For an increasing number of hackers and researchers, cyber attack is great for job security even though the surge in far-flung and destructive cyber attacks is not good for national security.
At t the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting, the new reality is on display in Las Vegas this week.
"Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people," said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc.
Security firms, handfuls of jobs inside mainstream companies, and in government agencies are among the area where career options for technology tinkerers were mostly limited to twenty or even 10 years ago.
But the opportunities in the security field have exploded as tech has taken over the world.
Including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices, whole industries that used to have little to do with technology now need protection.
With premiums reduced for strong security practices, more insurance companies now cover breaches. And if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, lawyers are making sure that cloud providers are held responsible.
A global shortage of 1.8 million skilled security workers in 2022 was predicted by the non-profit Center for Cyber Safety and Education last month. A third of hiring managers plan to boost their security teams by at least 15 percent, said the group, which credentials security professionals.
For warnings about vulnerabilities that leave them exposed to criminals or spies, an enormous number of companies now offer "bug bounties," or formal rewards, for hackers who prefer to pick things apart rather than stand guard over them.
It has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year, said one of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs.
In the old days, "The only payout was publicity, free press," Litchfield said. "That was the payoff then. The payoff now is literally to be paid in dollars."
Openly teaming with an investor who was selling shares short, betting that they would lose value, was the open step that was taken by Justine Bone's medical hacking firm, MedSec.
Bone predicted others will try the same path that was shown by St Jude Medical ultimately which fixed its pacemaker monitors even though it was acrimonious.
"Us cyber security nerds have spent most of our careers trying to make the world a better place by engaging with companies, finding bugs which companies may or may not repair," Bone said.
"If we can take our expertise out to customers, media, regulators, nonprofits and think tanks and out to the financial sector, the investors and analysts, we start to help companies understand in terms of their external environment."
He was initially skeptical of the MedSec approach but came around to it, in part because it worked, said Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said. He appeared at Black Hat with Bone.
"Many have written that the software and hardware market is dysfunctional, a lemon market, because buyers don't know how insecure the products they purchase are," Wysopal said in an interview.
"I’d like to see someone fixing this broken market. Profiting off of that fix seems like the best approach for a capitalism-based economy."
(Sourece:www.reuters.com)
At t the annual Black Hat and Def Con security conferences, which now have a booming side business in recruiting, the new reality is on display in Las Vegas this week.
"Hosting big parties has enabled us to meet more talent in the community, helping fill key positions and also retain great people," said Jen Ellis, a vice president with cybersecurity firm Rapid7 Inc.
Security firms, handfuls of jobs inside mainstream companies, and in government agencies are among the area where career options for technology tinkerers were mostly limited to twenty or even 10 years ago.
But the opportunities in the security field have exploded as tech has taken over the world.
Including automobiles, medical devices and the ever-expanding Internet of Things, from thermostats and fish tanks to home security devices, whole industries that used to have little to do with technology now need protection.
With premiums reduced for strong security practices, more insurance companies now cover breaches. And if a customer’s data is stolen from them and otherwise pushing to hold tech companies liable for problems, lawyers are making sure that cloud providers are held responsible.
A global shortage of 1.8 million skilled security workers in 2022 was predicted by the non-profit Center for Cyber Safety and Education last month. A third of hiring managers plan to boost their security teams by at least 15 percent, said the group, which credentials security professionals.
For warnings about vulnerabilities that leave them exposed to criminals or spies, an enormous number of companies now offer "bug bounties," or formal rewards, for hackers who prefer to pick things apart rather than stand guard over them.
It has paid out $18.8 million since 2014 to fix 50,140 bugs, with about half of that work done in the past year, said one of the outside firms that handle such programs, HackerOne, said it has paid out $18.8 million since 2014 to fix 50,140 bugs.
In the old days, "The only payout was publicity, free press," Litchfield said. "That was the payoff then. The payoff now is literally to be paid in dollars."
Openly teaming with an investor who was selling shares short, betting that they would lose value, was the open step that was taken by Justine Bone's medical hacking firm, MedSec.
Bone predicted others will try the same path that was shown by St Jude Medical ultimately which fixed its pacemaker monitors even though it was acrimonious.
"Us cyber security nerds have spent most of our careers trying to make the world a better place by engaging with companies, finding bugs which companies may or may not repair," Bone said.
"If we can take our expertise out to customers, media, regulators, nonprofits and think tanks and out to the financial sector, the investors and analysts, we start to help companies understand in terms of their external environment."
He was initially skeptical of the MedSec approach but came around to it, in part because it worked, said Chris Wysopal, co-founder of code auditor Veracode, bought in April by CA Technologies, said. He appeared at Black Hat with Bone.
"Many have written that the software and hardware market is dysfunctional, a lemon market, because buyers don't know how insecure the products they purchase are," Wysopal said in an interview.
"I’d like to see someone fixing this broken market. Profiting off of that fix seems like the best approach for a capitalism-based economy."
(Sourece:www.reuters.com)
Homepage
Send to a friend
Printable version
Share
