The rise in offensive cybersecurity, primarily fueled by nation state and cybercriminal investments, has had a domino effect on the security industry. The course of events unfolding of the past few years, are faithfully following a path I charted out some time ago (circa 2012) and the consequences will result in more serious cyber risks for everyone.
The original predictions can be found here: https://www.linkedin.com/pulse/how-offensive-cyber-security-changing-industry-matthew-rosenquist I was recently asked to revisit my forecast and see if activities over the past year have supported the predictions.
So let us take a look at the 6 cascading steps which I originally outlined and see if events in the world today reflect these predictions.
The Domino Effect
1. Offensive is Reputable – Over the past few years, we are witnessing many nation states spending huge sums to build up a cyber offensive capability. At last count, 29 countries have formal cyber warfare units and 63 countries use cyber tools for surveillance.
2. Unlocking the Money – Vast sums of money are now in play. Bug bounties, rewards for vulnerability researchers, have reached a million dollars or more. Companies are setting up their own public reward systems. The U.S. government alone, submitted a budget of $19 billion for 2017 cybersecurity. Cyber criminals are also raking in the money, some estimates reach upwards of $1 trillion.
3. Jobs are Created – There is a tremendous shortage of cyber security and offensive warfare talent. Estimates range from 1 to 2 million available openings as cyber roles have 12 times the growth of the overall job market. The U.S. government agencies are creating hiring allowances to try and lure more candidates in. The private sector is in no better shape, with 70% of organizations stating they are understaffed for defense. The shortage of qualified personnel is a persistent problem which is driving up salaries and fueling headhunting to a new level.
4. Talent Pool Grows – In response to the shortage of trained workers, the education system has pushed forward with aggressive programs at high school, junior college, and major universities across the globe. Certification programs are also in high demand. Although diversity remains an issue, with a lack of women and underrepresented minorities, the future is bright for the many students in the academic pipeline.
Where are we today?
Chronologically, we are in the 4th phase and edging into the 5th of the predicted chain. A talent pool is growing and the industry is entering a phase where more serious threats emerge, which is the 5th prediction followed by the 6th and final prediction of greater overall risks for the industry.
If you are interested in the details of those predictions, I urge you to read my full post, which can be found on LindkedIn: https://www.linkedin.com/pulse/how-offensive-cyber-security-changing-industry-matthew-rosenquist and the original post (2013) on the Intel IT Peer Network: https://itpeernetwork.intel.com/how-offensive-cyber-security-is-changing-the-industry/
…I would post the full How Offensive Cyber Security is Changing the Industry blog on Steemit, but I think @cheetah would not like that. A note to @cheetah, the image in this post is mine, I created it, but can be found in many places on the Internet including the links I provided. So expect to find it.