Skip to main content
Search
Open menu
  • Contact Us
  • Caesar
  • Graduate
  • Post-baccalaureate
  • Undergraduate
  • Professional Development
  • Summer
  • Pre-College
  • Center for Public Safety
  • OLLI
  • Get Information
SPS Logo
  • Academic Programs

    • Choose from a wide range of programs.

      Browse degree and certificate programs
      • Academic Programs A to Z
      • Graduate
      • Undergraduate
      • Certificates
        • Professional Development
        • Undergraduate
        • Post-baccalaureate
        • Graduate
        • Advanced Graduate
      • Online
      • Summer Session
      • Pre-College
      • Center for Public Safety
      • Osher Lifelong Learning
  • Prospective Students

    • Learn more about the exceptional learning opportunities at SPS.

      Information for Prospective Students
      • Online Programs
      • Information Sessions
      • Search All Academic Programs
      • About Northwestern SPS
      • Admission
      • SPS Stories
      • Veteran Services
  • Current Students

    • Access the tools and information you need for success at Northwestern.

      Information for Current Students
      • Forms and Documents
      • Student Services
      • Student Rules and Regulations
      • Important Dates
      • Academic Resources
      • Career Resources
      • Scholarships
      • Symposium
      • Convocation
      • SPS Registrar
      • CAESAR Online Registration
      • Canvas login
  • Alumni

    • Find out what your classmates are up to and how you can stay involved with Northwestern.

      Go to alumni page
      • Welcome Alumni
      • SPS Stories
  • Faculty

    • Resources for Instructors

      Go to faculty page
      • Faculty Resources
      • Distance Learning
  • About SPS

    • Learn more about the School of Professional Studies.

      About SPS
      • About SPS
      • Locations and Contact
      • Academic Programs A to Z
      • SPS Stories
  • HOME
  • STORIES
  • Careers in Cyber Security: The World Needs More Defenders
type: Faculty topic: Science and Technology program: Data Science

Careers in Cyber Security: The World Needs More Defenders

Cybersecurity

Advanced technologies like AI and machine learning get a lot of attention, but it’s core skills in systems management that hold the key to protecting our systems

From the Solarwinds supply-chain intrusion to the Colonial Pipeline hack that hobbled fuel deliveries in the eastern U.S., 2021 is proving to be a watershed year for cyber security threats. While core industries like manufacturing, energy, water, and food have always been targets, cyber security has historically been considered a “privacy” or “personal data theft” issue. Banks, insurers, retailers, and health providers suffered the most frequent widespread attacks leading to infamous events such as the massive Target and Equifax breaches.

Last year, that story changed dramatically. As the world entered the COVID-19 pandemic lockdown, the manufacturing and energy verticals saw more than a 15% jump in targeted attacks, a spike that boosted the pair from the  8th and 9th most targeted industries, respectively, to 2nd and 3rd.  The increased threat carried over into 2021. Today’s attackers are not just threatening information and finances, they’re impacting critical water, food, and energy supplies as well. 

If you’re considering a career in cyber security, know that the cyber threat is now physical as well as digital.

We Need More Cyber Security Defenders. 

At Verve, we’ve been protecting cyber-physical (or industrial controls) environments for three decades.  In all of that time, the single biggest gap in protection continues to be available resources. According to the most recent KPMG/CSAI survey, the top two reasons industrial companies struggle in cyber security are talent and human-resource availability. 

Cybersecurity Greatest Obstacles

According to the National Institute for Cybersecurity Education (NICE) Cyberseek database, there are more than 450,000 open cyber security jobs in the U.S. today. SO the challenges go well beyond the industrial sector as well. 

While automation can help, the reality is that robust defense requires well-trained people.

Basic Training for a Cyber Security Career   

A great deal of emphasis in the security industry today is placed on advanced disciplines like artificial intelligence and other technical skills that require dozens of years of experience. While those skills are certainly needed, the far more pressing need is for core systems management functions.  According to the Cyberseek database, more than three-quarters of the skills in open U.S. infosec jobs are considered “systems or security management;”  skills such as network management, windows administration, patch management, vulnerability management, and the like.  Just 15% of requirements call for more advanced, analytical-type skills.

Cyber Security Management Tasks

This balance is born out in recent attacks as well. Consider the Darkside ransomware attack on the Colonial Pipeline.  An infiltration on the IT side of the industrial operator forced the company to shut down the key “operating technology” components of their network, shutting down fuel supply to some 30% of the U.S. east coast, causing billions of dollars in economic disruption.  The vector for this attack, however, required no advanced, nation-state capabilities.  The victim simply had not properly managed dormant accounts on its Windows devices and failed to deploy a very standard security measure  - multi-factor authentication – on those accounts. When passwords and accounts appeared from a more traditional credential attack elsewhere, a dormant account was found, traced back to Colonial’s systems, and leveraged with malicious intent.

It’s possible that advanced threat detection might have spotted this attack before it became a disaster. But the reality is that that good, basic security systems management of user and account administration would have stopped it before it got started.

A Cyber Security Career is Built off a Blend of Industry and Cyber Fundamentals

Cyber skills alone, however, are not as powerful as those that are then combined with true industry expertise.  As shown in the KPMG graph above, industrial companies need people that understand industrial systems as well as cyber security.  As an organization fighting to defend critical infrastructure, Verve has robust cyber security career paths for cyber-warriors who bring together deep experience in industrial operations with cyber defense.  We guide defenders from the all-important foundational elements all the way to advanced skill sets.  

Organizations need to examine how to take employees who understand their MES or billing or SCADA  systems, for example, and cross-train them in the fundamentals of cyber security. When one thinks of defending environments, it includes all of the elements of frameworks such as the NIST Cybersecurity Framework or the CIS Top 18 security controls. These include identification of hardware and software on a system, management of secure configurations, management of vulnerabilities and patches, ensuring proper backups, and more. Having an understanding of core operational systems as well as the cyber defense fundamentals makes a resource incredibly valuable.  

Over time, these defenders can move into more advanced analysis that leverages the fundamentals to identify more elaborate forms of threats and attack patterns.  They can bring together real-time logs and telemetry with patterns of data on the endpoint.  They can work through more complex response options such as closing ports, removing users, and recovering from backup.  But without fundamentals, they cannot take these next steps.

The world desperately needs more cyber defenders and young people choosing (or pivoting, as I did) a career in cyber security. The next major war zone is likely to be our critical infrastructure. Organizations will need to build fundamental cyber-security capabilities among their current workforce if we are to fill the number of security positions we’ll need over the next decade.

You can get started with a Northwestern Certificate or Bootcamp in Cyber Security or with an Information Systems Security Specialization in Northwestern's MS in Information Systems program (and when you’re done, check out the Verve website for any job openings).


— John Livingston, CEO of Verve Industrial

MBA + JD, Northwestern (‘93)

John leads Verve's mission to protect the world’s infrastructure. He brings 20+ years of experience from McKinsey & Co. advising large companies in strategy and operations. John's committed to helping clients find the lowest cost and simplest solutions for controls, data and ICS security challenges.

tags:
September 10, 2021
Northwestern University logo
  • © Northwestern University
  • Building Access
  • Campus Emergency Information
  • Careers
  • Contact Northwestern University
  • Disclaimer
  • Privacy Statement
  • Report an Accessibility Issue
  • University Policies
  • Address
  • SCHOOL OF PROFESSIONAL STUDIES
  • 339 EAST CHICAGO AVENUE, CHICAGO, ILLINOIS 60611
  • 405 CHURCH STREET, EVANSTON, ILLINOIS 60201
  • (in-person meetings are by appointment only)
  • Phone number
  • CHICAGO
  • (312) 503-6950
  • EVANSTON
  • (847) 491-5611
  • FAX
  • (312) 503-4942

Social Media

FacebookTwitterLinkedin
YouTubeInstagram
  • Part-Time Undergraduate Degrees
  • Master's Degrees
  • Advanced Graduate Certificates
  • Professional Development Programs
  • Post-Baccalaureate Programs
  • Professional Health Programs
  • Summer Session
  • Program Search
  • Sitemap