1,000,000 InfoSec Job Openings in 2016! May 10, 2016Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.
Tags: assurance, Breach, careers, Chris Mark, hack, information, job market, PCI, security
add a comment
A recent article in Forbes Magazine outlines the current and projected information security job market. According to the article the current job market is valued at $75 billion and is expected to grow to $170 Billion by 220. More profoundly, CISCO estimates that there are currently 1 million InfoSec job openings in the US with, according to Peninsula Press, 209,000 currently unfilled! According to Virginia Lehmkuhl-Dakhwe, director of the Jay Pinson STEM Education Center at San Jose State University “The number of jobs in information security is going to grow tenfold in the next 10 years,”
I have been fortunate to have had a great career in information security over the past 15 years. While my experience is unique, I have had opportunity to travel the World and work with some of the largest, and most complex companies around. I have spoken at scores of events and have published dozens of articles and white papers.
Last year I wrote a blog post about how to get into the InfoSec career field. Two things that many people may want to know off the bat. 1) a College Degree is NOT required (although often very helpful) and 2) The pay is VERY good. (basic supply and demand). In my experience most people could probably get into the field with anywhere from 9-18 months of self-study. You can get in quicker if you attend course. For more information, please read my blog post: Getting Info Information Assurance Careers.
Tags: Chris Mark, corporate espionage, cyberespionage, cybersecurity, Dupont, InfoSec, mark consulting group, San Francisco Chronicle, security
add a comment
Many mistakenly believe that only “high tech” secrets and intellectual property are targets for intellectual property theft. In a clear example of how any propriety secret can be considered a target, a scientist (Tse Chao) who worked for Dupont from 1966-2002 (36 years!) pleaded guilty in Federal court on Thursday to committing espionage for a company controlled by the Chinese government. Mr. Chao testified that he provided confidential information to Chines controlled Pangang Group. What did he steal? Among other things, the recipe for Dupont’s Titanium Dioxide. What is TD used in? Titanium Dioxide is the ingredient in many white products that makes the products white. Products such as paint, toothpaste, and Oreo cookie filling! Stealing the ingredients to Oreos shows just how low cyberthieves will go! According to court documents: “DuPont’s chlorine-based process was eagerly sought by China, which used a less efficient and more environmentally harmful production method”
I have worked with a number of large companies who, when asked why they did not protect trade secrets, replied that they did not believe their industry or type of product was of interest. Make no mistake. If your company has a unique process, technology, or product, it IS of interest to many companies. Unfortunately, the US Government has released reports that state that China is sponsoring much of the US and European cyber espionage.
photo from: http://www.titaniumexposed.com
Beating an Old Drum October 27, 2012Posted by Heather Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.
Tags: cybersecurity, data security, Dr. Heather Mark, Heather Mark, InfoSec, mark consulting group, privacy, security
add a comment
It’s the end of what has already been a tough year for data security. And the news just got worse. South Carolina has announced that its Department of Revenue suffered a major breach. The breach is so massive, in fact that more than 75% of the state’s residents have been affected. The compromised data consisted of the (unencrypted) social security numbers of more than 3.6 million residents. Also included in the breach were about 390,000 payment cards. Most of those were encrypted, though.
This is disturbing on a number of levels. I find it curious, for example, that while encryption was deployed, it was only deployed on payment cards (and not even on all of those). Consumers have built in protections on payment cards. As long as those cards are branded by one of the major card brands, consumers are protected against liability for fraudulent transactions. The far more sensitive data, the social security numbers, were not encrypted, though. This defies logic. Consumers have little to no protection against misuse of SSNs. Not only can very real financial damage be done, consumers have to spend enormous resources (time, money, emotions) in untangling the identity theft knot that comes with stolen SSNs.
Secondly, in the wake of the breach, Governor Nikki Haley issued an executive order that read: “I hereby direct all cabinet agencies to immediately designate an information technology officer to cooperate with the State Inspector General who is authorized to make recommendations to improve information security policies and procedures in state agencies.” WHAT? If I’m inferring correctly, it seems that these agencies didn’t have an information technology officer already?? That is very troubling, particularly considering the types of data that state agencies hold. After 3.6 million (out of about 4.7 million) residents have had their sensitive data stolen is not a great time to decide that data security and privacy should become priority.
Private sector organizations have been working for years to shore up their data security, and in some cases (PCI DSS, HIPAA/HITECH, GLBA, SOX, state laws) face real consequences for failure to protect that data. It’s long past time states put forth the same level of protection. On the plus side, the state did comply nicely with its own data breach notification law.
Mobile Privacy October 12, 2012Posted by Heather Mark in InfoSec & Privacy, Laws and Leglslation, privacy.
Tags: Dr. Heather Mark, Heather Mark, Location Privacy Protection Act, mark consulting group, mobile privacy, privacy
add a comment
Smartphones have changed the way we interact with our world. They’ve introduced a new level of convenience, but they’ve also introduced a new potential threat to our privacy. As consumers, we should be informed about the choices that we make on our smartphones and how they might impact us. For example, I upgraded my iPhone to iOS 6 this afternoon. (I know. I’m a little late on that one.) Anyway, when I was done I got two prompts. The first asked if I wanted to enable location services. I said yes, knowing that meant that 1) I could use the “find my phone” app, as well as many other apps that come in handy for a frequent traveler, and; 2) that it meant that Apple would have access to my location data. The next prompt suggested that Apple could improve its products and services if I just allowed my phone to send occasional reports to headquarters. That one I declined. I don’t necessarily want Apple to have access to all of my activities on my smartphone.
Now, I’m not naive enough to believe that my simple selection means that I have safely secured my data and mobile behavior entirely. There are companies that are taking advantage of the fact that privacy laws have not kept pace with technology. We know for example, that there are companies that offer device fingerprinting services for fraud prevention that also happen to sell mobile device behavior analytics to marketers. Consumers don’t have any way of knowing that their behavior is being tracked and they have no way to opt out.
This week, Sen. Franken (D-Minn) and Sen. Blumenthal (D-Conn) introduced a bill designed to protect mobile privacy. The Location Privacy Protection Act of 2011 is meant to protect consumer privacy by informing users of how and with whom their location data is shared. There are four primary requirements of the bill. Distilled to their basics, those requirements are:
1) Gain consumer consent before collecting location data
2) Get consumer consent before sharing that data
3) Assist in understanding and investigating crimes that involve the misuse of location data
4) create criminal penalties for those that abuse location services or use so-called “stalking apps.”
While I applaud the move to ensure that mobile users are protected from entities divulging their location without the knowledge or consent of the consumer, I wonder if the law goes far enough in protecting consumer privacy. What about those device fingerprinting activities? Do you think the proposed bill goes far enough? Too far? What would you like to see in terms of mobile privacy protection?