Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Education IT

SANS Institute Founder Hopes to Find New Cybersecurity Talent With a Game (esecurityplanet.com) 15

storagedude writes: Alan Paller, founder of the cybersecurity training SANS Technology Institute, has launched an initiative aimed at finding and developing cybersecurity talent at the community college and high school level — through a game developed by their CTO James Lyne. A similar game was already the basis of a UK government program that has reached 250,000 students, and Paller hopes the U.S. will adopt a similar model to help ease the chronic shortage of cybersecurity talent. And Paller's own Cyber Talent Institute (or CTI) has already reached 29,000 students, largely through state-level partnerships.

But playing the game isn't the same as becoming a career-ready cybersecurity pro. By tapping high schools and community colleges, the group hopes to "discover and train a diverse new generation of 25,000 cyber stars by the year 2025," Paller told eSecurity Planet. "SANS is an organization that finds people who are already in the field and makes them better. What CTI is doing is going down a step in the pipeline, to the students, to find the talent earlier, so that we don't lose them. Because the way the education system works, only a few people seem to go into cybersecurity. We wanted to change that.

"You did an article earlier this month about looking in different places for talent, looking for people who are already working. That's the purpose of CTI. To reach out to students. It's to go beyond the pipeline that we automatically come into cybersecurity through math, computer science, and networking and open the funnel much wider. Find people who have not already found technology, but who have three characteristics that seem to make superstars — tenacity, curiosity, and love of learning new things. They don't mind being faced with new problems. They like them. And what the game does is find those people. So CTI is just moving to earlier in the pipeline."

This discussion has been archived. No new comments can be posted.

SANS Institute Founder Hopes to Find New Cybersecurity Talent With a Game

Comments Filter:
  • by theshowmecanuck ( 703852 ) on Sunday July 25, 2021 @10:48AM (#61618617) Journal
    We know there are thousands if not millions of people whose jobs have been ended because of recent changes in economic directions. Not all of those people are dumb regardless of where they worked. Sometimes those people work in places because of limitations when they were young. Sometimes as they get older they grow out of old ways (the truly smart ones in that group). So why not target the game to everyone. Who cares what age range. If you truly are looking to fill a gap, cast the nets wider. People who are grateful for getting a second opportunity to rise to the level of their abilities can be the most grateful and best employees.
    • If you truly are looking to fill a gap, cast the nets wider. People who are grateful for getting a second opportunity to rise to the level of their abilities can be the most grateful and best employees.

      SANS benefits from the absurdly high posted requirements on most security postings. The younger their recruits, the more likely they can get them to pile on certificates and coursework to perpetuate those absurd requirements. Most people making a career shift mid-career aren't going to dump years and thousands of dollars pursuing those certificates.

      • I'm sorry this is yet another of my poorly worded replies on this site. TLDR: SANS knows there's a higher chance of certification if people are in security for the long haul. They probably aren't going to have as much success with people entering the field mid-career.
    • Exactly. All I can think is that the "game" requires significant human moderation, maybe this is more like old-fashioned D&D? So rather than SANS paying for the moderators to fulfill a need, they are getting junior college staff to perform the role of moderator? If this is the case, then SANS should change their moderation back-end so that players can become moderators. This is much more scalable. A prediction market Bayesian approach like is in the heart of 418Intelligence tool works very well at
    • There's must always a CTF going on. Plenty of opportunities that are open to anyone interested. If you're interested, come and join us.

      For a pure game with experience, check out Cryptomancer or one of the other games. There's a good one I'm thinking of and the name escapes me right at moment, but if you do some looking I'm sure you can find it. You get jewels from caves and such.

    • by Tom ( 822 )

      Training people in cybersecurity is a hard problem.

      I see people who actually studied "cybersecurity" in university, and they haven't got the first clue outside whatever was on the curriculum.

      ALL of the really great minds I know in the field have first and foremost both a broad and a deep knowledge of how computers actually work. Some of us have built our first computers from parts (and I mean with a soldering iron). One of my friends is such a guy, and he's among the best-known names in the field, a regular

  • by gweihir ( 88907 ) on Sunday July 25, 2021 @11:00AM (#61618645)

    No, that does not work. Good experts in this field are a rare resource and you _cannot_ create many more. Offer attractive working conditions and salaries or be forever outclassed. Seriously.

    • Offer attractive working conditions and salaries or be forever outclassed.

      Ah yes, attractive salaries. Like the ones offered by Microsoft, Apple, Google/Alphabet, and a host of other firms for their programmers where we have weekly announcements about a massive security flaw needing patched. Or the weekly announcements from a multitude of companies where hackers have penetrated their security. Here's one for you, Jamie Dimon heads J.P. Morgan. In 2008 his salary was $1 million, plus an addition $18 millio

      • by gweihir ( 88907 )

        You are talking about administrators (often misnamed "leaders"). I am talking about engineers. Which means your comment is irrelevant.

    • This. They do it on the cheap, and I would add- they care too much about certifications. All certifications do is check boxes. If the app/site has holes, hackers are going to find them. Easy peasy.

  • by Kobun ( 668169 ) on Sunday July 25, 2021 @11:20AM (#61618699)
    Is it a decent game? What gameplay style is it?
  • by Tom ( 822 )

    Cybersecurity is really funny. I've been working in it for over 20 years and I still can't decide if I should laugh or cry.

    We're looking for pentesters and tech people, but most of the real-world problems aren't tech issues at all. The foundations we're working on - and that we base a lot of the tech on - are bad. Most of the "best practice" are at the level of astrology and country sayings, with zero (and I mean ZERO, I've done the research on that question) factual evidence that they're actually working.

The clash of ideas is the sound of freedom.

Working...