Blog
#ISC2Congress 2022: Highlighting the Need for Collaborative Defense
A common theme that permeates (ISC)² Security Congress each year is the need to work collaboratively against cyber adversaries. This year was no different, as speaker after speaker during the event in Last Vegas stressed the importance of collaboration, information-sharing and teamwork.
The theme emerged early on, as (ISC)² CEO Clar Rosso made her opening remarks . Referring to the cybersecurity workforce shortage, which now stands at 3.4 million vacant positions, Clar called for a new way of thinking to build cybersecurity teams.
“And it starts with you,” she asserted “It starts with this community coming together. We can close this workforce gap. It’s not going to be easy, but it will be well worth it. And we have to work collaboratively.
“We have to create new pathways into the profession. And we have to break down the existing barriers to getting into the profession and keeping people in the profession. We need to start recruiting non-traditional applicants and invest in their development. We need to look inside and outside our organizations for career changers. We need to build our teams from the ground up from the entry-level to the CISO.”
Apprenticeships are one of the effective methods that prepare people for cybersecurity careers, as discussed during a Tuesday afternoon panel session. And there, too, the importance of collaboration rose to the surface, with panelists addressing the need for government, employers and academia to work together on programs that provide on-the-job training for cybersecurity novices.
Registered apprenticeships supported but the U.S. Department of Labor bring together various entities, noted Douglas Howell, California State Director at the U.S. Department of Labor’s Office of Apprenticeship. Those entities include his department, state agencies and contractors known as “intermediaries” that work with employers – or group of employers – to run the programs. In some cases, colleges and universities also get involved.
Collective Defense
As the event progressed, the collaboration theme surfaced again and again. Two speakers connected to the federal government – Anne Duncan, CIO for the U.S. Department of Education and Dr. David Mussington, Executive Director for Infrastructure at CISA – discussed the concept of “collective defense” in separate sessions.
Collective defense calls for collaboration between government agencies and nongovernmental entities as they invest in technologies to make systems more resilient and in the people responsible protecting those systems, said Anne.
Attributing the term “collective defense” to National Cyber Director Chris Inglis, she said the term came out of the recognition that it isn’t enough to defend your organization or agency better than the next one.
“We talked about being a harder target than the company down the street – another agency, even the house down the road – and with the idea that if we were a harder target, the bad guys would go after someone else. And we recognize now that we can’t take that attitude. We have to take the attitude that we’re all in it to together, hence the idea of collective defense,” she said.
During a “fireside chat” with Clar, David, spoke of the importance of partnership between government and the private sector.
“We have a history of thinking that individually we can become more capable, more able to defend ourselves from cyber threats. [But] I think that history has shown that collaborative defense and risk management and risk mitigation is the only way. And no one has a monopoly on insight on critical infrastructure or cyber defenses. So, we need to learn from each other and collaboratively,” he said.
One aspect collaborative defense that he says is working well is CISA’s Joint Cyber Defense Collaborative, which brings together governments and private organizations to share threat information, review risk and discuss response strategies.
“It takes collaboration and information sharing to the next level,” David said. “It isn’t a centralized command control, telling someone what to do. It’s shared risk insights that empower people to help themselves and then help the collective.”
The Power of Team
Collaboration also came up in the context of working as a team. For instance, Carey Lohrenz, who served as the U.S. Navy’s first female F-14 Tomcat fighter pilot, discussed the importance of her team’s work in every operation she undertook. “We can’t do this job by ourselves.”
Robert Mazur, who wrote the bestselling book “The Infiltrator,” also stressed the importance of teamwork when he was a federal agent conducting undercover missions. Mazur, who infiltrated Colombian drug cartels in two separate missions, said the reason he can tell audiences about his dangerous work is because of the team that came together to support his missions, building the platform he stands on today.
“Make no mistake about it, I did not build the platform. The platform was built by teams in both cases – probably 125 agents, prosecutors, analysts, administrative staff, all of whom were inspired because they knew that their voices mattered. Because they knew that they could be part of making a difference. And I think that’s the only reason that I’m here today – because they carried me across the goal line to score points.”