Workforce Workgroup • August – Internal Adoption large FS institutions begins• September ‐ SUNY launches University at Albany• October – Federal Communication Commission discuss alignment• October – Utilities Telecoms Council discuss alignment • October – CWA‐EMEA Launch in London• November 2015 – NICE presentation !

Education and Industry - StandardsRole Profiles – Professional Certificates

TECH-RISKInteresting, highly paid, front end challenging

Business ResilienceNeeds sector and employer’s business awareness and time on the job

Gov, Risk,

ComplianceNeeds GRC understanding, Jurisdiction

Examiners/Regulators“Not enough skills and people in GRC –as they are all moving to the front line”

CWA Extensions Private Sector

VirtualEpic

Challenges

Learned Knowledge

Professional Certificates

Applied Knowledge

Job Roles.

Competency BasedReal-World Challenges

Connecting Education And Industry’s Via Epic Challenges.

Competency Alignment

Workforce Ready Candidates 

Education Industry

People Not Aware Of Need Or Opportunity

79%Never spoken to a cybersecurity professional. This affects how much millennials know about the types of work involved in the field

Academia2-3 hours per week. Credited Course / Project

Industry MentorsIndustry team mentors2-3 hours per week. AssessmentsDefines Challenges

Students10-12 hours per weekAwarenessExperience

Epic Challenges Accelerate Training While Students in School“Having the poise, confidence and knowledge equal to someone with 12‐months experience” 

(Federal Reserve Industry Mentor)

Currently running “The Threat Within” designed by the CWA to develop the skills they for priority next-hires.

U.S. Employee Training 

$590 Billion

Savings$30 Billion

CWA FUNDING 

1%$590 Million

† 1.5 million positions @ $20k industry cost savings per position with iQ4.

SUNY & University at Albany &CUNY & John Jay College of Criminal Justice

Connecting Industry and EducationTRANSFORMING THE NEXT GENERATION WORKFORCE

Students learn the skills employers look for!

Student Demographics

• 17 Students Selected

• 4 Role Profiles (Governance, Risk, Behavioral, IT)

• None with prior applied learning experience 

• Only a few had Cybersecurity experience

“The students presented with the poise, confidence and knowledge of a newly hired student completing one year of training”

– Industry Mentor

Epic Challenge Statistics40 Students

34,545 Page Views 2x 2,853 Sessions  30%+ 13.35 Avg Pages / Session 12:11 Mins / Session 50%+

NOW YOU CAN JUDGE THE RESULTS 6 WEEKS – IMAGINE WHAT WE CAN DO?

30% of students participating switched concentrations to Cybersecurity

Human Capital – The Next Supply ChainJob-Roles On A Common Taxonomy

SourcingStudent SupplyAlignment of Education with Industry, connecting students with Real-World projects

SCALINGVirtual InternshipsProject-based team learning experience; industry mentored, stackable credentials

ProductivityCut Time and Cost6-12 week virtual-Internships = 12 months of work experience (Industry Mentor). Saves $10 -$30K per month

Next Generation (CWA)

Resilience/AgilitySkills Gap ClosedHuman Capital Supply Chain Management – take care of our greatest assets

Career PathwaysProgression mappingPersonal and team, retention, retirement / succession planning,

InventorySkills Profile PassportsCritical Roles, Staffing and Proficiency Levels, Career TrajectorySkills-Gap Development

Internal Use Case

Nullam eu tempor purus. Nunc a leo magna, sit amet consequat risus. Etiam faucibus tortor a ipsum vehicula sed suscipit.

Resource Inventory

Common Standards/ Frameworks Job Roles, Taxonomy And Platform

Student Employee

Skills GapsDashboard

Career Development

Productivity AgilityAssurance

Verified Data

StackableCredentials

IndustryCurricula

ScalableVirtual Reach

Life Cycle of Learning

• Awareness• Experience• Workplan: Syllabus, Curriculum,

Role Profiles, Assessments

Epic -Challenges

Cyber-InternshipsIndustry greatest challenges

• Role Based• Critical Staffing and Gaps• Career Pathways• Progression Mapping

Tooling (iQ4 Platform)

Workforce Management and Skills Development

• Level the Playing Field• Broaden reach• Cast a wider net

Accelerates Training

Slash cost and time to productivity

CWA - Alliance Objectives

• Taxonomy: Competencies, KSAs• Role Profiles• Professional Certificates

Standards /Frameworks

NICE - CWA defines extensions for Industry

CWA -USA

CWA -EMEA FutureCWA-APAC

CWA – A Global Response To Cyber ThreatCWA Agreed Extensions To NICE –

BY MEMBERS, FOR MEMBERS

New York City & StateIncludes:SIFMA, FSCC, FCC, UTC,Banks, Healthcare, City Uni NY, State Uni NY Capgemini,Universities, Community Colleges

London/EMEAIncludes:Lloyds Banking Group, BNY Mellon, Morgan Stanley, Goldman Sachs, Police Cybercrime Unit, Emergency Planning Centre, Capgemini,Universities, Community Colleges

(Future) India/APACIn discussionCWA Member’s Offshore workforce – USA & EMEA members with APAC Operations or Offshoring

Global Promotion & Adoption

Digital Badge CWA Certified Graduate Hire

Role Profile

Career Pathways

Analytics And Dashboard

Competencies And Gaps Dashboard

ANALYTICS

Competencies And Gaps Dashboard

Summary

NICE Framework is Systemized ‐ NowCWA extensions supported by DHS/NICE for all Public Sector Growing adoption by industry and industry bodies: SIFMA, FSSCC, NCC, UTC…..It works! 

g y

“The students presented with the poise, confidence and knowledge of a newly hired student completing one year of

training” – Industry Mentor

ContactFrank Cicio, Founder and CEO, iQ4e [email protected] 201 914 4655

Peter Meehan, SVP International, Londone [email protected] +44 7788 715 517