Advancing Cybersecurity Goes Beyond Tech

Unprecedented network growth is driving the evolution of cybersecurity, and it's all by necessity.

Networks continue to evolve to support emerging services. The Internet of Things is a key driver for unparalleled traffic growth, with billions of devices expected on all networks globally in the coming years. Security strategy needs to evolve in parallel with our network to support the next-generation platforms and emerging services.

The traditional security approach was based on firewalls protecting trusted entities inside the enterprise from untrusted access by outside entities on the public Internet. This singular approach loses effectiveness as the network becames more complex, supporting many types of endpoints, and the attacks have drastically increased in sophistication. The traditional perimeter architecture will evolve to a software-enabled and on-demand security model.

We continue to develop security "best practices" to address evolving threats and implement next-generation technology such as virtualization and software-defined networks. In an ever-changing cybersecurity environment, "best practices" can lapse rather quickly. And it's important to realize technology alone is not enough to combat the growing risks of cyber breaches.

It starts with education.

The next generation of cybersecurity is dependent upon the development of bright minds to carry the torch. It's concerning that none of the top ten US computer science programs require their students to take a single cybersecurity-related course, according to a recent research report.

That has to change. Cybersecurity best practices and design principles should be embedded in nearly all degree programs.

Security education means more than just prepping tech-minded individuals to become security specialists. It means altering their perception and behaviors to better protect themselves and make their future organizations safer. It means training the next generation of developers and engineers with the mentality to embed security in the design of their devices, apps and programs from day one.

In today's connected world, security shouldn't be a mere subset under technology. It should be a foundational core competency for anyone who plans to be at the forefront of technology.

Education should also go beyond a university classroom.

While most enterprises provide their employees with security-related training and educational materials, there is a huge opportunity to take it a step further.

For example, AT&T Inc. (NYSE: T) is in the midst of an evolutionary transformation by moving to software-defined networks and a more agile and seamless business model.

As we make the transition, we are providing our workforce with the opportunity to evolve with the company and that includes placing an emphasis on cybersecurity. The Workforce Skills Pivot Program, launched in 2014 by AT&T University, offers employees the training and experience they need to support our next-generation platforms and emerging services. Security education is, and continues to be, a core component of this effort.

At AT&T, we realized that we must become more proficient in software development and security. We developed the Workforce Skill Pivot Program, which offers employees an opportunity to voluntarily upgrade their skills by taking courses emphasizing security architecture principles, security coding practices, code scanning, API security and more. The Workforce Skill Pivot Program includes "nanodegrees" which take about 4 to 9 months to complete. The comprehensive curriculum teaches valuable skills that employees can apply in real situations.

This is beneficial for everyone. Employees take charge of their learning and acquire new skills that may help them advance their careers as new roles and opportunities develop. Plus, instilled security principles contribute to help make the company more secure against evolving cyber attacks.

This approach to employee education programs could likely help many, and this underscores another point -- both individuals and organizations need to be more proactive in sharing ideas and collaborating with each another.

Virtually every group within an organization could benefit from more open dialog with other organizations. It doesn't have to be limited to IT or cybersecurity professionals. Whether it's human resource representatives sharing the best employee communications tactics like the example above, or corporate communications practitioners discussing how to manage breaches as they occur, these conversations could shed light where there wasn't any before.

While there are formal forums and conferences where these conversations can take place, it could also be as simple as an impromptu meeting with your peers during work hours to walk through their cybersecurity thoughts and advice.

This isn't to say technology should be secondary in the fight for data security. It's always important to have the right tools, but the changing network landscape is demanding that more people take ownership of both their own and their organization's data security. The first step is taking that seriously. Help see to it that the knowledge base is there to tackle it.

— Rita Marty, Executive Director, Mobility and Cloud Security, Chief Security Office, AT&T