Building Cyber Warriors - ITEA · Cyber Warriors . Need to Share Whose got your data? 2011 GTRI...
Transcript of Building Cyber Warriors - ITEA · Cyber Warriors . Need to Share Whose got your data? 2011 GTRI...
Building
Cyber
Warriors
Jeff Moulton, CISSP, PMP Director, Information Operations
and Program Development
Pentagon Cyber Strategy
Building Cyber Warriors
2011 GTRI Overview - 3
• Historical context
• What’s worked
• What hasn’t worked
• How do we get where we want to be
Overview
PAST
Additional duty
Compliance-based (IA controls)
“Platform IT” -- bolt it on
Understaffed
Marginally trained
Underfunded
Not on PM’s critical path
Patch & Pray
NTK/NTA
PRESENT
Defined career paths
Compliance-based (IA controls)
Bolt it on
Understaffed
Somewhat trained
LOTS of $’s -- (CNCI)
On PM’s critical path
Patch & Pray
NTK/NTA/NTS
Objective assessment
• It’s cool to be a cyber person!
• Cyber is in every sentence – getting the word out!
• Cyber is the 5th dimension of warfare
• Cyber is getting funding
What’s worked?
• Throwing $’s at the problems
• Status quo
• Senior management attention
• Compliance mentality
• Cyber recruiting
Definition of Insanity: doing the same thing over and over and expecting a different outcome!
What hasn’t worked
Senior Management Attention
“Exciting Cyber Careers” Would this attract you?
2011 GTRI Overview - 9
• Thinking too small
• One size does not fit all
• Jack of all trades, master of none
• Need to Know, Need to Access, Need to Share
SHARE TO WIN!
So What’s the Problem?
• Service-Specific Cyber Workforce
• Social Engineering Research & Development (SERD)
• CAP-Model
• Innocentive Model
Thinking too small
Stereotypical Cyber Warrior?
2011 GTRI Overview - 12
“I can run CENTCOM from here and still
participate in simultaneous Tetris
tournaments.”
Penelope Garcia from "Criminal Minds" the Behavioral Analysis Unit at Quantico:
Sunshine,
One size doesn’t fit all
Discrete Math & Algorithms
Programming
Computer Hardware Architecture
Risk Management
Operating Systems
Compiler Design
OCO DFT CAT CND
Jack of All Trades - Master of None
OCO DFT CAT CND
Offensive Cyber Operations (OCO): - PYSOPS/HUMINT/SOINT - Operations, weapons platforms - SCADA, Electrical Engineering - Title 10/50/18
Computer Network Defense (CND): - Scanning, patching, Prin of Lease Priv - Audit Logs - IDS, IPS, FW, back up & recovery - Cyber exercises - Title 10
Crisis Action Team (CAT): - Incident Response & Disaster Recovery - Hot site/Alternative - Certification & Accreditation - Risk Management
Digital Forensics Team (DFT): - Rules/Preservation of Evidence - Incident Response - Consequence Management - Title 18
• Fight like they fight
• SERD
• 1 + 1 = 3
• Share (collaborate & graduate)
• This is a “linked-in” generation – EXPLOIT IT!
• NTK, NTA, NTS
SERD the NERDS
SHARE TO WIN
• Gaming Industry
• Banks
• Military Medical /Legal Community
Benchmark Best Practices
Please contact us at anytime
www.gtri.gatech.edu
Jeff Moulton Director of Information Operations & Program Development Georgia Tech Research Institute [email protected]
Cyber Warriors
Need to Share Whose got your data?
2011 GTRI Overview - 19
Accountability is a MUST
Test & Evaluation’s Role
• Give Feedback to the Functional Managers • Work with the Program Managers • Migrate to a Risk-based Approach • Eliminate Duplication