Wednesday 16 October 2013

Security community faces battle to recruit next generation of white hats

F-Secure chief executive Christian Fredrikson
Businesses face a tough fight to recruit the next generation of skilled cyber professionals, according to F-Secure chief executive officer Christian Fredrikson (pictured left).
He said even high-tech security companies are among those caught up in this battle as they look to meet the needs of firms of all sizes by recruiting and training new engineers.
"You don't need an average software guy, you need the best guys. The threats are growing and getting more sophisticated. Recruiting the best is the only way to build working protection. There's a hard battle for these resources," he said.
He added that recruiting the next generation of security professionals is doubly difficult as security companies need very specific, atypical skill sets that are not usually taught at universities.
"We need to train them on a different level to most software engineers, We've been OK on that so far, but we always have to work extremely hard to get the best talent. That's why we have to keep our company interesting by keeping it a high-tech, skills-driven place that will attract people who want to be able to do cool stuff and fight with the best," he said.
The F-Secure chief highlighted the number of open IT jobs with government security contractors as proof of his claim. "There's a hard competition for talent, just go to the subcontractors for the government and you'll see hundreds of open jobs being advertised," he said.
F-Secure chief research officer Mikko Hypponen also said last month that intelligence agencies are outsourcing cyber operations to third party companies, as a result of the skills gap.
Fredrikson said companies hoping to survive in the evolving security market will also have to radically rethink their strategies to deal with key trends, such as the consumerisation of IT.
"The consumerisation of IT, with things like BYOD [bring your own device], means we need to serve the consumers and the corporates. It's become unstoppable already, IT managers are suffering no matter what they do – people will just bring the device they want to use. That's the force of the mobile industry, people just want to have the devices they choose with them wherever they go," he said.
He added that security firms will also have to work hard to prove they can secure their customers' data if they hope to expand in a post-PRISM world.
"It's not just the big brother governments, but also the little sister, the companies and criminals. Democracy is something we fought to get and we shouldn't give it away so easily. We will follow the rules when it comes to court orders but that's it," he said.
The PRISM scandal broke earlier this year when whistleblower Edward Snowden leaked documents proving that the US National Security Agency (NSA) is gathering vast amounts of data from technology firms, such as Google and Microsoft. The news led to a backlash against high-tech companies as well as the NSA. Many analysts estimate that the PRISM scandal will cost the US cloud industry billions of dollars.
Fredrikson said the lack of trust from consumers and businesses in US cloud services offers a golden expansion opportunity for European businesses. "You can't protect the PC from the end point only anymore. The amount of attacks targeting them makes it impossible to update them regularly. You need the cloud," he said.
"Given recent news, we wanted to create something better, something that's private and secure. We believe there is a need and demand for this in the cloud. This works as well for consumers as for enterprise."
He said F-Secure has already begun moving to take advantage of this new opportunity, unveiling new Cloud Security anywhere and Younited services. Security in the Cloud is set to be released at the end of the year as a standalone or bundled product.
"The product is device and browser independent. Say you are a business user travelling for work and you connect to a wireless LAN. Its extremely easy for an attacker to create a bogus wireless LAN so that when you click on it and go to Facebook or your email they can see all your credentials. They can just go in and see what you've been buying, then visit the website, click 'forgot password' get it sent to the email address. This will block this," explained Fredrikson.
Younited is a secure cloud backup service designed to let users back up documents, photos and videos. It lets users pull files stored on numerous services, including Apple iTunes, Facebook, Google Drive, Microsoft SkyDrive and Dropbox to Younited.
Younited will be rolled out as a consumer product at the end of October, though an F-Secure spokesperson confirmed to V3 that the company plans to release a business-focused version by the end of the year. It will integrate several of F-Secure's business security products into the cloud service.
F-Secure marketed the two new products' consumer-like user interfaces as key selling points for SMEs. "They need very simple solutions so they can adapt. The SMEs have this need for simple security," explained Fredrikson.
"We've had feedback that they want a user interface that is simple and intuitive, as they don't have a lot of skilled security people but still need security to protect their data. We wanted to make it so easy for them to have simple management solution for them. But also we wanted to make it scalable so if they grow they're still protected."
Fredrikson's comments follow widespread warnings within the security community that Europe is on the verge of a massive cyber skills gap. Plugging the gap has been a central goal of numerous governments and political entities.
Within the UK the government has created numerous new higher education centres, apprenticeship schemes and open challenges to help it find and train the next generation of cyber security professionals. Most recently the GCHQ launched a new code tracking Can You Find It challenge. The challenge will offer winners the opportunity to apply for security roles within numerous government agencies.

No comments:

Post a Comment