Recent distributed denial of service (DDoS) attacks that disrupted several leading tech companies suggest dangers we have yet to imagine.
Attacks also discourage consumers from buying IoT devices because they lose confidence in our abilities to keep them safe, a recent poll shows.
I’ve worked in cyber security for more than a decade, the past 10 for Symantec. Cyber security’s role in our world is changing almost as fast as the online world it protects. We need more people and policies to keep up — and to protect people, we need more good people in the field.
Sailing into Tech
When I got out of the Navy, I searched for an opportunity that would allow me to create my legacy. Being a power lifter, I also sought something involving determination and pushing limits as well as making a difference for others.
I found a job as a part-time computer operator, running nightly system backups and print jobs. I read a little bit about coding while on the job and then when the system went down one night, I typed a little code. It came back online!
When I saw how challenging and impactful that was, I began learning more.
Eventually I moved to Atlanta from Dallas and went to work for a global construction management company. I went from operator to engineer and finally to security architect.
At that time security was becoming important to organizations. I earned a CISSP, Certified Information Systems Security Professional credential, and a place on a team protecting the company network from external attacks and making sure our systems’ vulnerabilities were plugged and anti-virus solutions were in place.
That’s how I got to know people at Symantec, one of our third-party vendors. When they came to upgrade and update our system protection, I asked so many questions about ingenuity and innovation, they asked me to join their team.
I joined their sales office in Atlanta as a security engineer responsible for the Southeast United States.
I had a unique sense of solving not only Symantec security-related issues, but also how customers can address issues with other third parties and make solutions work together to reduce risks.
I had never been in sales before and it felt fantastic. I was named rookie of the year.
Since then, I’ve developed more tech skills as well as better soft skills. I was named a distinguished engineer, meaning I was in the top one percent of the company, the fourth person so honored in North America for my life’s work contributing to cyber security. I’ve published white papers, evolved as a thought leader among peers, and advanced cyber security overall.
The IoT involves any sensor or device that consumes information for useful purposes and is connected to the internet.
That’s because developers prefer speed and productivity over security, and everyone is rushing to market to be that startup with the next neat, cool device. Manufacturers’ passwords are weak or non-existent. There are no regulations.
So if you own a smart refrigerator and a smart coffee maker, it’s only a matter of time before someone does a denial of service to your refrigerator to turn off your coffee maker before you wake up. Imagine if that happened in every kitchen nationwide: people would be walking around like zombies without their coffee.
More seriously, a hacker event recently proved the concept that bad guys could compromise an IoT-connected thermostat, jack the temperature up to 99 degrees and hold people hostage to the heat.
And there’s another way bandits can use that thermostat open to wifi: checking if you’re home. It’s called “footprinting” and, for example, they’ll check to see if the air conditioning is off. That could indicate you’re out and your home is a good target for crooks.
There’s also the worry that you could bring to work your smart device that talks to your hacked refrigerator, connect to corporate servers, and suddenly bad guys are searching company infrastructure.
Not-so-fun-fact: The average IoT-connected device is infected within six minutes of going on line.
IoT is just a subset of the challenge of protecting data. Many organizations may not be aware of how information is used and stored and who owns the data. Here are the five security principles to protect data systems and networks on premise or in the cloud or IoT device:
- Governance, risk and compliance.
- Information secure access.
- Information protection.
- Infrastructure management.
- Infrastructure protection.
Ultimately cyber security involves having the right policies, standard procedures and guidelines in place to insure there’s a data protection program.
The risk explodes
Cisco estimates there will be 50 billion connected devices by 2025 so protecting customers and their information has never been more of a priority:
- In 2015, Symantec’s Internet Security Threats Report saw a record-setting total of nine mega-breaches, the reported number of exposed identities jumped to 429 million from 348 million a year earlier, and there were over one million attacks on people each day.
- The cyber security market will grow to $170 billion by 2020 from $75 billion in 2015, reports Forbes.
- From 2000–2015, demand for cyber security professionals increased 3.5 times faster than the demand for other IT jobs and increased more than 12 times faster than the demand for other non-IT jobs. An estimated 500,000 to 1 million jobs remain unfilled in the U.S. This gap is expected to grow to a staggering 1.5 million by 2020.
We must bridge this gap.
At Symantec we are creating opportunities through our employee resource groups (ERGs), developing partnerships to recruit and retain diverse talent and helping fill the workforce gap by offering opportunities to professionals of all backgrounds through our signature Symantec Cyber Career Connection (SC3) program. I was the former Community Lead for the SyBer (Back Employee Resource Group) leadership team helping to coordinate volunteers and nonprofit outreach.
Leading technology executives agreed that to protect our increasingly connected world we need to grow a diverse, qualified workforce. New roles are emerging and we are breaking down conventional stereotypes.
Outside work, my passion is enabling others to achieve their potential — life coaching and mentoring at Mentoring on Sundays from the locker room to the classroom as it pertains to careers.
I work with individuals interested in getting into cyber security as well as other careers. I speak at nonprofit community events and Boys & Girls Clubs about cyber jobs and the skills they need to enter the field. It’s important to me to help people of all backgrounds understand the opportunities that exist and the road they can take to get there.
I like to say, we need enough good guys to protect against the bad guys.
We encourage you to share your thoughts on your favorite social platform.