Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here to Kill Everybody. Also: everyone knows that cyber security talent is hard to come by, and even harder to keep. But why does precious cyber talent walk? In our second segment, we’re joined by Deidre Diamond of cyber security placement firm CyberSN, who has all the answers.

The Internet of Things is raising the stakes of destructive, cyber physical attacks, Bruce Schneier argues in his new book, Click Here to Kill Everybody.

“I don’t think this issue will end our society”

“I don’t think this issue will end our society.” Those were what counted as words of comfort by Bruce Schneier at the tail end of our recent discussion about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper Connected World. Still, its hard to see that statement as hyperbole. The subject of this latest book  (Bruce’s 15th by my count) is cyber physical risk – or what happens when we connect all the stuff that populates our environment to the Internet.

This isn’t a new concern if you’ve been reading Security Ledger’s coverage of Internet of Things insecurity. In fact, our very earliest conceptions of malicious computer hacking -including the 1980s classic War Games – imagined the possibility that computer mischief could have real world consequences. (In the case of War Games, that was nuclear war).

Only today, 35 years after War Games’ release, are we on the precipice of an era in which cyber attacks with physical consequences are the rule, rather than the exception to the rule. That’s because the fast-growing Internet of Things is wiring the machines that populate our homes, businesses and communities to the global Internet. And that includes “stuff” like cars, hospitals, dams, power stations and water treatment plants. In other words: the very systems that protect our life and property are now vulnerable (at least in theory) to cyber predation. The consequences of this shift are already manifest, even if they are yet to be fully comprehended.

Bruce Schneier
Schneier said that the growth of The Internet of Things is spreading the risk of damaging cyber physical attacks.

That fact prompted Bruce Schneier to write Click Here to Kill Everybody, in which he takes a deep dive into the security implications of the Internet becoming physical. The wiring of the physical world, which Schneier dubs the “Internet Plus” is happening in almost every sector of the economy, he notes. With it, organizations are realizing huge productivity games. But at the same time, security and physical risk is metastasizing in ways that, barring an intervention, could lead to a disaster. What’s needed, Schneier argues, is more government oversight of The Internet Plus in the name of public safety.

[You might also like: FDA Medical Device Plan: a Baby Step in the Right Direction]

In this conversation with The Security Ledger, Schneier talks about the dangers that the IoT poses and why he thinks government oversight of the Internet of things is inevitable. I started by asking Bruce to talk about the theme of his new book.

Got security talent? Fear the Holidays!

It is common knowledge that there aren’t enough information security professionals to fill all the cyber security jobs that our economy is creating. That has put a premium on cyber security talent – especially in areas such as cyber forensics and incident response.

Deidre Diamond CyberSN
Deidre Diamond is the founder and CEO of CyberSN.

But our next guest, Deidre Diamond of the information security placement firm CyberSN, says that finding cyber talent is just half the problem. Companies are just as challenged to hold on to that talent once they’ve acquired it.

Moreover: companies mostly have themselves to blame when information security pros walk. Too few of them have a clear definition of the information security role they need filled, and are too willing to let job descriptions and responsibilities drift or change once they’ve made a hire. That often leads to unhappy workers who are more than happy to take a call from a recruiter or watch out for a new opportunity that may come along. The holiday season, especially, is one in which dissatisfied workers are likely to do some soul searching. Fail to create a compelling reason for them to stay with you, Diamond warns, and they could be out the door and on to their next gig before the mistletoe comes down.

What’s the secret to keeping cyber security talent within your company? In this conversation, Deidre and I talk about the need for companies to work hard to define their needs and also to think about how to cultivate information security pros within their organization.

(*) This podcast is sponsored by CyberSN which is a supporter of The Security Ledger. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.