Thursday, October 13, 2016

More about the cybersecurity skills gap

[Update 2/25/17: now available, 68-page dissertation/report on the cybersecurity skills gap and the makings of effective CISOs.]

In October of 2016, I presented a paper titled "Mind This Gap: Criminal Hacking and the Global Cybersecurity Skills Shortage, a Critical Analysis." The venue was Virus Bulletin, a premier event on the global cybersecurity calendar that is particularly popular among malware researchers (for the story of how "VB" achieved this status, see below).

Papers and Slides

When your proposed paper is accepted by the VB review committee, you first have to submit the paper, then deliver the high points in a 30 minute presentation at the conference, which takes place several months later. In this case, the elapsed time between paper and presentation was very helpful because it allowed me to incorporate some of the findings from my postgraduate research into my conference slides, which are available for download here: Mind This Gap.

The VB conference papers are published in an impressive 350 page printed volume. However, the conference organizers have kindly given me permission to share my paper - which is only 8 pages - here on the blog:
As you may know, I've been studying various aspects of the cybersecurity skills gap this year, I put together a short white paper about the size of the gap:
Later this year I hope to publish the full results of my postgraduate research which looks at some of the assumptions behind efforts to close cybersecurity skills gap.

A note about Virus Bulletin



The origins of Virus Bulletin date back to the 1980s when the first wave of malware or malicious software started impacting computer security. Back then, the most common form of malware was the computer virus, code that is designed to self-replicate. This typically spread between computers on floppy diskettes.

People seeking knowledge about computer viruses back then had limited options. The percentage of computer users with access to any form of email was very limited and the first web server didn’t go live until 1990. Coincidentally, 1990 is the same year that the term “malware” was coined, although it took a long time for malware to supersede “computer virus” as a common umbrella term for things like worms and trojan code as well as viruses. (Even today, a lot more people put the search term “antivirus” into Google than “antimalware”.)

So, back in 1989, when a group of researchers decided to spread information about computer viruses and how to thwart them, they had to publish something on paper that was delivered through the postal service, hence the term "bulletin." The term "virus" was used because "malware" had not yet been coined. The Virus Bulletin publishers organized the first conference in 1991 and it has been held every year since then. There are some folks who have been to every VB conference (I first spoke at VB in 1994 but have only been to six in total, a lot less than some of my colleagues who have 20 year pins already.)

No comments: