“There’s a huge security skills gap,” warns Dwayne Melançon, VP of Product at iovation in our conversation at the 2017 RSA Conference in San Francisco. “The trouble is that universities are currently not producing workforce-ready people.”
In a recent article on Tripwire, where he formerly worked as CTO, Melancon elaborates on the thorny issue of how to produce a security-aware workforce.
"As we know, quite a few high-profile breaches have come about because of successful phishing attacks. Many organizations have spent a lot of time and money on “securing the human” with just these sorts of attacks in mind, yet the problem is getting worse. And we’re not just talking about harvesting information from employees – this is a common vector for malware payloads that allow remote access to your network, or exfiltrate valuable data to your attackers."
Watch the full video interview with Dwayne Melancon here:
VIDEO: Dwayne Melancon Interviewed by Cylance at RSA 2017
Machine Learning vs. Human Training
The answer in bridging that skills and awareness gap may lie, surprisingly, with machines. He advises CISOs to look to machines and machine learning as a tool to help secure an inherently insecure workforce. "Machines are consistent. People are not," he adds. "If you had a machine-oriented way to train your staff, you could get them to perform in a more consistent way, to ensure the safety of your organization."
He adds that the ability to analyze huge overwhelming amounts of data very quickly and at least segment it into smaller buckets of data that a human needs to look at, is one of the top benefits of using machine learning within a business or organization.
“One of the challenges we have today is that the amount of information we have is overwhelming,” Melancon goes on. “Certain signals can be conflicting, and if you try to address the data in a brute-force way, you’re going to fail. So, we have to find ways to apply algorithms and machine learning, to take things like collections of known good behaviors and known bad behaviors, and come to conclusions that are more helpful.”
If your organization currently hasn’t started to work with machine learning, Melançon recommends starting with email processing, as it’s easy to see results very quickly.
“By going through and recognizing patterns, including known phishing URLs, and behavior that applies to either one user or a certain customer base, to be able to segment things out. You can take emails from potentially dangerous email addresses away so that users aren’t likely to click on something that’s going to compromise the organization – that’s one of the most effective ways I’ve seen machine learning used within an organization.”
ABOUT DWAYNE MELANCON
Dwayne is a recognized leader in the cybersecurity industry where he has brought dozens of innovative security products and solutions to market. Prior to iovation, he spent 17 years at Tripwire serving in a variety of product and technology leadership roles, including CTO, VP of product management and VP of research development, and held numerous management roles at Symantec. In his current role at iovation he focuses on strategic product development, market research and managing product teams focused on delivering exceptional customer value and a frictionless user experience.
About the Author
David Spark is a veteran tech journalist and founder of Spark Media Solutions. Since 1996, Spark and his articles have appeared in more than 40 media outlets including eWEEK, Wired News, PCWorld, ABC Radio, John C. Dvorak’s “Cranky Geeks,” KQED’s “This Week in Northern California,” and TechTV (formerly ZDTV). Spark is also the author of the book, “Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.” Today, Spark blogs regularly on the Spark Minute and is a regular contributor for Forbes. Spark is a noted speaker, entertainer, and moderator at tech and marketing events.