SANS Institute Founder Hopes to Find New Cybersecurity Talent With a Game (esecurityplanet.com) 15
storagedude writes: Alan Paller, founder of the cybersecurity training SANS Technology Institute, has launched an initiative aimed at finding and developing cybersecurity talent at the community college and high school level — through a game developed by their CTO James Lyne. A similar game was already the basis of a UK government program that has reached 250,000 students, and Paller hopes the U.S. will adopt a similar model to help ease the chronic shortage of cybersecurity talent. And Paller's own Cyber Talent Institute (or CTI) has already reached 29,000 students, largely through state-level partnerships.
But playing the game isn't the same as becoming a career-ready cybersecurity pro. By tapping high schools and community colleges, the group hopes to "discover and train a diverse new generation of 25,000 cyber stars by the year 2025," Paller told eSecurity Planet. "SANS is an organization that finds people who are already in the field and makes them better. What CTI is doing is going down a step in the pipeline, to the students, to find the talent earlier, so that we don't lose them. Because the way the education system works, only a few people seem to go into cybersecurity. We wanted to change that.
"You did an article earlier this month about looking in different places for talent, looking for people who are already working. That's the purpose of CTI. To reach out to students. It's to go beyond the pipeline that we automatically come into cybersecurity through math, computer science, and networking and open the funnel much wider. Find people who have not already found technology, but who have three characteristics that seem to make superstars — tenacity, curiosity, and love of learning new things. They don't mind being faced with new problems. They like them. And what the game does is find those people. So CTI is just moving to earlier in the pipeline."
But playing the game isn't the same as becoming a career-ready cybersecurity pro. By tapping high schools and community colleges, the group hopes to "discover and train a diverse new generation of 25,000 cyber stars by the year 2025," Paller told eSecurity Planet. "SANS is an organization that finds people who are already in the field and makes them better. What CTI is doing is going down a step in the pipeline, to the students, to find the talent earlier, so that we don't lose them. Because the way the education system works, only a few people seem to go into cybersecurity. We wanted to change that.
"You did an article earlier this month about looking in different places for talent, looking for people who are already working. That's the purpose of CTI. To reach out to students. It's to go beyond the pipeline that we automatically come into cybersecurity through math, computer science, and networking and open the funnel much wider. Find people who have not already found technology, but who have three characteristics that seem to make superstars — tenacity, curiosity, and love of learning new things. They don't mind being faced with new problems. They like them. And what the game does is find those people. So CTI is just moving to earlier in the pipeline."
Why are they limiting themselves (Score:4, Interesting)
Re: (Score:2)
If you truly are looking to fill a gap, cast the nets wider. People who are grateful for getting a second opportunity to rise to the level of their abilities can be the most grateful and best employees.
SANS benefits from the absurdly high posted requirements on most security postings. The younger their recruits, the more likely they can get them to pile on certificates and coursework to perpetuate those absurd requirements. Most people making a career shift mid-career aren't going to dump years and thousands of dollars pursuing those certificates.
Re: (Score:2)
Re: (Score:3)
There are a bunch of CTFs open to anyone (Score:2)
There's must always a CTF going on. Plenty of opportunities that are open to anyone interested. If you're interested, come and join us.
For a pure game with experience, check out Cryptomancer or one of the other games. There's a good one I'm thinking of and the name escapes me right at moment, but if you do some looking I'm sure you can find it. You get jewels from caves and such.
Re: (Score:2)
Training people in cybersecurity is a hard problem.
I see people who actually studied "cybersecurity" in university, and they haven't got the first clue outside whatever was on the curriculum.
ALL of the really great minds I know in the field have first and foremost both a broad and a deep knowledge of how computers actually work. Some of us have built our first computers from parts (and I mean with a soldering iron). One of my friends is such a guy, and he's among the best-known names in the field, a regular
These morons _still_ try to do it on the cheap (Score:3)
No, that does not work. Good experts in this field are a rare resource and you _cannot_ create many more. Offer attractive working conditions and salaries or be forever outclassed. Seriously.
Re: (Score:2)
Offer attractive working conditions and salaries or be forever outclassed.
Ah yes, attractive salaries. Like the ones offered by Microsoft, Apple, Google/Alphabet, and a host of other firms for their programmers where we have weekly announcements about a massive security flaw needing patched. Or the weekly announcements from a multitude of companies where hackers have penetrated their security. Here's one for you, Jamie Dimon heads J.P. Morgan. In 2008 his salary was $1 million, plus an addition $18 millio
Re: (Score:3)
You are talking about administrators (often misnamed "leaders"). I am talking about engineers. Which means your comment is irrelevant.
Re: These morons _still_ try to do it on the cheap (Score:1)
This. They do it on the cheap, and I would add- they care too much about certifications. All certifications do is check boxes. If the app/site has holes, hackers are going to find them. Easy peasy.
They should call it 'The Last Cyberfighter' (Score:4)
The most important questions (Score:3)
Re: (Score:2)
Is it a decent game? What gameplay style is it?
Myst Two, Electric Bugaloo, and you have to play it without keeping any notes.
Re: (Score:2)
Maybe Hacknet [steampowered.com] is a recruitment game?
wrong tree (Score:2)
Cybersecurity is really funny. I've been working in it for over 20 years and I still can't decide if I should laugh or cry.
We're looking for pentesters and tech people, but most of the real-world problems aren't tech issues at all. The foundations we're working on - and that we base a lot of the tech on - are bad. Most of the "best practice" are at the level of astrology and country sayings, with zero (and I mean ZERO, I've done the research on that question) factual evidence that they're actually working.