Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.
TechRepublic's Karen Roby spoke with Mark Testoni, CEO of SAP National Security Services (NS2). Testoni founded NS2 Serves, an organization that provided technology training and employment assistance for veterans. Here, they talk about STEM education and the importance of cybersecurity. The following is an edited transcript of their conversation.
Mark Testoni: Beyond stem cells we hear about sometimes, the other STEM is science, technology, engineering, and math. A number of years ago, really the government, and many educators, and leadership in this country said, "Hey, we need to refocus and get back to basics and making sure that we're developing enough skill sets in this area with our youth, and attracting people to these applied areas, versus everybody rushing off to be an artist, and a lawyer, and all the other great things, or whatever we all do," and so it's critically important. It's even more important in this world we're in now, the cyber world and cybersecurity. I mean technical skills are critical.
SEE: Identity theft protection policy (TechRepublic Premium)
I think we have a responsibility in the private sector, as well as government, to inspire kids, younger people, and even adults who need to be re-skilled to get into some of these disciplines. So, this is really, really important in a lot of ways. The government does some things through Homeland Security. In this area specifically, they've got a STEM student outreach in a program called CTAP that provides some resources, where schools can get resources to support this. They have another program they call NICCS. It's a long acronym, but it basically is a resource for people to go to find where they can get training that's accredited in the area of cyber. I think we're recognizing this at a level, and I think the government's participating, but I think we need to do much more.
Karen Roby: While it may seem I think obvious to why a real focus on STEM should be involved when it comes to cybersecurity, it also seems some government agencies are resistant, hesitant, to adopt new cybersecurity methods. Talk about that a little bit.
Mark Testoni: Government is like the private sector. We're all sort of in this kind of battle together. It's this challenge that we face in this internet that came around in the late '80s, early '90s commercially, and it's created a tremendous amount of wealth as we all know. It's been an industrial evolution, and now we're getting ready to go into 5G, and that's a whole nother set of industrial revolutions. We're all in this trying to figure it out. I'm not sure we're all as coordinated as we should be at times and work in collaboration between the private sector and government. Although there have been some initiatives, a lot of it centers around Homeland Security, the cyber agency CISA (Cybersecurity and Infrastructure Security Agency) it's called, and there's been some good work done there.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
This is critically important to us because I view cyber skills as life skills, and you can't translate being at home from being at work because we all work or are employed either by the government, or by a company, or some other agency, or activity, and we have to have the right hygiene to operate both at home, and in our workplace. We can't turn it off and do something at work and be different at home and vice versa because everything is crossing over particularly as we're seeing today in this work-from-home environment. So I think the government, like everyone, is trying to figure it out. There are places like NIST (National Institute of Standards and Technology) that have published standards on how companies should operate. But I think we need to do more on the education side as well. We can talk about both if you'd like to go further.
Karen Roby: Go ahead and delve into that a little bit, especially on the education front, and you mentioned COVID-19 and the world we're living in now, how that have changed things and how we approach cybersecurity.
Mark Testoni: Let's take a minute and let's just go back to the COVID thing, and then we can step backwards again. Let's go back eight or nine months ago. A lot of these tools, this tool we're using today called Zoom, we used this stuff a little bit in the past, Microsoft Teams. There's a bunch of other ones, Slack has some things. We used them a little bit in collaboration, but we really didn't. So what's happened in the last eight or nine months? We've probably done two to five years of digital transformation in eight months, which means now, even much more so, are we dependent on these tools.
Which means we have to make sure that we're applying proper hygiene, both in the infrastructures that we build, that's the technical aspect of it, and then with the people interacting, because ultimately people are always the weakest link in all this stuff. Right? So we have to be able to address both, and education is really important. I'm a child of the 1960s and '70s. You probably were a little later than that. Probably a lot later. But in the 1960s and '70s we had a pollution problem in this country that was just unbelievably bad. Air, water, litter, and we had a lot of really good work facilitated by the government around public service announcements and things, and we educated the public. Personally, I think we need to do some of the same here on the education side.
SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)
Karen Roby: When we talk about, and again in this the COVID-19 world and where we are right now, Mark, and just seeing it with the election how vulnerable government agencies can be, and we're trying to protect so much precious data, what do you think are some of the biggest threats that we're facing right now? I know that's a pretty broad question when you talk about cybersecurity, but what concerns you the most?
Mark Testoni: I think probably the largest threat, and I'll tool that back into why STEM is important to that too, because I think it really is. The biggest threats that we have, I mean there's state actors out there, and I don't think there's any great secret. We've been talking about China. Quite honestly, a lot of our intellectual property of our companies and the government are at risk, and so we need to be able to protect ourselves from state threats. There's also the criminal elements out there that operate.
Some of those are backed by states, and that leads itself to things like ransomware versus the actual theft. Why education is so important at the very earliest levels even is, first of all we're going to need ... I saw a study that said by the mid-2020s we're going to need like 4 million cyber security people in jobs. We need to get our kids interested in this. At NS2 we're doing some things around that, and I can talk about that a little bit.
That's really important, and so to be able to deal with these threats going forward, it's a combination of education. It's things like STEM, where we can get our kids interested, re-skilling Americans that might be unemployed that might have the ability to do this. We've done some of this kind of work with veterans in a program that we had called NS2 Serves. We re-skilled them, basically non-university educated veterans and turned them into IT people, so we know that these programs can work. I just think from a national level we need to inspire more of this kind of work.
Karen Roby: Do you think, I mean compared to just a couple years ago, Mark, do you think that we're doing better in general as far as getting kids to understand, or even parents to understand what direction to maybe help guide their kids? You know, you can talk to people that are in this business and understand tech to say, "Hey, listen. If you are involved in cybersecurity and you're educated, I mean you can write your ticket when it comes to a job and really make great money, and job security, all of that." Do you think we're doing a good job? Are we getting there?
Mark Testoni: That is a really good question. We are doing better. I think there's more awareness, but we absolutely need to do more, and it's not just about the government. The government needs to inspire, and maybe across a variety of ways. You can talk about cybersecurity policy and all that, but they need to inspire and enable. But private, we're all in the community. I mean I'm at an age where I'm worried about our kids and our grandkids, and are we still going to be the same United States of America that's a world leader? This is an area that is critically important to that. So, we need to inspire our kids, and ways that we can do that in the private sector are engaging the communities and schools. You know, we're looking very hard and we're working with some of the local districts here.
SEE: Hackers for hire target victims with cyber espionage campaign (TechRepublic)
We have a thing called NS2 Labs. This is an example of what can be done, and it's basically a platform we bring our customers and partners in to work on things. We're also doing STEM programs. We're starting new STEM programs out of this, where we're reaching out to schools, particularly ones that are less privileged than some of the other ones, where we can bring students and engage them with our top technical people. Because what gets people interested in things is familiarity. Right? So we need to create more awareness and familiarity.
Even if all these folks don't go into, kids don't go into, the technical areas they'll learn more about cyber. They'll learn more about the power of technology. Where we're going to be headed in the next four or five years, or decade with 5G. I mean I get so excited about it, it's one of the reasons I'm still in business. I mean we're going to have things around us that make the transition we did back 12 years ago to smartphones look like they're like child's play. I mean the things that are going to be happening around us with robotics and all this. So, critically, critically important that we do more, Karen. That's my message. A little bit of a long answer, but my message.
Karen Roby: When it comes to cybersecurity, I mean it's scary. And with so many people working from home, and all of the changes and instability, we can be very vulnerable, and companies are.
Mark Testoni: Cyber can be a career for people, and we need to interest people in that. I mentioned there's a huge number of jobs available, and this can be some of that re-skilling. But I go back to my comment about we need to have a a little bit more national focus on education. Cybersecurity is a life skill, and it's going to be even more of one going forward in our new world. And you wouldn't want to put your family at security risk physically. You certainly don't want to do that, or your family, or your company, or organization, you don't want to do that for yourself either. Awareness is key, and being curious enough. And as I said, we'll go back to all the campaigns we've done in this country, cigarettes smoking cessation, you may be a little bit too young to remember that one, but pollution. We can do this if we put our minds to it and work together.
Karen, thank you so much for taking the time to chat with me. This subject from kids in school to working adults is so important. It's important to our country and its future.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)