Humans Most Critical Piece of CybersecurityPast Reflections of BofA's New Chief Information Security Officer
The new chief information security officer at Bank of America (see Former Intelligence CIO New BofA CISO) sees people as the foundation of IT security defense.
Late last summer, I interviewed Patrick Gorman, the one-time associate national intelligence director who, according to his Linkedin profile, was named earlier this month as a senior vice president and CISO at BofA, about the impact of the shortage of IT security pros is having on governments and businesses (see Is Infosec Worker Need Underestimated?):
"The foundation of all of this is human capital. If we don't have human capital in place, the other stuff is not going to work. It is the most critical piece of cybersecurity."
In our chat, Gorman's assessment of IT security education in the United States was wide ranging, from gloom to hopefulness. He painted a dire picture of the current environment, pointing out that the number of computer science graduates receiving bachelor's degrees in the U.S. has plunged to about 8,000 a year, half of what is was before the dot-com crash. Still, Gorman expressed optimism that the government and industry can help boost the numbers of people who can gain the skills to be cybersecurity specialists. But, he said, it won't happen overnight, predicting it will take five to 10 years to develop the cadre of IT specialists the nation will need to staff organizations to secure cyberspace.
A senior executive adviser for cybersecurity at the management consultancy Booz Allen Hamilton at the time of the interview, BoA's new CISO said he believes lessons that can be applied today from the push by the United States to invest heavily in science, technology, engineering and math - so called STEM - education after the Soviet Union launched Sputnik in 1957. Then, Americans feared our Cold War adversary would beat us in the space race. The return on that education investment, just over a decade later, resulted in the United States landing men on the moon in July 1969. And, he said, the STEM investments produced additional benefits such as the creation of the IT industry and other technological advancements unrelated to space:
"The way you sell these things is out of opportunity. If we put more emphasis into science, technology, engineering and mathematics, both from K-12 and the university level, we're going to get benefits that are not related to cybersecurity. This is a larger opportunity. Not only solve the cybersecurity issue, but I think we build up a foundation that is really going to provide the economic growth force into the 2020s. I wouldn't approach with fear; I would approach them from an opportunity perspective."
A twofer, sounds promising.