Wednesday, October 26, 2016

A quarter of a century of computer and network security research and writing


Twenty-five years ago this month McGraw-Hill published a book I wrote about computer and network security. And the first thing I tell people about this book is that I did not put the word "complete" in the title! That was the publisher's decision. Because if there was one thing that I learned in the three years during which I researched the book it was this: there will never be a "complete book" of security.

The second thing I tell people is that The Stephen Cobb Complete Book of PC and LAN Security was not a big seller. Indeed, it was a complete flop compared to some of the other books I wrote in the late 1980s and early 1990s. My best seller...

Thursday, October 13, 2016

More about the cybersecurity skills gap

[Update 2/25/17: now available, 68-page dissertation/report on the cybersecurity skills gap and the makings of effective CISOs.]

In October of 2016, I presented a paper titled "Mind This Gap: Criminal Hacking and the Global Cybersecurity Skills Shortage, a Critical Analysis." The venue was Virus Bulletin, a premier event on the global cybersecurity calendar that is particularly popular among malware researchers (for the story of how "VB" achieved this status, see below).

Papers and Slides

When your proposed paper is accepted by the VB review committee, you first have to submit the paper, then deliver the high points in a 30 minute presentation at the conference, which takes place several months later. In this case, the elapsed time between paper and presentation was very helpful because it allowed me to incorporate some of the findings from my postgraduate research into my conference slides, which are available for download here: Mind This Gap.

The VB conference papers are published in an impressive 350 page printed volume. However, the conference organizers have kindly given me permission to share my paper - which is only 8 pages - here on the blog:
As you may know, I've been studying various aspects of the cybersecurity skills gap this year, I put together a short white paper about the size of the gap:
Later this year I hope to publish the full results of my postgraduate research which looks at some of the assumptions behind efforts to close cybersecurity skills gap.

A note about Virus Bulletin