FF Focus

The shortage of cybersecurity professionals is nothing new. The unemployment rate in cybersecurity has been at 0% since 2011 – a fact unmatched by any other industry.  According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by the end of the year, up from 1 million positions in 2014.

This issue has only been exacerbated by the pandemic. Businesses globally were forced to adopt a remote working model where employees were often working from personal PCs, laptops and phones with limited antivirus software. 

According to IBM, remote working increased the average cost of a data breach by $137,000. Despite these heightened security threats, many businesses are still cutting their cybersecurity budgets as we move through 2021. 

Even with the ever-growing threat of smarter and more advanced security breaches, the security industry is under-resourced to fight hackers. 

What can be done to address this issue? 

Upskill more people

Sounds simple, but giving people the skills needed to fill these roles is the single more effective way to close this talent gap. It’s clear that there isn’t enough talent to fill the roles needed, so businesses, organizations and educational programs need to take responsibility in training people in the skills needed. 

Organizations already have the wheels in motion for this. Massachusetts-based MassCyberCenter is partnering with businesses, academia and the public sector to train new cybersecurity workers to fill the more than 9,000 vacant cybersecurity jobs.

The NYC Economic Development Corporation has launched Cyber NYC, which aims to grow the city’s cybersecurity talent pool through training and education programs. 

The Cyber Innovation Center in BossierCity, Louisiana, plans to broaden its cyber skills preparation to 10 million students and 50,000 teachers in K-12 across the US – building a pipeline of young cybersecurity talent. 

Build a youth movement

Encouraging and nurturing young people to become future cybersecurity experts will ultimately solve the cyber skills shortage of the future. Instilling enthusiasm and excitement around cybersecurity and STEM from an early age will organically grow a new generation of talent. 

Various organizations are doing this already. Girls Scouts of the USA have joined forces with Palo Alto Networks to deliver the first-ever Girl Scout Cybersecurity badges for girls in K-12. 

The National Security Agency has been educating young people in cybersecurity through their GenCyber program since 2014. The NSA’s summer camp, Camp Cryptobot, runs annual cybersecurity camps to build the next generation of cybersecurity workers. 

Focusing on the impact that a cybersecurity professional can have on people, businesses and even nations can encourage young people to become invested in the industry. Framing cybersecurity as a career that helps people, does good and is morally right is something that young people in today’s world are keen to make time for.  

Diversity and Inclusion

Diversity and inclusion are particularly important in the fight against skills shortages. Untapped talent pools exist that often go unnoticed in the recruitment process.

How can the cybersecurity industry tap into neurodiverse talent pools, for example? Autism affects more than one in 100 people which means a huge amount of talent. However, only 16% of autistic adults are in full-time employment, and out of the ones that aren’t, 77% would like to be according to the national autistic society’s research.

The lack of awareness around neurodiversity often acts as a barrier of entry for neurodiverse professionals looking to enter the cybersecurity space. Educating decision-makers in unconscious bias is one way to create a more inclusive hiring process that can open doors for unnoticed talent. 

----

As recruiters in the cybersecurity space, we know too well the need for talented candidates in this space. Do you have a cybersecurity role that you’re struggling to fill? We have a pool of talent that could be the perfect fit for your role, so don’t be afraid to get in touch.  

written by Evangeline Hunt

October marks European Cyber Security Month (ECSM) – an annual EU campaign that promotes cybersecurity and provides accurate online security information by sharing good practices. Every year in October, hundreds of activities take place across Europe, such as conferences, workshops, training and webinars, to promote digital security.

Organisers of ECSM provide the knowledge and tools to promote the safer use of the internet for all EU citizens. Since 2012, the ECSM has reached its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.

ECSM 2020 launches with the motto of ‘Think Before U Click’. The month is split into two themes – the first two weeks focus on ‘cyber scams’ and the second on ‘digital skills’.

Kicking off the month with ‘cyber scams’, this theme provided insights on current and potential cyber threats to help businesses and individuals minimise risk. COVID-19 has led to an increase in e-commerce and online payments, which hackers have used to their advantage. The key message of this theme encourages users to have a heightened awareness of cyber scams when conducting online transactions.

The second theme, ‘digital skills’, presents educational activities that inform on internet security. COVID-19 has increased the digitalisation of everyday life, which requires people to be on top of digital trends to remain safe online. The theme covers e-privacy matters such as data protection, cyber bullying and cyber stalking.

For a full list of activities occurring in your region, please check the timetable here. 

written by Evangeline Hunt

Looking for a career in cybersecurity? Well you’re in demand - provided you get in there before the robots do.

Oliver Tattersall, head of the German cyber and information security team at Franklin Fitch, believes that the majority of small and medium-sized businesses are vastly underprepared for the threat of a cyberattack and are leaving themselves open to billions of pounds/euros of financial damage. Whether it’s a lack of funding or ignorance that it won’t happen to them, the need for skilled cybersecurity specialists has never been greater.

“There is a distinct lack of awareness of cybersecurity in SMEs,” says Oliver, adding that even if the awareness was there, there is the added complication of finding people with the right skills. “It’s a very candidate-short market at the moment, particularly in cybersecurity, and this is making it very hard to find the right people.”

The potential damage from an attack is huge

Failing to implement the right cybersecurity measures can have a devastating impact on a company that falls victim to an attack both financially and in terms of reputational damage. While allocating funds for appropriate security at a time when many companies are cutting spending is not ideal – the average mid-sized company spends tens or even hundreds of thousands on cybersecurity - the outlay is small by comparison to the damage that could be caused.

So, what cybersecurity-related skills are most in demand and how can potential specialists get the job they want and help these companies stave off an attack?

“Candidates need to be  able to communicate, get stakeholders on board, be hungry for knowledge and have good technical skills,” says Oliver.

Companies need to innovate to attract skilled workers

He is currently seeking to fill an array of cybersecurity roles in Germany, particularly in the areas of embedded security, defence analysts, cyber analysts and risk specialists. While he is quietly confident that eventually he will find the right person for each role, he also believes that German companies need to be prepared to be more flexible if they want to attract the best people. “There are many highly-skilled workers outside of Germany that could add great value to these companies,” he says, adding that now is the time to think outside the box when it comes to recruitment in order to attract the best talent. 

In addition, Oliver believes there is an increased tendency nowadays for skills to cross over. It is harder to draw a line between the infrastructure and software sides, meaning that people with a certain skillset might now be able to carry out other jobs too.

How can AI help?

In the future Oliver believes that some of the pressure on the sector may be relieved by Artificial Intelligence (AI). “AI not only removes the human element, which is itself open to risk and manual error, but it can help to identify data and pinpoint where there’s a possible threat,” he says. 

Already some cybersecurity companies are teaching AI systems to detect viruses and malware by using complex algorithms so AI can then run pattern recognition software. AI systems can also be used in situations of multi-factor authentication to provide access to their users. It is worth pointing out however that while AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insight or understanding of a problem.

In reality, the likelihood is that jobs will change and while some of us may indeed end up working alongside an automated colleague, we will still be needed, but for alternative functions.

Anyone interested in a role in the cybersecurity space in Germany should contact Oliver by email at o.tattersall@franklinfitch.com.

by Claire Shoesmith

Multi-context firewalls - what are they and what do they do? 

Just six weeks into the new year and reports of cyber-attacks are rife in the media. According to IT Governance, a provider of cyber risk and privacy management solutions, several major incidents occurred in January, boosting the total number of records breached to 1.5bn.

Just yesterday, ZDNet reported that the personal information of 10.6 million guests who stayed at MGM Resorts hotels was stolen and posted to a hacking forum this week. Already in February, the servers at the United Nations have been compromised and a quarter of the Iranian internet has been disrupted.

In addition, Christine Lagarde, the head of the European Central Bank, has expressed her concerns about the global implications of cyber-attacks, telling an audience in France that a well-organised cyber-attack on major financial institutions could lead to a financial crisis.

So, what should businesses be doing about this? Cyber security is one of our focus areas at Franklin Fitch and as a recruiter, I am frequently asked by service providers and large enterprises to find people with experience in multi-context firewalls. Quite often when I ask candidates if they have used them, the response is: “what is that? “or “I’ve never heard of it”.

For me personally, a lot of my technical knowledge is gained from in-depth conversations with my candidates about how they use a specific piece of hardware and what benefits it brings. So, if you, like me, are wondering what multi-context firewalls are, read on and find out more.

Cisco ASA supports multiple firewall contexts, also called firewall multimode or multi-context mode. Multi-context mode divides a single ASA into multiple virtual devices, also known as security contexts. Each context operates a single device, independently from other security contexts. In routers, this is similar to Virtual Routing and Forwarding (VRF).   

When would you use multiple security contexts? 

• A network that requires more than one ASA

• A service provider that needs to offer a different security context to each customer

• An enterprise that needs to provide distinct security policies for each individual department or users and require a different security context for each one

When wouldn’t you use multiple security contexts? 

• When VPN Services are required such as remote access or site-to-site VPN tunnels

• If dynamic routing protocols are required

• If QoS is needed

• If multicast routing needs to be supported

• If threat detection is required

Context configuration files  

In multi-context mode, there are three types of configuration files:

• The system configuration – a standard single-mode configuration where the network administrator adds and manages the security contexts

• The admin context – no restrictions and can be used as any other security context

• The context configurations/user context – for each individual security context. They contain the security policies and interface configurations specific only to that context 

ASA Packet Classification  

Packets are also classified differently in multi-context firewalls. In multimode configuration, it is possible for interfaces to be shared between contexts, therefore the ASA must distinguish which packets need to be sent to each context. 

The ASA categorises packets based on three criteria:

• Unique interfaces – 1:1 pairing with a physical link or sub-interfaces (VLAN tags)

• Unique MAC addresses – shared interfaces are assigned Unique Virtual Mac addresses per virtual context, in order to alleviate routing issues, which complicates firewall management

• NAT configuration – if the use of unique MAC addresses is disabled, then the ASA uses the mapped addresses in the NAT configuration to classify packets. This isn’t very common

In certain cases, you may need to assign a unique MAC address to a shared interface in order to alleviate routing issues, which complicates the firewall management.  

Active/active failover 

Multi context mode offers active/active fail-over per context. Primarily forwards for an individual context and secondary for another. The security contexts divide logically into failure groups, with a maximum of two failure groups. There will never be two active forwarding paths at the same time.  

Important to consider 

In order to change from single mode to multiple mode or back, the commands must be done from the command line (CLI) and not via the ADSM GUI interface. When changing from single to multimode, the ASA will convert the running configurations into two files, creating a new system configuration file and an admin context file. The original system configuration file is not saved.   

By default, all security contexts have unlimited access to the ASA resources. Depending on the environment, resource management may need to be configured to limit some contexts that may be starving other contexts. This is done by configuring resource classes when assigning to contexts.  

Final thoughts

Multimode offers advantages in certain situations particularly for service providers or an enterprise with multiple departments that require individual security policies. The requirements should be carefully considered before implementing the solution. However, there are also limitations and whilst the number of physical devices you manage may decrease, the complexity of those device configurations may increase.