Linchakin

#ISC2Congress - Diversity: The Key to Cybersecurity’s Future

 October 22, 2021     No comments   

SC_2021_Logo_onWhiteYou could say one of the purposes of the annual (ISC)² Security Congress is to deliver an industry status check. How is the cybersecurity industry doing, what could be better, and what are the biggest challenges it faces?

This year’s Congress, which took place virtually from October 18 - 20, addressed a host of pressing topics in the industry, from combatting ransomware to zero trust implementation to protecting critical infrastructure against foreign adversaries. One of the biggest challenges though is to attract more diversity into the cybersecurity workforce to counter the shortage of personnel in the field. It was a theme that (ISC)² CEO Clar Rosso highlighted right at the start of the event in her welcome address.

Cybersecurity remains a white male-dominated profession. Making it more diverse and inclusive is critical to addressing some of the biggest challenges the industry faces. That includes filling a 2.7 million professionals worldwide shortage and coming up with effective, innovative solutions to combat cyber adversaries that never seem to run out of creativity, energy and motivation.

As Rosso made the case for increased diversity live, (ISC)² published a study on diversity, equity and inclusion (DEI) called "In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity” which highlights the personal experiences of globally diverse cybersecurity professionals and makes recommendations on initiatives that could help organizations be more successful in recruiting and retaining diverse talent.

During a panel on women in cybersecurity on Tuesday morning, participants tackled the reasons why it is so hard for women to enter the field. Intimidation, said Meg West, an IBM X-Force Incident Response member, is one reason. Many women are intimidated by the field, which helps to explain why they remain underrepresented in cybersecurity, she said.

When deciding whether to apply for a job, a woman lacking some of the qualifications will not apply, she said. However, a man lacking the required skills is likely to apply anyway.

During the same panel discussion, Aanchal Gupta, vice president of Azure Security for Microsoft, used her own experience as an illustration of this issue. Gupta said she turned down her first opportunity to work in cybersecurity because she felt unprepared, even though she had led an identity and user management team for eight years. Part of the reason she felt unqualified was the lack of a cybersecurity degree.

Eventually, she realized, no one in cybersecurity knows everything about it. “The cybersecurity space is so broad that you can always think you will know it a mile wide and an inch deep,” she said. Different people have different areas of expertise, she said. Whatever your background, she added, bring it to the table because the field needs diversity and people with different skillsets.

At a different panel on Monday, speakers discussed the challenges faced by women and men from ethnic and minority groups working in cybersecurity. Dwan Jones, an independent diversity consultant working with (ISC)², revealed that participants in focus groups commissioned by (ISC)² said they struggle to feel a sense of belonging, not being heard by leadership, and having their ideas stolen for the advancement of others.

Zero Trust Implementation

The need for different skillsets is undeniable as the industry looks to address challenges brought on by new technologies and practices. One of the most pressing concerns is how to protect critical infrastructure, which was one of the event’s main themes.

There was also a lot of discussion on the concept of Zero Trust security; it was one of the areas former CISA Director Chris Krebs touched on in his opening keynote address. It’s also one of the measures that an Executive Order issued by President Joe Biden in May instructs federal agencies to implement.

On Monday afternoon, Heather Lowrie, lead security architect for National Records of Scotland, talked about implementation of Zero Trust strategies and architectures in hybrid environments. Securing the perimeter may have worked in the past, she noted, but the proliferation of endpoints and evolution of the threat landscape has brought about a paradigm shift in security.

Essentially, Zero Trust boils down to making authentication decisions “as close as possible to the resources,” Lowrie said. A process of authentication and authorization is required each time users and devices attempt to access a resource to ensure they have the right level of privileges.

Lowrie said this requires a new mindset because it fundamentally changes how security architects have developed their models, which traditionally were based on trusting everything inside the perimeter and distrusting outside users.

Zero Trust also came up in a presentation by Daniel Paillet, Cyber Security Lead Architect at Schneider Electric’s Energy Management Business Unit. Paillet’s session focused on how to secure the architecture of the Industrial Internet of Things (IIoT) so that it delivers the safety and reliability paramount to the critical operations it supports.

“I think the Zero Tust model is going to become more and more pertinent,” he said “It’s going to play a bigger and bigger role. I haven’t architected a zero trust network yet but hope to soon.”

Diversity and Innovation

As Lowrie mentioned, Zero Trust requires a new way of thinking. So do many of the challenges faced by cybersecurity professionals. Meeting them all will require perseverance and ingenuity, as noted by another keynote speaker, Adam Steltzner, chief engineer and mission leader of NASA's Mars 2020 mission.

And as Steltzner said in answer to a question from Rosso, diversity and inclusion can help better prepare a team to innovate and meet its challenges. He should know; after all, he and his team have landed three spacecraft on Mars.

Registered attendees of (ISC)² Security Congress 2021 can view all breakout sessions on-demand. CPE credits will be applied automatically on your behalf as you view until December 31, 2021.

Adblock test (Why?)


You may be interested in:
>> Is a Chromebook worth replacing a Windows laptop?
>> Find out in detail the outstanding features of Google Pixel 4a
>> Top 7 best earbuds you should not miss

Related Posts:
>> Recognizing 12 Basic Body Shapes To Choose Better Clothes
>>Ranking the 10 most used smart technology devices
>> Top 5+ Best E-readers: Compact & Convenient Pen
  • Share This:  
  •  Facebook
  •  Twitter
  •  Google+
  •  Stumble
  •  Digg
Email ThisBlogThis!Share to XShare to Facebook

Related Posts:

  • ...San Francisco Foodie TravelsWe ♥ SFHog Island Oyster Co. aka Seafood MeccaIt's been rather quiet lately here on the blog, reason being we took a 10 day vacation to San Franc… Read More
  • ...Minute Rice with Chef John Higgins (GIVEAWAY CONTEST!)We're excited to hold a giveaway contest sponsored by Minute Rice.  Read to the end of this post to find out how you can enter to win!Photo … Read More
  • (Japan Jan 2015) Day 9: Tokyo to Hakodate. Stay at HakodateDay 9 (31/1): Tokyo to Hakodate. Stay at HakodateThis day's itinerary:(Day 8 of our 14 days JR Railpass)0638-0950 Ueno station to Shin-Aomori sta… Read More
  • (Japan Jan 2015) Day 10: Visit Onuma-koen. Hakodate to Noboribetsu. Stay at NoboribetsuDay 10 (1 Feb): Visit Onuma-koen. Hakodate to Noboribetsu. Stay at Noboribetsu.This day's itinerary:(Day 9 of our 14 days JR Railpass)0615-0745 Visit … Read More
  • (Japan Jan 2015) Day 11: Noboribetsu to Tomamu. Visit Tomamu. Stay at TomamuDay 11 (2 Feb): Noboribetsu to Tomamu. Visit Tomamu. Stay at TomamuThis day's itinerary:(Day 10 of our 14 days JR Railpass)0840-0850 Took a cab from o… Read More
Newer Post Older Post Home

0 Comments:

Post a Comment


Copyright © 2025 Linchakin | Powered by Blogger
Design by Hardeep Asrani | Blogger Theme by NewBloggerThemes.com | Distributed By Gooyaabi Templates