e-Skills: It’s time to dip into the dark pool
According to PWC, 35% of IT leaders have no sense of the volume of security breaches their organisations are subjected to.
With the increasing attractiveness of cyber espionage as an approach to competitive advantage, coupled with the need to open the perimeter to social networking channels, its time to rethink the approach to security; and security talent in particular.
The traditional script kiddie burdened with a low EQ and low self esteem and the ability to copy and paste publicly available hacking software from the web won’t cut it.
Ethical hackers (hackivists) and crackers have the skills but cannot be trusted.
We need to delve into the dark pool. Dark pool talent is:
- Technically capable
- Understands threats from both a technical and business perspective
- Can be trusted
- Probably not comfortable working for a corporation (and vice versa).
Jay Abbott, a director in PwC’s threat and vulnerability practice suggests that we might find these people by trawling the military or within other covert by nature professions. He also suggests that the cultural difference between the dark talent and the rest of the business necessitates managing the dark pool talent as a distinct unit.