Public Safety by Mediaplanet_USA

PUBLIC SAFETY MARCH 2020 | FUTUREOFBUSINESSANDTECH.COM

Could the hobby that changed model Karlie Klossâ&#x20AC;&#x2122; life be for you?

An Independent Supplement by Mediaplanet to USA Today

Learn about the latest threats facing your company at the Cyber Security Summit, rated a Top 50 InfoSec Conference to attend worldwide www.cybersummitusa.com

Detecting and Mitigating Risks to Public Safety Rolf von Roessing CISA, CISM, CGEIT, Vice Chair, ISACA; Partner and CEO, Forfa Consulting AG

There’s only so much we can rely on others for when it comes to security. In the end, individuals control the overall safety of an organization. Today, digitalization presents a major change to our day-to-day life, both at work and at home. But what about the risk? Media, educators, and government channels frequently report new threats that may put our money or even our lives at risk. We need to manage these risks ourselves, as we own the devices and systems that could be attacked.

No passing the buck In business, we often think IT workers will do security for us. Yes, they will do what they can, but it is up to individual users in the company to detect cyber risks and threats, or at least report suspicious cases to IT for further handling. As a result, we need to be more proactive and do some hardening to our daily IT, just as we do with private homes or corporate premises. First, let’s look at what we usually use that introduces risk. Around most people, there are a bunch of smart devices that — when taken out of the box —

have a lot of unwanted apps and data on them. In a corporate setting, IT should always replace the factory state with a tailored installation image. In settings where people bring their own devices, it makes sense to provide the right tools as an intranet download or self service. In this way, risk can be reduced quickly and to a fairly low level. Who do you trust? In our private lives, we may not have these handy IT folks around. Users should look to trustworthy institutions and their websites to find simple (or complex) guides to dealing with personal devices. These are freely available for most device types, such as laptops and smartphones. By following the instructions, risk can be reduced

quickly and radically. Most tools will tell you what the red flags are and automatically fix the weaknesses in a matter of seconds. Increasingly, individuals and organizations alike understand risks are very real and often need mitigation. ISACA’s State of Enterprise Risk Management 2020 survey shows the majority of organizations say their overall risk has increased in the past 12 months, with cyber risk presenting the most critical risk category. While organizations must continue to mature their risk management practices, the user is key — after all, the more helpers who are available to provide quick and effective risk reduction, the better. Detecting and dealing with risk in a fully digital world is a matter of listening and learning as much as it is about technology. n

Publisher Alexandra Scelzo Business Developer Abraham Freedberg Managing Director Luciana Olson Lead Designer Tiffany Pryor Designer Keziah Makoundou Lead Editor Mina Fanous Copy Editor Dustin Brennan Director of Sales Stephanie King Director of Product Faye Godfrey Cover Photo Getty Images All photos are credited to Getty Images unless otherwise specified. This section was created by Mediaplanet and did not involve USA Today. FOLLOW US: @MEDIAPLANETUSA

INQUIRIES: US.EDITORIAL@MEDIAPLANET.COM AND US.ADVERTISE@MEDIAPLANET.COM

PLEASE RECYCLE

Minimize your cyber risks. our cyber skills training. Optimize your echnical skills with Build your real-world technical xams and more at online courses, labs, exams 2020 www.isaca.org/cyber2020

2 • FUTUREOFBUSINESSANDTECH.COM

elinda Gates was one of the first women to make a splash in the tech world, leading development on some of Microsoft’s early flagship programs. Now she aims to inspire other young women to follow in her footsteps. Which educator had the greatest influence on your career aspirations and trajectory? Her name is Susan Bauer. Just before my senior year of high school, Mrs. Bauer, who was my math teacher, saw a demonstration of an Apple II+ computer at a conference and convinced our principal to buy some for our school. This was a big deal, because most families didn’t have computers at home yet. Mrs. Bauer had a feeling that

technology was going to play an outsized role in shaping the future and she wanted to equip her students to be a part of that. Early exposure to computers changed everything for me. I ended up studying computer science in college and spending nine years working at Microsoft. And I don’t know if any of that would have happened if it weren’t for Mrs. Bauer. She was the first advocate for women in tech I ever knew. What would you tell today’s educators to help them ignite a passion for STEM subjects in the next generation of female innovators? The best educators understand that many, many girls are interested in STEM subjects — and many, many girls are really good

PHOTO: BILL AND MELINDA GATES FOUNDATION ARCHIVE

Microsoft’s Melinda Gates Wants to Inspire the Next Generation of Women in Tech

at STEM subjects — but they get interested in them at different times and for different reasons. For example, because girls don’t always get the same early exposure to STEM that boys do, their interest tends to develop later. And while boys often get into tech through video games, girls are more likely to develop an interest in the subject when they see it as a way to solve realworld problems. So educators can help by introducing STEM to girls early, bringing these subjects to life, and by telling the girls in their classes, “Hey, I think you’d be good at this.” In the late 1980s, the tech industry was actually seeing increased gender diversity, with women comprising about 37 percent of computer science

degrees. Now that number has dropped to around 19 percent. What happened? A lot of things. For decades, companies used aptitude tests in their hiring that selected for a certain kind of mathematically minded male. They also marketed their computers to those same boys and men. Meanwhile, the media hammered home these male-centric stereotypes in movies, television, and video games, amplifying the myth of the male tech whiz. And that stereotype guided who companies recruited, hired, and built cultures around. But here’s the thing: I don’t think the next Bill Gates is going to look anything like the last one, and if we want to make sure we recognize her when we see her, it will require challenging some of society’s assumptions about what a successful technologist looks like. What is the benefıt of gender parity in male-dominated industries, like tech, for that male-dominated majority? Why should they care? I think most people — men and women — want to be a part of making the world a better, more equal place. Just understanding that gender equality is a prerequisite for a better future makes them want to be a part of the

solution. ■

MEDIAPLANET • 3

Why a Career in Public Safety Is So Rewarding There are many reasons people choose a particular career path, be it for the job security, a high salary, the challenge, or the opportunity to make the world a better place. National security and safety is one of the few fields that brings all of these aspects to the table.

hat is it about a career path that most attracts people to it? Is it job security? Or the opportunity to earn a high salary? A field that is constantly changing and provides daily challenges to keep you on your toes? Or is it one where the individual can do meaningful work that makes a difference in the world? There are few professions that can claim to meet all of these criteria, but one of them is most certainly security. 4 • FUTUREOFBUSINESSANDTECH.COM

According to the Identity Theft Resource Center’s Endof-Year Data Breach Report, there was a 17 percent increase in breaches from 2018 to 2019. As such, the unemployment rate in the industry is essentially 0 percent and organizations are doing everything in their power to not only recruit new entrants to the field, but also to offer their own staff members benefits like training in order to keep them for as long as possible. A chart-topping career The great need for these profes-

sionals and the opportunities that exist for those who are interested in the field even led to the role of “cyber security specialist” being included by LinkedIn in its 2019 list of the top 10 “Emerging Jobs,” alongside tech-forward positions in artificial intelligence, robotics, and data science. Constantly-changing threat vectors and evolving toolsets to fight them mean that no two days are the same for most security analysts. It’s also a high-profile function within most organizations that

receives C-level attention, so it provides opportunities for executive reporting, strategic planning, and other operations collaboration that other IT positions may not be afforded. Finally, and perhaps most importantly, there are few aspects of our lives not affected by the potential for crime, and being part of the solution that makes online transactions or critical infrastructure safer is a noble and rewarding reason for pursuing a career in security. ■ Wesley Simpson, COO, (ISC)2

JOIN US AT THESE CONFERENCES THE TECHNO SECURITY & DIGITAL FORENSICS CONFERENCE

AI & BIG DATA EXPOS London, UK | March 17-18

Myrtle Beach, SC | May 31-June 3

Amsterdam, NL | July 1-2 Silicon Valley, CA | November 4-5 ISC WEST

2020 CYBER SUMMIT USA EVENTS Tampa, FL | March 20

LAS VEGAS, NV | March 17-20

Denver, CO | April 2

TECHEXPO EVENTS

Philadelphia, PA | April 30

Columbia, MD | March 18

Nashville, TN | May 7

Tysons Corner, VA | March 19

Dallas, TX | May 15

Tysons Corner, VA | March 24

Seattle, WA | June 19

Linthicum Heights, MD | April 22

Silicon Valley, CA | June 24

Herndon, VA | April 23

Toronto, Canada | July 14 DC Metro | July 23

IOT WORLD SECURITY CONFERENCE AND EXPO

Charlotte, NC | August 13

San Jose, CA | April 6-9

Houston, TX | October 1

Chicago, IL | September 1 Scottsdale, AZ | October 15

2020 NORTH AMERICA CACS CONFERENCE Baltimore, MD | May 12-14

Columbus, OH | October 30 Boston, MA | November 5 New York, NY | November 20

WICYS 2020 CONFERENCE

Los Angeles, CA | December 3

Aurora, CO | TBA

CYBER SECURITY SUMMIT TTp 50 InfTSec CTnference WTrldwide 2020 CYBER SUMMIT SERIES

DHS

DOJ

FBI

SECRET SERVICE

MEDIAPLANET â&#x20AC;¢ 5

Making a Real Impact on Public Safety With talent shortages in many security industries, employers must empower women. Tech giant Cisco is doing its part to make a difference. While women make up half of the total U.S. workforce and a quarter of computing-related jobs, they account for just 11 percent of the information security workforce, according to ISC(2)’s Women 2017 Global Information Security Study “Women in Cybersecurity.” “At Cisco, we believe that encouraging more women to pursue cybersecurity careers will generate new and creative solutions for the field’s toughest challenges,” said Michelle Witherspoon, director and chief of staff of the Security and Trust Office at Cisco. The Cisco Women in Cybersecurity Community fosters and develops a pipeline of women in cybersecurity that grows the community and impact of women in cybersecurity professions. The community focuses on awareness, education, and mentorship. Cisco accomplishes this through four strategic pillars: • Education: providing opportunities and resources to ensure community members are expanding their knowledge and skills in cybersecurity • Outreach: developing a pipeline of women in cybersecurity at the K-12 and collegiate levels, and expanding our community industry-wide • Leadership: preparing members for career advancement and leadership roles through mentorship and professional development training to increase their sphere of influence in the industry • Community: providing opportunities for members to gather regularly to share knowledge, network, recognize success, and lift up women This piece has been paid for by Cisco Systems. Cisco Systems 6 • FUTUREOFBUSINESSANDTECH.COM

Finding Mentors for Women in Public Safety Six years ago, I worked in customer support for a software company specializing in international education. On that team, there was a 50-50 gender split.

s I’ve moved into more technical roles, I’ve noticed the gender balance has shifted to be more male dominant. In my current role as a security compliance analyst, 80 percent of the department is male. Where are all of the women with whom I started my career? It would be disingenuous if I were to say I haven’t felt the absence of women in this heavily male-dominated field. This gender imbalance impacts the diversity and productivity of teams, as well as a company’s ability to retain women. Existing employees and companies need to change their recruiting strategies if they hope to recruit more diverse and underutilized talent.

proven personnel already working in the industry, we’re not solving the gender and diversity imbalance. We need to reevaluate our job descriptions to ensure they accurately reflect our company needs and do not discourage potential applicants. How many extraneous barriers are on the wish list of requirements for your entry-level positions? Will the salary you’re offering for a position match the years of experience and certifications you’re demanding? How much on-the-job training are you willing to do? Are you reaching out to women to apply for these positions? Are you leveraging the networks of existing employees to reach more diverse candidates?

Talent shortage The industry is currently facing a workforce shortage. Studies indicate we need to grow the workforce by 145 percent in order to meet demand for open positions. This means companies cannot continue to focus the entirety of their recruitment efforts on attracting known good personnel from other companies. This doesn’t solve the shortage, it just shifts an open job requisition from one company to another while potentially increasing the expense of hiring for that position. If we are only hiring

Making a difference From attending professional networking opportunities, to volunteering to speak in classrooms of diverse students in security and computer science programs nearing graduation, to mentoring women, I feel the best way I can aid the industry in overcoming this gender imbalance is to leverage my time and connections to empower others and share my story. I was promoted from within my company and had no prior experience in the field. My previous performance with the com-

pany, personal drive, and willingness to learn were all factors in landing my current role. Within a year of being hired, I earned two industry certifications and became a member of multiple professional communities promoting women in this field. While I cannot single-handedly solve this problem, each conversation with a student considering this field, or coworker exploring options outside of their existing role increases our pool of potential applicants. There is no one-size-fitsall solution for the recruiting issues in the security sector. However, if companies do not modify their existing strategies, we will continue to exacerbate the gender imbalance and lack of diversity we’re already seeing in this field. As we cannot afford to sit on the sidelines and wait for this problem to resolve itself, or for the perfect solution to appear, I propose we start making changes now. If you’re reading this, I challenge you to have a conversation with a woman considering a career in security and safety. One conversation may not change the whole world but it may change a career field. n Anna Lainfiesta, Security Compliance Analyst, Zendesk; Member, Women in Cybersecurity (WiCyS) MEDIAPLANET

just aren’t enough girls in code and tech.”

What Model Karlie Kloss Is Doing to Help More Girls Find Their Way in STEM One coding course changed Karlie Kloss’s life and encouraged her to start a program empowering young girls to pursue careers in STEM.

hen you think about K a r l i e Kloss, you probably think about her career as a model or her time on “Project Runway.” What you probably don’t think about is her passion for coding. She wants to change that. The model and influencer is using her public platform to inspire girls and young women to pursue careers in tech through a two-week summer program called Kode with Klossy, where girls ages 13-18 learn to develop their own apps from scratch. The serious lack of women in STEM (science, technology,

8 • FUTUREOFBUSINESSANDTECH.COM

engineering, and math) fields has been widely reported, and the notion that girls are just less inclined to pursue these subjects has proven difficult to dislodge. As a self-described math and science nerd, Kloss is doing her part to change the conversation. Finding a passion In an op-ed for Teen Vogue, Kloss described how her decision to take a coding course “on a whim” is what started it all, inspiring her to start this program for girls like her, who maybe feel like they’re not welcome in STEM fields. “I quickly came to understand that code is a superpower

every young woman should be able to access,” Kloss wrote. “Understanding that code is the underlying (and invisible) framework of tech means that we do not have to be passive bystanders in our ever-changing digital world.” In a world increasingly dominated by social media apps and online communities, it’s important for women to have a voice in how those communities are constructed. “Being able to write lines of code means that we, too, can architect and contribute to the innovation and evolution of technology,” she wrote. “I also walked away from that first class with another lesson: There

Authoring code Kloss isn’t the only woman whose life changed by learning to code. In a personal essay in Glamour, writer Meg Adams says she’d never thought of coding as a viable career path for a creatively minded woman like herself, but she knew first-hand the roadblocks facing professional women and marginalized communities. What she had never realized, she wrote, is “that it is one of the few highly prestigious and well-paid careers that you can teach yourself entirely online, and with nearly no financial resources.” You don’t need to be a math or science whiz and you don’t need a college degree. You just need to put in the work. “We need more women in tech (and, let’s face it, everywhere),” she wrote. “Empowered women thrive when surrounded by other empowered women.” Leveling the playing fıeld Even within the coding world, there’s a growing trend of putting women in lower-paying, front-end coding positions with men in the higher-paying, back-end spots, according to an article in The Guardian. The only way to combat this trend is to encourage women to pursue careers in tech, and specifically in coding and developing. Which brings the conversation back to Kloss and her Kode with Klossy program. On the official website, Kloss states, “I realized that, just like art and fashion, code is about creativity, and that women who have these skills have the power to shape our future and often have. Now, more than ever, women need to have a seat at the table in shaping the technologies that are shaping our world.” ■ Lynne Daggett

Helping Students Find Their Way in Public Safety To combat the major labor shortage in the cybersecurity industry, educators and employers must find ways to attract more women and minority candidates into the field, and develop them into successful professionals.

Lesley Carhart Principal Threat Analyst, Dragos, Inc.

Bryson Payne Director for Cyber Operations Education, University of North Georgia How can mentorship help professionals advance their careers? Lesley Carhart: The difference between a good manager and a bad manager is often how much they invest in the growth and well-being of their employees. Most of us can all point to that one supervisor or director who took a little extra time to put us in the right role or steer us in the right direction when we were off course. After all, it often takes an outside view to see where we could make a smart career move. Bryson Payne: Mentorships and internships help students get started on building a strong network of industry professionals who can play a pivotal role in their future success. Because most

universities and training programs don’t provide formal, individual mentoring opportunities, internships are an excellent way for students to meet industry professionals who can become mentors to them. Mentors can provide guidance to help students find their professional niche, offer advice in navigating the job search, and be a source of support once they begin working in the industry. Internships make it easier for students to connect with professionals in their field, and we’re seeing a steady increase in the number of both private industry and government internships. I recommend internships to every student, and mentorships to those who are willing to put in the extra time to build a lasting relationship with someone in their field. Currently, women only represent 20 percent of the cybersecurity workforce. What advice would you give to women entering such a male-dominated industry? LC: I’ve seen a lot of different studies with widely varying figures for how many women work in the industry. I fear that some of the very important niches that employ a higher population of women are not seen as “technical enough” and therefore are not included

in some figures (auditing, risk and compliance, secure development, etc). That’s an immediate problem to tackle because it reflects negatively on our industry and people who fill those critical roles. That said, empirical evidence would certainly suggest there’s still a substantial disparity in genders. Being an outsider or exception in any industry can be tough — it is human nature to be more familiar and trusting of people who are “like us.” In any such situation, there is a decision to make as an outsider of how much you will bend to fit in, versus breaking and compromising your ethics or your individuality. How can university programs focus on gaining and retaining female students to enter and thrive in technology? BP: It’s important to start building interest in the field early by providing positive experiences for young women before college. At UNG, we run summer camps for high school students and over the past five years, we’ve served more than 220 students, with slightly more than 50 percent female participation. UNG also is fortunate to have a faculty team that is more diverse than many of our peer institutions, with an instructional team that is 40 percent female and 70 percent ethnically diverse. n

How Technology Is Improving Agriculture Around the World Technology is now at the heart of agriculture, informing decisions and improving practices that directly impact our food supply. We spoke with Julie Bushell, president of Paige Wireless, about how technology and the internet of things (IoT) are changing the way farmers do their jobs, As the adoption of IoT solutions for agriculture is constantly growing, what steps can farmers take to ensure these new devices and data are secure? To ensure device security, farmers should research protocol for the connectivity and devices they’re using. A good solution provider follows standards of protocol for device design, provisioning, and deployment. This enables transparency and allows farmers to choose the solution that best fits their security requirements. Most importantly, farmers should consider their contract regarding data privacy, and be aware of the possible selling and/or sharing of data they own. It’s a matter of national security and maintaining a secure food supply. What do you believe is the biggest benefit IoT can have on the agriculture industry? Informed decisions and increased control. Agriculture is often dictated by uncontrollable factors, like weather and commodity prices. These technologies enable farmers to optimize what they can control and enact informed change. Farmers can make real-time decisions that could mean the difference between abundant yield or lost crop, effectively identifying sick livestock, and increasing sustainable practices. These technologies place important data directly in the hands of farmers, allowing them to control outcomes as much as mother nature allows. MEDIAPLANET • 9

Why Security and Public Safety Education Need to Be Top Priorities Employers everywhere are trying to increase physical and digital security for their employees, but which technologies and trainings are the most valuable? Across the globe, organizations are anticipated to spend more than $112 billion on security solutions in 2020 to protect their facilities and people from emerging threats. No one wants to become a victim of security attacks and theft, but protection aided by software, systems, devices, and services alone won’t solve all of an organization’s security concerns. With bad actors getting more savvy every day, it’s imperative to proactively educate yourself and your employees on the latest industry trends and best practices throughout the year. In 2020, many organizations will need to focus on workforce talent development to be sure they have expertise in place across the full spectrum of risks. Host internal security trainings Companies spend millions protecting themselves from outside threats, however, a recent report found internal threats are often a top culprit, with 69 percent of organizations reporting they were breached due to an insider. To avoid this and put preventative measures in place, consider hosting security training sessions for all employees, not just technical staff. Understand what tech is available Physical, IT, and IoT security technologies are always advancing and changing, and there are countless products that your organization can invest in to further protect itself. The first step to investing in these technologies is understanding what’s available and what issue each product is looking to solve or avoid, and then evaluating where your organization needs protection the most. Will Wise, Group VP, Reed Exhibitions 10 • FUTUREOFBUSINESSANDTECH.COM

How This Industry Is Helping to Solve Society’s Problems By 2021, it is expected there will be 3 million open cybersecurity roles around the world, meaning this industry presents a wonderful opportunity for women and minorities alike. So why should women consider a role in this industry? Here are some benefits to consider: Variety of roles In cybersecurity, there are a variety of roles from which to choose. Depending on your skill sets and desires, you might consider offensive security, a proactive approach to protecting the systems and people in cyber; or the reactive approach to security, such as patching and incident response. There are also options that aren’t as technical but just as important, such as security awareness training, governance, risk and compliance analysis, and even policy creation. Some role titles include ethical hacker, vulnerability management analyst, threat intel analyst, SOC analyst, security auditor, project manager, and more. The NICE Cybersecurity Workforce Framework provides a good overview of some of the different roles. Remote options available As more roles become available, the opportunity to work from home or anywhere you want has grown. A quick search of the site FlexJobs produced 27 pages

of remote security roles. Working remotely is especially beneficial for women and men with families, as it allows them to travel and spend time with their families while still performing meaningful work. Even if you don’t have a growing family, many people report they feel more productive while working from home than in an office setting. Working remotely is not for everyone but it’s something you should try at least once. Competitive salaries In most instances, joining the security workforce can greatly improve your salary. Even if you’re not making a lot right off the bat, with all the opportunities to move around, relocate, and more, your salary potential is high. You will need to learn the art of negotiating for what you want, within reason, but there is no reason you can’t make a six figure salary after a few years in the industry. The more you can showcase the skills you learn on the job, in addition to those you learn in your spare time, the better off your chances are of scoring the salary you want and deserve. Average salaries range from $87,000 in North Carolina to over $120,000 in New York. Remember, these are just an average and can be significantly higher based on role, experience, and location.

Positive culture Like most modern workplaces, security teams are actively redefining their culture to be more welcoming of women and minorities. These changes, if implemented correctly, can make for an environment that promotes learning, growth, and innovation. This is a benefit for you because it presents you with options. From wearing jeans and sneakers to a formal dress code, you have the option to choose what works best for you. Make an impact No matter the role, you have the ability to make an impact on the industry, your company, and your community. Security roles are prevalent in both the private and public sectors, but there are also opportunities to work with nonprofits and the local community to help them stay secure. The skills you learn on the job can be shared with those who may not be aware of cybersecurity and to those coming into the industry behind you. Cybersecurity is a fun, engaging, and challenging industry that has something to offer for almost everyone. One of the great things about this industry is that it forces you to think outside the box and find solutions to problems most folks don’t even realize exist. This is one industry that allows you the flexibility to be mobile, earn great money, and continue to learn new topics and techniques as the landscape changes daily. Come solve problems that impact society and your world. n Mari Galloway, CEO, Sr. Security Architect, Women’s Society of Cyberjutsu MEDIAPLANET

We’re on the edge of something really big here. Welcome to the Secure Access Service Edge—SASE It’s next-level networking. And it’s here. Imagine a network that securely identiﬁes people, devices and things anywhere in the world, while instantly connecting them to clouds, apps and services. Better yet, doing it without directing traffic through the data center, and still maintaining on-prem performance. We’re already leading this transformation. BloxOne®—our cloud-native platform for SASE—unites core network services with next-level security to radically simplify everything as a service. In fact, Forbes magazine wrote Infoblox “has led the way” in creating a “true SASE architecture.” Read new Gartner® SASE report: www.infoblox.com/getyouredgehere

© 2020 Infoblox, Inc. All rights reserved worldwide. Infoblox, the Infoblox logo, and the other Infoblox marks are trademarks or registered trademarks of Infoblox, Inc. All other trademarks are the property of their respective owners.