The Cybersecurity and Privacy Institute (CPI) hosted the All Hands On Deck for a Security Incident workshop at True North 2019 and announced their new industry collaboration with CyberCity, a 蓝莓视频 Region cybersecurity industry organization.
Lewis Humphreys, managing director of CPI, led the session. 鈥淲e are very pleased to be working with local industry to address the talent gap problem in security and helped to found CyberCity to organize the local ecosystem,鈥 said Humphreys. 鈥淲e have 45 security companies in our region and want to be recognized as the national hub for cybersecurity business, much of it emerging from University research and spinoffs. It鈥檚 an important economic driver for the region and we want to help our 蓝莓视频 graduates find good jobs close to home.鈥
Tech company leadership and product management teams had the opportunity to learn from Deloitte Senior Partner and author of an influential report about the talent gap in the Canadian cybersecurity industry, Steve Rampado. Michele Mosca of the University spoke about the importance of 蓝莓视频 in educating the students who will eventually have cybersecurity careers and gave an overview of the University鈥檚 cybersecurity research areas. Members of CyberCity then demonstrated what a cybersecurity breach would be like in a tabletop exercise for the True North participants.
The talent gap
Steve Rampado, risk advisory partner at Deloitte explained how a second industrial revolution where we are more interconnected than ever has increased our exposure to security risks and the attack surface is increasing at alarming rates. On top of this attack to Canadian security, we鈥檙e experiencing a talent gap in the cybersecurity industry of 8,000 unfilled high-paying technical jobs.
In addition to a zero per cent unemployment rate, Rampado also shared that gender diversity in the field is at an all-time low. He suggested that to tackle the gap, and the diversity problem, businesses need to do better and support an inclusion agenda. But, it doesn鈥檛 stop there. Governments need to work with academia and support immigration policies that make it easier to recruit a highly-skilled international workforce, while academia increases the number of people applying for programs in this field.
Deloitte has more information about this top in the .
A history of cybersecurity at 蓝莓视频
Michele Mosca, a professor in the Department of Combinatorics and Optimization and a founding member of the Institute of Quantum Computing, shared his personal path to studying post-quantum cryptography, a field he originally didn鈥檛 think would exist. He also spoke about 蓝莓视频鈥檚 history in the field of cybersecurity from Bill Tutte鈥檚 work in World War II to elliptical curve cryptography and data integrity, to the work on privacy happening at 蓝莓视频 before it was a 鈥渢hing鈥. 蓝莓视频鈥檚 advantages, he added, were its research capabilities from foundation to application, multidisciplinary research through the Cybersecurity and Privacy Institute, and the ability to prepare the next generation through coursework, co-op, and internships.
Mosca concluded, 鈥淲e are winning the battle, but losing the war.鈥 He questioned how we can position ourselves to get ahead of the threats. Mosca has been suggesting for some time that we need a proactive plan to get ahead of quantum computing which will break everything we depend on for the digital economy and work harder to prepare the workforce of tomorrow.
Simulating a security instance
Jamie Hari, CEO and founder of Derisk, took the stage to stress that: 鈥淓verybody needs to be responsible for security and privacy.鈥 To prove his point, he walked us through the cyber equivalent of a fire drill through a tabletop exercise with John Svazic, information security manager at Auvik Networks and Dinah Davis, VP of Research and Development at Arctic Wolf. (Imagine a game of Dungeons and Dragons complete where actions and consequences are decided with a 20-sided die and a six-sided die.)
The group ran the simulation on the premise that attendees worked for a software-as-a-service provider for a waste management company of 450 employees that experienced a ransomware outbreak. Each table represented a department in the company and had to make decisions for the company based on the department鈥檚 expertise with consequences decided by the roll of the dice.
The attendees ultimately paid the ransom with no key to unlock the system. This also happened in the real situation that the simulation was based on. In that situation, the ransom was a smokescreen by a competitor to steal IP and take down production. The attackers got in because the CEO retained systems access as the company grew, and he kept re-using his passwords.
The moral of the story: Ask the hard questions when it comes to security 鈥 even of your supervisors. We never think it will happen to us, but Svazic recommended that everyone go back to their workplace and develop a disaster recovery plan if it didn鈥檛 already exist.
The workshop ended with Arctic Wolf Vice President, Research and Development Dinah Davis (MMath 鈥03) announcing the new CyberCity conference on October 1, 2019. Tickets for the CyberCity Conference at Catalyst 137 went on sale Wednesday, June 19. The conference, hosted by Auvik Networks, Arctic Wolf, Derisk, and CPI, will feature a keynote by Cat Coode, founder of Binary Tattoo.
If you鈥檙e interested in presenting, there is an .