Executive Perspectives

shutterstock_695954590-300x200-2.jpg

Investing in our Future Cybersecurity Workforce Through JROTC

digital risks

We all know that filling the pipeline for IT jobs is one of our nation’s biggest challenges. The Department of Labor projects there will be 3.5 million computing-related jobs available by 2026, but our current education pipeline will only fill 19% of those openings, threatening our security and global leadership.

Congress recently proposed a plan to grow the talent pipeline and diversify the computer science and cybersecurity workforce in the federal government. The Junior Reserve Officers’ Training Corps (JROTC) Cyber Training Act (H.R.3266/S.2154), which was sponsored by Representatives Lizzie Fletcher (D-TX), Rob Bishop (R-UT), Jackie Speier (D-CA), Conor Lamb (D-PA) and Michael Waltz (R-FL) in the House, and Senators Jackie Rosen (D-NV), Marsha Blackburn (R-TN), Gary Peters (D-MI) and John Cornyn (R-TX) in the Senate, would direct the Secretary of Defense to develop a program to prepare JROTC high school students for military and civilian careers in computer science and cybersecurity

If enacted, the bill would create targeted internships, cooperative research opportunities and funding for training with an emphasis on computer science and cybersecurity education. This important legislation has the potential to bring evidence-based computer science and cybersecurity education to 500,000 students at 3,400 JROTC high schools across the United States, greatly improving the number of professionals ready to take on the cyber challenges of tomorrow.

The Department of Defense reports that 30% of JROTC cadets join the military after high school or college. The remaining 70% of cadets represent a large pool of talent that could enter into civilian roles in the defense and cybersecurity sectors if given the proper training while in the JROTC program. The JROTC Cyber Training Act is an important opportunity to fill those job openings with innovative thinkers from the JROTC program, while simultaneously growing and diversifying the future workforce.

Cybersecurity is one of the greatest technical challenges of our time, and we need to be creative to meet it. McAfee is proud to support initiatives to establish programs, such as the JROTC Cyber Training Act, that provide skills to help build the STEM pipeline, fill related job openings, and close gender and diversity gaps.

The post Investing in our Future Cybersecurity Workforce Through JROTC appeared first on McAfee Blogs.

McAfee_business_1male_walking_server_room_72dpi-300x225-3.jpg

Digital Innovation Thrives in Open Pastures

Digital Innovation Thrives in Open Pastures

Openness and interoperability are long standing buzzwords in the digital ecosystem, but it is not always clear what it means, and why it is important. For McAfee, embracing these notions is critical to our success, and here’s why. Openness means that we share information, and interoperability means that this information is shared with our eco-system partners be they public and private entities all with the aim of fostering innovative solutions and services of benefit to all.  We all have a natural instinct to defend ourselves against free-loaders, but in the digital world, however counterintuitive it may seem at first glance, this mindset is harmful to both digital business and our capacity to innovate.

Put another way, the more we collaborate and share, the more our customers trust that we are at the top of our game. By being a cog in a vast and interdependent digital machine, McAfee’s services become more valuable. Conversely, locking ourselves out of this process has real risk.  This is because openness and interoperability cuts both ways. By giving others access to our expertise, we also gain access to theirs. This lets us focus on what we are good at, and we can leave it to others to create amazing new services that build on our innovation.

Of course, there is a bigger picture. An open and interoperable digital ecosystem is a cornerstone of competition. And ultimately, it is competition that drives innovation. Equally, devices or services that cannot interoperate will over time become less valuable.

That’s why we think the principles of openness and interoperability merit inclusion in the new  European Commission’s  technology and security policies, a point not lost on the Finnish Presidency, the current chair of EU ministerial meetings, who have made interoperability a priority objective for the next five years.

Openness has its drawbacks, of course. If we don’t excel and keep our products and services at the highest standard, someone else with a more robust solution could easily claim our place in the market. But being open and interoperable also acts as a rapid-alert system to let us know where we are falling short. Whether it is a bug in the code we produce, or a glitch in our interfaces, the community that we work with will let us know far sooner than if we were closed off to this scrutiny.

In relation to cyber security a lack of interoperability and cyber intelligence sharing across information systems can have serious consequences, including, for example, the limitation of response capability against cyber (or even, larger scale) terrorist attacks.  Today’s threats are no longer confined to a particular country, company or group of people and their impact is felt by the whole of society.

The best way to keep people safe today is to share and receive cyber threat intelligence within and beyond a company’s boundaries, fast detection of imminent attacks by cybersecurity experts, and collaboration on threat analysis, automated threat exchange, and detection and response. If we do not prioritise openness and interoperability in our policies, real people could suffer as a result.

The benefits of open and interoperable cloud security architectures to digital transformation should also not be overlooked.  Open and interoperable cloud security architectures provide a quick and comprehensive way of achieving higher security standards across governments and enterprises.

So, there is no question that openness and interoperability is the right way to go, and we’re proud the fact that McAfee and others use these as foundational principles.

As a case in point, on October 8th, McAfee and IBM Security kick-started an initiative to bring real interoperability and data sharing across the cybersecurity product landscape. The Open Cybersecurity Alliance (OCA) project is comprised of like-minded global cybersecurity vendors, end users, thought leaders, and individuals interested in fostering an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated response, via commonly developed code and tooling, using mutually agreed upon technologies, standards, and procedures.

The Alliance’s founders, McAfee and IBM Security, are joined in the initiative by Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.

Formed under the auspices of OASIS, a respected consortium driving the development, convergence and adoption of open standards for the global information society, the Alliance was launched as an OASIS Open Project on October 8, 2019.

Its goal is to is to develop and promote sets of open source common content, code, tooling, patterns, and practices for operational interoperability and data sharing among cybersecurity tools. The Alliance aims to create an environment where cybersecurity vendors do not compete on plumbing; rather, the plumbing is the foundation – the common platform — upon which cybersecurity tools are built. Cybersecurity vendors have a real adversary they are trying to defeat, and vendors should not be distracted by each of us having to replicate different ways to provide product plumbing. (See OCA announcement blog)

Finally, if you are interested to learn more about why this agenda is important to European policy makers as the new European Commission is confirmed,  I would encourage you to look to the work of the European Committee for interoperable systems (ECIS) and its recent white paper on how interoperability and openness works in theory and practice, particularly in the field of cybersecurity an cloud services.

 

The post Digital Innovation Thrives in Open Pastures appeared first on McAfee Blogs.

mcafee-9198-b2b-retouched-20150515_72dpi-300x200-2.jpg

CDM and the 2019 Billington Cybersecurity Summit

CDM and the 2019 Billington Cybersecurity Summit

Recently, Billington hosted their 10th annual Cybersecurity Summit, one of the premier cybersecurity conferences where industry leaders and government officials join together to discuss the current state of cybersecurity. Several key themes presented themselves throughout the two-day summit, including cloud, cybersecurity legislation, and DHS’s Continuous Diagnostics and Mitigation program (CDM). Kevin Cox, the program manager of CDM at CISA, and private sector experts involved in the program discussed new developments and some of the benefits of CDM.

While updating the audience on CDM, Cox teased several important updates to the program expected soon, including a new dashboard system and an algorithm that will show agencies how they’re doing with basic cybersecurity measures — the Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm. Cox said that 50 federal agencies are reporting data to the federal dashboard, 74 smaller agencies are using the CDM shared services dashboard, and 31 agencies are reporting AWARE scores.

CDM has largely been a success throughout the federal government. According to a recent MeriTalk report, 85% of federal and industry stakeholders said that CDM has improved federal cybersecurity, with its most helpful capability being the increased visibility about the federal government’s cybersecurity posture. Now the program should move ahead on a cloud initiative, as federal agencies and organizations have been moving to cloud for some time, and many are in multi- or hybrid-cloud environments.

Cox noted that the program office would begin to address cloud security, specifically, “work[ing] with the DHS team, agencies, system integrators, and DHS Cybersecurity Division partners to determine the right approach and scope for a cloud security proof of concept.”

Another speaker at Billington, McAfee SVP and CTO Steve Grobman, took part in a panel devoted to cloud security. The conversation focused on the differences between traditional computing and cloud computing, current cybersecurity issues, and how policy can change that landscape.

“Cloud has given us the ability to redefine the security architecture,” said Grobman. “Although we can secure our environment using a lot of new capabilities, we need to recognize that the scale that cloud operates and that the issues are going to be bigger.”

Moving applications and infrastructure to the cloud securely is something government agencies need to prioritize, and programs like CDM should give the workforce and federal agencies the tools they need to make this important transition. McAfee is working with federal, state and local governments to adopt cloud capabilities to better detect threats and establish procedures to work through how to recover.

Supporting CDM has been one of McAfee’s highest priorities for the past 10 years. We designed several products specifically to meet CDM requirements, and we remain committed to making the aims of CDM a reality both today and well into the future. We also appreciate that organizations such as Billington continue to advance the conversation on important topics like both CDM and cloud security. and look forward to assisting our federal partners on both.

The post CDM and the 2019 Billington Cybersecurity Summit appeared first on McAfee Blogs.

Blog-thumbnail_generic-stairwell-300x200-2.jpg

The Open Cybersecurity Alliance – Building for the Future

The Open Cybersecurity Alliance – Building for the Future

Today, the rapidly evolving cybersecurity threat landscape has driven an explosion of security products, generating an ever-increasing mountain of potentially valuable data and insights. But with that comes the increased complexity needed to make sense of it all and extract the real value.  According to the industry analyst firm Enterprise Strategy Group organizations use on average 25 to 49 different security tools from up to 10 vendors, each of which generates large amounts of siloed data. Today, integrating security products into an established operational environment can be  extremely resource intensive, time-consuming, and costly, all at the expense of hours that could be better spent hunting and responding to threats.

For too long, many cybersecurity vendors have made life harder for customers by assuring their “secret sauce” was theirs and theirs alone. Organizations were not able to get the full value from the tools they purchased because of the lack of interoperability, the expense of integration and the potentially valuable data locked away from sight in proprietary silos. This situation provides us with a real opportunity, and we intend to take advantage of it.

We have seen this play out before. Prior to the beginning of the Industrial Revolution, tools were mostly handcrafted and not precise or consistent enough to support manufacturing needs. It was widespread standardization that changed the landscape and led to the Industrial Revolution. Interchangeable parts allowed for the easy assembly of new and innovative products, cheap repairs and fewer skills and time required of workers. Best of all, it led to dramatically reduced costs across the board, for producers and consumers.

We need to foster a similar revolution in cybersecurity today.

McAfee and IBM Security have kick-started an initiative to bring real interoperability and data sharing across the cybersecurity product landscape. The Open Cybersecurity Alliance (OCA) project is comprised of like-minded global cybersecurity vendors, end users, thought leaders and individuals interested in fostering an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated response, via commonly developed code and tooling, using mutually agreed upon technologies, standards, and procedures.

The Alliance’s founders, McAfee and IBM Security, are joined in the initiative by Advanced Cyber Security Corp, Corsa, CrowdStrike, CyberArk, Cybereason, DFLabs, EclecticIQ, Electric Power Research Institute, Fortinet, Indegy, New Context, ReversingLabs, SafeBreach, Syncurity, ThreatQuotient, and Tufin.

The OCA was formed under the auspices of OASIS, a respected consortium driving the development, convergence and adoption of open standards for the global information society. The Alliance was launched as an OASIS Open Project on October 8, 2019. Participation from additional organizations and individual contributors is welcomed.

OCA’s goal is to develop and promote sets of open source common content, code, tooling, patterns, and practices for operational interoperability and data sharing among cybersecurity tools. The Alliance aims to create an environment where cybersecurity vendors do not compete on plumbing; rather, the plumbing is the foundation – the common platform — upon which cybersecurity tools are built. Cybersecurity vendors have a real adversary they are trying to defeat, and vendors should not be distracted by each of us having to replicate different ways to provide product plumbing.

For enterprise users, OCA means:

  • Improving security visibility, providing the ability to discover new insights and findings that might otherwise have been missed
  • Extracting real value from existing products while reducing vendor lock-in
  • Connecting data and sharing insights across products
  • Enabling vendors who make use of OCA code, tooling, and patterns to seamlessly interoperate, making plug-and-play integration of cybersecurity products a reality
  • Facilitating a variety of security use cases, including threat hunting & detection, analytics, operations, response and more;

In short, the goal is: integrate once, reuse everywhere.

For security vendors, the benefits of supporting the OCA in products are tangible.  They include:

  • Reduced integration costs, improving vendors’ ability to focus on higher-value features and integrations
  • Improved robustness of data integrations, allowing customers to extract more value from their products and tools
  • Ease of integration for customers, allowing products to be more useful directly out of the box
  • No duplication of the messaging and data exchange aspects of products

Security practitioners benefit from OCA integrated tools by:

  • Increased visibility and the ability to discover new critical insights and findings that would have otherwise been missed
  • Reduced procurement of unnecessary new tools
  • Reduced vendor lock-in
  • More rapid deployment and integration into security processes
  • Overall reduction of costs for product integration

Like the beginning of the Industrial Revolution, where interchangeable parts provided the economic incentives and the foundation for true innovation, we believe that an open cybersecurity ecosystem, where products from all vendors and software publishers can freely exchange information, insights, analytics, and orchestrated responses, will lead to real advancements in cybersecurity. The OCA strives to provide that foundation for cybersecurity innovation to flourish.

Join the Open Cybersecurity Alliance today and help us start a revolution.

The post The Open Cybersecurity Alliance – Building for the Future appeared first on McAfee Blogs.

mcafee-213780-b2b-retouched-20180516-750x500-300x200-2.jpg

Opening up Europe’s Cyber Future

Opening up Europe’s Cyber Future

Europe will face a complex cocktail of cyber challenges in the coming five years, from safeguarding our critical infrastructure to protecting itself from election interference and disinformation whilst safeguarding citizen data privacy rights. A new set of leaders is preparing to take office in the European Commission’s headquarters in Brussels to take on these challenges. McAfee, at the cutting edge of cyber defence and mitigation, stands ready to help them embed the principles of open information exchange and interoperability that form the basis of a robust cybersecurity policy.

The principles of openness and interoperability have long been to key to the growth of the digital economy. But in the field of cybersecurity, these principles take on an even greater importance. Openness and interoperability are a precondition for vibrant competition and rapid innovation, and competition authorities should remain vigilant to ensure it remains in place even as the digital ecosystem begins to gravitate around the giants that best harness the network effects digital technologies can enable.

But openness and interoperability are not just about innovation. They have become cornerstones for keeping citizens safe as they go about their lives. This is because no single actor has all the information needed to prevent, mitigate or remedy a cyber incident. McAfee has a proud history of precisely such partnerships, sharing emerging threat information in real-time with authorities, and helping them keep the critical infrastructure that we all rely on up and running even as they become prime targets for cyberattacks. Hospitals, transport networks and energy grids are the lifeblood of our society, and we need to keep them safe. Hence, we think it’s right that this Commission focus on their needs and develop new rules to safeguard these vital assets.

When it comes to privacy, Europe has made enormous leaps to improve the trust of citizens in digital services, through more robust privacy rules and cybersecurity regulations and we hope that EU lawmakers continue to keep the safety of their constituents as a top priority. At McAfee, we believe you cannot have privacy without security, and that companies must proactively consider privacy and security on the drawing board and throughout the development process for products and services going to market.

But Cybersecurity is also about preparing for the future and in some cases, the best cyber-defences take a long time to develop, and nowhere is this more apparent than in the election interference and disinformation practices that sought to bring the recent EU elections, and our democratic foundations, to their knees.

The May 2019 elections may still be fresh in our memory, but Europe should not lose a second in starting to build its resilience for the next ones. At McAfee, we believe tackling disinformation requires robust cyber hygiene by all. But the best way to address it is using cyber intelligence and tradecraft to understand the adversary, so citizens can better understand the scale of the problem and our politicians can make the most informed decisions on how best to combat it.

McAfee has observed the growing prominence of Cybersecurity on the political agenda. This is a welcome and necessary development to ensure Europe is not taken off-guard by a cyber incident. Of course, Europe’s policymakers in the commission, parliament and council will pay attention to cyber threats when a crisis hits, but as John F Kennedy put it, they would also do well to repair the roof when the sun is shining. Whatever the cyber weather, McAfee will be a trusted partner to make Europe more cyber secure.

The post Opening up Europe’s Cyber Future appeared first on McAfee Blogs.

mcafee-4I0267-b2b-retouched-20180516_72dpi-300x200-2.jpg

Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness

Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness

The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is a key component of the federal government’s cybersecurity posture. This important program provides real-time, continuous monitoring of federal networks while also auditing networks for unauthorized changes.

While the CDM program has been a boon to the security of many civilian agencies, there are opportunities to make it even stronger, and recent legislation introduced in both the House and Senate is vital to the continued success of the program. Just this month, Reps. John Ratcliffe (R-TX) and Ro Khanna (D-CA) introduced the Advanced Cybersecurity Diagnostics and Mitigation Act, which codifies the CDM program and encourages further innovation that will improve the federal government’s cyber readiness for years to come,  helping prevent cyberattacks and intrusions by bad actors.

In addition to officially codifying the program, this bill includes other important requirements that will keep CDM up to date and effective, including:

  • The deployment of new CDM technologies
  • The availability of CDM capabilities for civilian departments and agencies, as well as state and local governments
  • A mandate that DHS develop a strategy to ensure CDM is constantly preparing for the changing cyber threat landscape

Perhaps most importantly, this bill puts a new focus on continuous monitoring as a capability that tools federal agencies use every day should have. This key focus is critical to enabling the federal government to better handle and respond to cyberattacks and other intrusions. While preventing these types of attacks is always the priority, Congress must also equip the federal government with the tools they need to properly handle the worst-case scenario: an attack that impacts the government’s ability to function or one that puts sensitive information at risk.

At McAfee, we’re working every day to help federal, state and local governments better prepare for the threats of today and tomorrow, both on-premises and in cloud and multi-cloud environments. CDM is an ideal vehicle for agencies to use cloud to secure and protect citizen data, provide modernized services and more. Indeed, moving applications and infrastructure to the cloud is one of the innovations CDM should encourage.

Reps. Ratcliffe and Khanna’s bill is identical to its Senate counterpart (S.2318), introduced earlier this summer by Senators John Cornyn (R-TX) and Maggie Hassan (D-NH). These two bills go a long way to building on CDM with important new language that focuses on the innovation companies like McAfee invest in every day to better secure the nation’s cybersecurity posture to better tackle the onslaught of cyber threats facing us every day. We look forward to continuing to work with leaders in Congress to tackle these important issues and to constantly improve CDM.

The post Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness appeared first on McAfee Blogs.

Blog-thumbnail_generic-stairwell-300x200.jpg

Modernizing FedRAMP is Essential to Enhanced Cloud Security

Modernizing FedRAMP is Essential to Enhanced Cloud Security

According to an analysis by McAfee’s cloud division, log data tracking the activities of some 200,000 government workers in the United States and Canada, show that the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages. The use of unauthorized applications creates severe security risks, often resulting simply from employees trying to do their work more efficiently.

By category, collaboration tools like Office 365 or Gmail are the most commonly used cloud applications, according to McAfee’s analysis, with the average organization running 120 such services. Cloud-based software development services such as GitHub and Source Forge are a distant second, followed by content-sharing services. The average government employee runs 16.8 cloud services, according to the 2019 Cloud Adoption and Risk Report. Lack of awareness creates a Shadow IT problem that needs to be addressed.  One of the challenges is that not all storage or collaboration services are created equally, and users, without guidance from the CIO, might opt for an application that has comparatively lax security controls, claims ownership of users’ data, or one that might be hosted in a country that the government has placed trade sanctions on.

To help address the growing challenge of security gaps in IT cloud environments, Congressmen Gerry Connolly (D-VA), Chairman of the House Oversight and Reform Committee’s Government Operations Subcommittee, and Mark Meadows (R-NC), Ranking Member of the Government Operations Subcommittee, recently introduced the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941). The legislation would codify FedRAMP – the program that governs how cloud security solutions are deployed within the federal government, address agency compliance issues, provide funding for the FedRAMP Project Management Office (PMO) and more. The FedRAMP Authorization Act would help protect single clouds as well as the spaces between and among clouds. Since cloud services are becoming easier targets for hackers, McAfee commends these legislators for taking this important step to modernize the FedRAMP program.

FedRAMP provides a standardized approach to security assessment and monitoring for cloud products and services that agency officials use to make critical risk-based decisions. Cloud solutions act as gatekeepers, allowing agencies to extend the reach of their cloud policies beyond their current network infrastructure. To monitor data authentication and protection within the cloud, cloud access security brokers, or CASBs, allow organizations deeper visibility into their cloud security solutions. In today’s cybersecurity market, there are many cloud security vendors, and organizations therefore have many solutions from which to choose to enable them to secure their cloud environments.  McAfee’s CASB, MVISION Cloud, helps ensure that broad technology acquisitions maintain or exceed the levels of security outlined in the FedRAMP baselines.

McAfee supports the FedRAMP Authorization Act, which would bring FedRAMP back to its original purpose by providing funding for federal migration and mandating the reuse of authorizations. FedRAMP must be modernized to best serve government agencies and IT companies. We look forward to working with our partners in Congress to move this legislation forward. Additionally, we have seen that agencies overuse waivers to green light technology that sacrifices security for expediency.  We must find a better way to thread this needle and ensure that broad technology acquisitions maintain or exceed the levels of security outlined in the FedRAMP baselines as this bill works its way through the legislative process and finds its way to the President’s desk for signature into law.

The post Modernizing FedRAMP is Essential to Enhanced Cloud Security appeared first on McAfee Blogs.

conceptual_people_shield_RGB-300x226.jpg

The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book

The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book

I ruined Easter Sunday 2017 for McAfee employees the world over. That was the day our company’s page on a prominent social media platform was defaced—less than two weeks after McAfee had spun out of Intel to create one of the world’s largest pure-play cybersecurity companies. The hack would have been embarrassing for any company; it was humiliating for a cybersecurity company. And, while I could point the finger of blame in any number of directions, the sobering reality is that the hack happened on my watch, since, as the CMO of McAfee, it was my team’s responsibility to do everything in our power to safeguard the image of our company on that social media platform. We had failed to do so.

Personal accountability is an uncomfortable thing. Defensive behavior comes much more naturally to many of us, including me. But, without accountability, change is hindered. And, when you find yourself in the crosshairs of a hacker, change—and change quickly—you must.

I didn’t intend to ruin that Easter Sunday for my colleagues. There was nothing I wanted less than to call my CEO and peers and spoil their holiday with the news. And, I didn’t relish having to notify all our employees of the same the following Monday. It wasn’t that I was legally obligated to let anyone know of the hack; after all, McAfee’s systems were never in jeopardy. But our brand reputation took a hit that day, and our employees deserved to know that their CMO had let her guard down just long enough for an opportunistic hacker to strike.

I tell you this story not out of self-flagellation or so that you can feel, “Hey, better her than me!” I share this story because it’s a microcosm of why I wrote a book, The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security.

I’m not alone in having experienced an unfortunate hack that may have been prevented had my team and I been more diligent in practicing habits to minimize it. Every day, organizations are attacked the world over. And, behind every hack, there’s a story. There’s hindsight of what might have been done to avoid it. While the attack on that Easter Sunday was humbling, the way in which my McAfee teammates responded, and the lessons we learned, were inspirational.

I realized in the aftermath that there’s a real need for a playbook that gives every employee—from the frontline worker to the board director—a prescription for strong cybersecurity hygiene. I realized that everyone can play an indispensable role in protecting her organization from attack. And, I grasped that common sense is not always common practice.

There’s no shortage of cybersecurity books available for your consumption from reputable, talented authors with a variety of experiences. You’ll find some from journalists, who have dissected some of the most legendary breaches in history. You’ll find others from luminaries, who speak with authority as being venerable forefathers of the industry. And you’ll find more still from technical experts, who decipher the intricate elements of cybersecurity in significant detail.

But, you won’t find many from marketers. So why trust this marketer with a topic of such gravity? Because this marketer not only works for a company that has its origins in cybersecurity but found herself on her heels that fateful Easter Sunday. I know what it’s like to have to respond—and respond fast—when time is not on your side and your reputation is in the hands of a hacker. And, while McAfee certainly had a playbook to act accordingly, I realized that every company should have the same.

So, whether you’re in marketing, human resources, product development, IT or finance—or a board member, CEO, manager or individual contributor—this book gives you a playbook to incorporate cybersecurity habits in your routine. I’m not so naïve as to believe that cybersecurity will become everyone’s primary job. But, I know that cybersecurity is now too important to be left exclusively in the hands of IT. And, I am idealistic to envision a workplace where sound cybersecurity practice becomes so routine, that all employees regularly do their part to collectively improve the defenses of their organization. I hope this book empowers action; your organization needs you in this fight.

Allison Cerra’s book, The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security, is scheduled to be released September 12, 2019 and can be preordered at amazon.com.

The post The Cybersecurity Playbook: Why I Wrote a Cybersecurity Book appeared first on McAfee Blogs.

mcafee-4I0267-b2b-retouched-20180516_72dpi-300x200.jpg

House Actions on Election Security Bode Well for 2020

House Actions on Election Security Bode Well for 2020

As a U.S. cybersecurity company, McAfee supports legislation that aims to safeguard U.S. election security. After the 2016 election, McAfee sees the importance of improving and preserving election security; we even offered free security tools to local election boards prior to the 2018 elections and released educational research on how localities can best protect themselves in future elections. As the 2020 primary elections quickly approach, it is more important than ever that the federal government takes steps to ensure our election infrastructure is secure and that states and localities have the resources they need to quickly upgrade and secure systems.

The U.S. House of Representatives recently passed H.R. 2722, the Securing America’s Federal Elections (SAFE) Act, legislation introduced by Rep. Zoe Lofgren (D-CA) that would allocate $600 million for states to secure critical election infrastructure. The bill would require cybersecurity safeguards for hardware and software used in elections, prevent the use of wireless communication devices in election systems and require electronic voting machines to be manufactured in the United States. The SAFE Act is a key step to ensuring election security and integrity in the upcoming 2020 election.

Earlier this year, the House also passed H.R. 1, the For the People Act. During a House Homeland Security Committee hearing prior to the bill’s passage, the committee showed commitment to improving the efficiency of election audits and continuing to incentivize the patching of election systems in preparation for the 2020 elections. H.R. 1 and the SAFE Act demonstrate the government’s prioritization of combating election interference. It is exciting to see the House recognize the issue of election security, as it is a multifaceted process and a vital one to our nation’s democracy.

McAfee applauds the House for keeping its focus on election security and prioritizing the allocation of resources to states. We hope that Senate leadership will take up meaningful, comprehensive election security legislation so our country can fully prepare for a secure 2020 election.

The post House Actions on Election Security Bode Well for 2020 appeared first on McAfee Blogs.

shutterstock_420604006_20181026-300x200.jpg

Expanding Our Vision to Expand the Cybersecurity Workforce

Expanding Our Vision to Expand the Cybersecurity Workforce

I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity workforce shortage at 2.93 million. Solving this problem is challenging, but I offered some recommendations to the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection and Innovation.

Increase the NSF CyberCorps Scholarships for Service Program

The National Science Foundation (NSF) together with the Department of Homeland Security (DHS) designed a program to attract more college students to cybersecurity, and it’s working. Ten to 12 juniors and seniors at each of the approximately 70 participating institutions across the country receive free tuition for up to two years plus annual stipends. Once they’ve completed their cybersecurity coursework and an internship, they go to work for the federal government for the same amount of time they’ve been in the program. Afterwards, they’re free to remain federal employees or move elsewhere, yet fortunately, a good number of them choose to stay.

Congress needs to increase the funding for this program (which has been flat since 2017) from $55 million to at least $200 million. Today the scholarships are available at 70 land grant colleges. The program needs to be opened up to more universities and colleges across the country.

Expand CyberCorps Scholarships to Community Colleges

Community colleges attract a wide array of students – a fact that is good for the cybersecurity profession. Some community college attendees are recent high school graduates, but many are more mature, working adults or returning students looking for a career change or skills training. A strong security operation requires differing levels of skills, so having a flexible scholarship program at a community college could not only benefit graduates but also provide the profession with necessary skills.

Furthermore, not everyone in cybersecurity needs a four-year degree. In fact, they don’t need to have a traditional degree at all. Certificate programs provide valuable training, and as employers, we should change our hiring requirements to reflect that reality.

Foster Diversity of Thinking, Recruiting and Hiring

Cybersecurity is one of the greatest technical challenges of our time, and we need to be as creative as possible to meet it. In addition to continually advancing technology, we need to identify people from diverse backgrounds – and not just in the standard sense of the term. We need to diversify the talent pool in terms of race, ethnicity, gender and age, all of which lead to creating an inclusive team that will deliver better results. However, we also should seek out gamers, veterans, people working on technical certificates, and retirees from computing and other fields such as psychology, liberal arts as well as engineering. There is no one background required to be a cybersecurity professional. We absolutely need people with deep technical skills, but we also need teams with diverse perspectives, capabilities and levels of professional maturity.

Public-Private Sector Cross Pollination

We also must develop creative approaches to enabling the public and private sectors to share talent, particularly during significant cybersecurity events. We should design a mechanism for cyber professionals – particularly analysts or those who are training to become analysts – to move back and forth between the public and private sector so that government organizations would have a continual refresh of expertise. This type of cross-pollination would help everyone share best practices on technology, business processes and people management.

One way to accomplish this would be for DHS to partner with companies and other organizations such as universities to staff a cadre of cybersecurity professionals – operators, analysts and researchers – who are credentialed to move freely between public and private sector service. These professionals, particularly those in the private sector, could be on call to help an impacted entity and the government respond to a major attack in a timely way. Much like the National Guard, a flexible staffing approach to closing the skills gap could become a model of excellence.

We’re Walking the Talk

McAfee is proud to support the community to establish programs that provide skills to help build the STEM pipeline, fill related job openings, and close gender and diversity gaps. These programs include an Online Safety Program, onsite training programs and internships for high school students. Our employees also volunteer in schools help educate students on both cybersecurity risks and opportunities. Through volunteer-run programs across the globe, McAfee has educated more than 500,000 children to date.

As part of the McAfee’s new pilot Achievement & Excellence in STEM Scholarship program, we’ll make three awards of $10,000 for the 2019-2020 school year. Twelve students from each of the three partner schools will be invited to apply, in coordination with each partner institution’s respective college advisor. Target students are college-bound, high school seniors with demonstrated passion for STEM fields, who are seeking a future in a STEM-related path. This type of a program can easily be replicated by other companies and used to support the growth and expansion of the workforce.

We’re Supporting Diversity

While we recognize there is still more to do in fostering diversity, we’re proud to describe the strides we’re making at McAfee. We believe we have a responsibility to our employees, customers and communities to ensure our workplace reflects the world in which we live. Having a diverse, inclusive workforce is the right thing to do, and after we became an independent, standalone cybersecurity company in 2017, we made and have kept this a priority.

 The steps we’re taking include:

  • Achieving pay parity between women and men employees in April 2019, making us the first pureplay cybersecurity company to do so.
  • In 2018, 27.1% of all global hires were female and 13% of all U.S. hires were underrepresented minorities.
  • In June 2018, we launched our “Return to Workplace” program for men and women who have paused their career to raise children, care for loved ones or serve their country. The 12-week program offers the opportunity to reenter the tech space with the support and resources needed to successfully relaunch careers.
  • Last year, we established the Diversity & Culture Council, a volunteer-led global initiative focused on creating an infrastructure for the development and maintenance of an integrated strategy for diversity and workplace culture.
  • McAfee CEO Chris Young joined CEO Action for Diversity Inclusion, the largest group of CEOs and presidents committed to act on driving an inclusive workforce. By taking part in CEO Action, Young personally commits to advancing diversity and inclusion with the coalition’s three-pronged approach of fostering safe workplaces.

Looking to the Future

While I’d love to see a future where fewer cybersecurity professionals were needed, I know that for the foreseeable future, we’ll not only need great technology but also talented people. With that reality, we in the industry need to expand our vision and definition of what constitutes cybersecurity talent. The workforce shortage is such that we have to do expand our concepts and hiring requirements. In addition, the discipline itself will benefit from a population that brings more experiences, skills and diversity to bear on a field that is constantly changing.

The post Expanding Our Vision to Expand the Cybersecurity Workforce appeared first on McAfee Blogs.

vox-messenger-secure-corpLogo-60x60

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is a secure alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Coming Soon.

All Rights Reserved - Copyright @ 2018 - Vox Messenger (a Division of Kryotech Ltd.)