It seems like every conversation I have these days is centered on the growth of cybersecurity and the opportunities that growth presents in Colorado Springs. The city is quickly becoming a hub of cyber activities in our nation, and has an opportunity to play a vital role in the shaping of cyber policy and to show the world how to respond to the growing threats we face. As a cybersecurity professional, I get a lot of people asking me if there really is a solution out there to stop the bad guys from doing nefarious things to our systems, stealing our data, etc. The short answer is that there are many steps we can and should be taking. For years we have heard that educating users is the key to protecting systems, but the issue of cybersecurity is far more complex.
Business owners, CEOs, COOs, and others in leadership positions must understand their legal and regulatory responsibilities to protect information. The type of information that needs guarding dictates what the requirements are for its protection, but being negligent of leadership responsibilities is not a valid excuse. Companies today should be hiring well-rounded cybersecurity professionals who are trained, certified, and capable of hardening systems so well that a cybercriminal will decide that breaking into those systems is just not worth the effort. As a past President of the Colorado Springs Information Systems Security Association (ISSA), I can tell you that security organizations like ours are hard at work helping to ensure that members are fully aware of the latest threat vectors, and have the skillsets and tools to help combat those threats.
Professionals in the non-profit Colorado Springs ISSA chapter work to ensure that software is being coded in a secure manner, so that applications do not introduce vulnerabilities. Other professionals conduct red and blue team hacking to identify system vulnerabilities and exploitation methodologies so that leadership can make smart risk decisions. ISSA also counts as policy experts among their membership, who assist organizations in developing smart policy and ensure that they are in compliance with existing policy. ISSA has over 400 members who work for many different organizations around the city, including at local military installations, and some who mentor students in the UCCS Peak Chaos Cyber Club and at local schools around the city.
Cybersecurity is an area upon which a lot of emphasis is currently being placed, and with good reason. Companies of all sizes must evaluate their business models to determine what their potential exposure is to the always-present, constantly-evolving world of cyber threats, and must take an honest look at what their risk tolerance is. For many companies, a single information exposure event could be devastating, and simply crossing your fingers and hoping it won’t happen to you is not an acceptable business plan. For companies which protect our vital national defense information, not only is a compromised system unacceptable, but in some cases it could show negligence on the part of those responsible for protecting the systems. Hiring a certified person and asking them to fill a role without providing them the tools to properly perform that function, which include continuous relevant training for their position, as well as a reach-back capability to interact and discuss cyber challenges with other cyber professionals, is setting them up for failure. Cybersecurity cannot be maintained effectively in a vacuum.
It is very easy to get caught up in an endless cycle of “negative talk” when discussing cybersecurity, but for every negative cyber issue I hear discussed, I see an opportunity to make a difference. The upcoming National Cybersecurity Intelligence Center in Colorado Springs provides an opportunity to highlight the existing skillsets, tools, and organizations we currently have operating in this city. Utilizing our collective cybersecurity knowledge presents an opportunity to transform our city in ways that we have never seen. If we look 5 to 10 years ahead, we have an opportunity to ensure that future companies and cybersecurity professionals will look to Colorado Springs as a technology hub they want to be a part of. That’s an exciting opportunity, and through working together, we can all be part of the success. Please join us for the 6th Annual Cybersecurity Training and Technology Forum, August 24th-25th. For more information, please visit www.fbcinc.com/csttf.