Rob T. Lee, SANS Institute: nowhere is the workforce-skills gap more pronounced than in cybersecurity
Statistics suggest that 2021 will experience an economic impact of $6 trillion due to the growing costs of cybercrime. All the while, the perennial lack of cybersecurity skills and talent is expected to rise to 3.5 million people by the end of the year. To ensure businesses have a fighting chance against threat actors, investing in security education and training is becoming an inescapable necessity.
As the increasing demand for cybersecurity talent continues to outpace supply, organizations are struggling to attract new and experienced security professionals.
Rob T. Lee, Chief Curriculum Director and Faculty Lead at the SANS Institute, shares how the SANS institute helps tackle the cybersecurity workforce gap in the face of the rising wave of increasingly sophisticated attacks.
The SANS Institute is the most trusted source for cybersecurity training, certifications, degrees, and research. How did you manage to stand out from the competitors?
All professionals who complete SANS’ training programs can apply the technical skills and knowledge they’ve learned the day they return to work. This is the SANS Promise.
To fulfill the promise, SANS combines high-quality content with unsurpassed hands-on training labs and brings it all to life with the best instructors and certifications in the business.
The GIAC Certifications that can be earned through SANS training are the highest standard in cybersecurity certifications. GIAC stands apart from other certification bodies, as GIAC certifications are a mile deep for specialized job-focused tasks across industry focus areas, including offensive operations, cyber defense, cloud security, DFIR, management, and ICS. Every certification confirms a practitioner's abilities and their likelihood of success in a real-world work environment.
With over 120 renowned cybersecurity instructors – from corporations, government agencies, and universities – SANS equips cybersecurity professionals with the skills to tackle today’s most pressing security challenges. SANS faculty members have a broad base of expertise as red team leaders, CISOs, technical directors, and research fellows. Their up-to-date examples and deep industry knowledge ensure that what students learn in class will be useful immediately on the job.
SANS provides a curriculum in a variety of cyber topics. Tell us about their differences in the programs.
SANS provides dedicated skills paths and certifications in key cybersecurity practices, from offensive operations to cloud security, digital forensics, cybersecurity leadership, and more. SANS’ cutting-edge undergraduate and graduate programs are designed to help professionals launch and advance their cybersecurity careers. SANS also offers training to help professionals earn GIAC Certifications, which are critical to all industry, government, and military cybersecurity roles.
SANS also created its Cyber Academies to reach and train professionals from underrepresented communities with an aptitude and interest in pursuing cybersecurity careers. The Academies are 100% scholarship-based and empower a diverse collection of professionals with the skills needed to make the leap into the cybersecurity field.
- VetSuccess: a program geared toward veterans that do not have a cybersecurity background.
- Women’s Academy: a program for career changers and college seniors with a background in IT
- Cyber Workforce: programs made possible by grants and organizations looking to advance the pool of cybersecurity talent.
- Diversity Cybersecurity Academy: a SANS partnership with the International Consortium of Minority Cybersecurity Professionals (ICMCP) to increase career opportunities for minorities and women in cybersecurity.
What new challenges did you encounter in your field during the COVID-19 pandemic?
Nowhere is the workforce-skills gap more pronounced than in cybersecurity. The U.S. faces a cybersecurity workforce shortage of over 464,000 cybersecurity professionals while confronting an onslaught of increasingly sophisticated attacks. Over the past year, the shortage of talent was even more exasperated as organizations had to pivot to a virtual environment and attacks on our healthcare systems and governments increased.
Has the pandemic altered the ways in which you approach trainings and other initiatives?
Since the beginning and throughout the pandemic, we had assumed that students were not as happy with the Live Online experience as they had been at conferences. Surprisingly, students rate their experience just as high – and for some courses even higher – as they did for those same courses and teachers at in-person conferences.
It turns out that the interactive online nature of courses combined with very talented instructors created some significant advantages for students. Students had a lot of positive things to say about the overall learning experience, the labs, the skills acquired, the online classroom interaction, the dynamism of the instructors, and the teaching assistants who help with labs and reference material.
During the pandemic, the labs were adapted to be used immediately by students on their jobs – in some cases, on the same day due to remote work environments. Students have access to 1,700 labs with more than 1,360 hours of interactive activities and cloud-based range environments. These hands-on activities allow students to analyze data from real compromises, reinforcing the skills they’ve been taught and will need at their jobs.
Students want to feel connected to other students and instructors. They appreciated the interactivity developed during the pandemic, which is key to effective learning. They can ask each other questions and interact continuously during class. This has encouraged many students to engage in asking questions, making them better able to absorb the material and learn more in the process. As a result, student classroom interaction is often more effective.
Have you noticed any new cyber threats that emerged because of the pandemic?
Unfortunately, over the last year, with the “work from anywhere environment,” the attack surface grew. There has been an onslaught of cybersecurity incidents, including SolarWinds, Microsoft Exchange, Kaseya, and more, that are being driven by third-and-fourth party vulnerabilities as well as rapidly increasing ransomware and phishing threats.
What is the single most significant threat you would like to be resolved in the next couple of years?
Ransomware attacks have increased in frequency during the past year. In 2020, 51% of businesses were targeted by ransomware, and attacks have only accelerated in 2021. The cyber landscape has grown increasingly complex, as threat actors take advantage of an expanding attack surface. The recent Colonial Pipeline attack demonstrated the fragility of U.S. critical infrastructure when it halted oil production, while the JBS Foods ransomware attack shut down meat production at multiple sites worldwide.
How should organizations adapt their security measures to prepare for future cyberattacks? Are there any common mistakes you have noticed?
Ensuring that sound security protocols are implemented organization-wide serves as the first line of defence from attacks. Training employees on security best practices early and often is essential as basic cyber hygiene can prevent costly human-driven mistakes. Implementing a strong zero-trust architecture within an organization’s systems is also a smart, common-sense way to reduce the impact of any cyberattack – including ransomware.
Give a few cyber-hygiene recommendations for internet users: how to protect your information and ensure that your identity is not being used by someone else?
Successful attacks almost always take advantage of conditions that could reasonably be described as 'poor cyber hygiene,' including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privileges. As such, organizations should patch high-severity software vulnerabilities in a timely manner, minimize admin privileges, and use strong authentications for all privileged access.
Password safety is the first line of defence for hackers to steal user accounts. If an organization reuses a password, the chances are that it can be found in a list of previously used passwords. In addition to not reusing passwords on multiple sites, people should always enable multi-factor authentication (MFA). This protocol provides an extra layer of security by requiring a virtual or hardware device to generate a response to an authentication challenge and helps validate a person’s identity while logging into their account.
Share with us something exciting you’ve got planned for SANS!
We are excited to have recently developed a New2Cyber Curriculum that we just launched in September to help non-technical professionals enter the cybersecurity industry and further close the workforce gap. The curriculum will offer three core courses to provide professionals with a solid foundation of cybersecurity knowledge and the practical skills needed to pursue cybersecurity roles. We see this as a great opportunity to meet the needs of the industry while also helping people to find a new and rewarding career.