Candace Worley – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Mon, 24 Jun 2019 18:11:19 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Candace Worley – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Expanding Our Vision to Expand the Cybersecurity Workforce https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/expanding-our-vision-to-expand-the-cybersecurity-workforce/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/expanding-our-vision-to-expand-the-cybersecurity-workforce/#respond Wed, 19 Jun 2019 15:00:58 +0000 https://securingtomorrow.mcafee.com/?p=95640

I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […]

The post Expanding Our Vision to Expand the Cybersecurity Workforce appeared first on McAfee Blogs.

]]>

I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity workforce shortage at 2.93 million. Solving this problem is challenging, but I offered some recommendations to the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection and Innovation.

Increase the NSF CyberCorps Scholarships for Service Program

The National Science Foundation (NSF) together with the Department of Homeland Security (DHS) designed a program to attract more college students to cybersecurity, and it’s working. Ten to 12 juniors and seniors at each of the approximately 70 participating institutions across the country receive free tuition for up to two years plus annual stipends. Once they’ve completed their cybersecurity coursework and an internship, they go to work for the federal government for the same amount of time they’ve been in the program. Afterwards, they’re free to remain federal employees or move elsewhere, yet fortunately, a good number of them choose to stay.

Congress needs to increase the funding for this program (which has been flat since 2017) from $55 million to at least $200 million. Today the scholarships are available at 70 land grant colleges. The program needs to be opened up to more universities and colleges across the country.

Expand CyberCorps Scholarships to Community Colleges

Community colleges attract a wide array of students – a fact that is good for the cybersecurity profession. Some community college attendees are recent high school graduates, but many are more mature, working adults or returning students looking for a career change or skills training. A strong security operation requires differing levels of skills, so having a flexible scholarship program at a community college could not only benefit graduates but also provide the profession with necessary skills.

Furthermore, not everyone in cybersecurity needs a four-year degree. In fact, they don’t need to have a traditional degree at all. Certificate programs provide valuable training, and as employers, we should change our hiring requirements to reflect that reality.

Foster Diversity of Thinking, Recruiting and Hiring

Cybersecurity is one of the greatest technical challenges of our time, and we need to be as creative as possible to meet it. In addition to continually advancing technology, we need to identify people from diverse backgrounds – and not just in the standard sense of the term. We need to diversify the talent pool in terms of race, ethnicity, gender and age, all of which lead to creating an inclusive team that will deliver better results. However, we also should seek out gamers, veterans, people working on technical certificates, and retirees from computing and other fields such as psychology, liberal arts as well as engineering. There is no one background required to be a cybersecurity professional. We absolutely need people with deep technical skills, but we also need teams with diverse perspectives, capabilities and levels of professional maturity.

Public-Private Sector Cross Pollination

We also must develop creative approaches to enabling the public and private sectors to share talent, particularly during significant cybersecurity events. We should design a mechanism for cyber professionals – particularly analysts or those who are training to become analysts – to move back and forth between the public and private sector so that government organizations would have a continual refresh of expertise. This type of cross-pollination would help everyone share best practices on technology, business processes and people management.

One way to accomplish this would be for DHS to partner with companies and other organizations such as universities to staff a cadre of cybersecurity professionals – operators, analysts and researchers – who are credentialed to move freely between public and private sector service. These professionals, particularly those in the private sector, could be on call to help an impacted entity and the government respond to a major attack in a timely way. Much like the National Guard, a flexible staffing approach to closing the skills gap could become a model of excellence.

We’re Walking the Talk

McAfee is proud to support the community to establish programs that provide skills to help build the STEM pipeline, fill related job openings, and close gender and diversity gaps. These programs include an Online Safety Program, onsite training programs and internships for high school students. Our employees also volunteer in schools help educate students on both cybersecurity risks and opportunities. Through volunteer-run programs across the globe, McAfee has educated more than 500,000 children to date.

As part of the McAfee’s new pilot Achievement & Excellence in STEM Scholarship program, we’ll make three awards of $10,000 for the 2019-2020 school year. Twelve students from each of the three partner schools will be invited to apply, in coordination with each partner institution’s respective college advisor. Target students are college-bound, high school seniors with demonstrated passion for STEM fields, who are seeking a future in a STEM-related path. This type of a program can easily be replicated by other companies and used to support the growth and expansion of the workforce.

We’re Supporting Diversity

While we recognize there is still more to do in fostering diversity, we’re proud to describe the strides we’re making at McAfee. We believe we have a responsibility to our employees, customers and communities to ensure our workplace reflects the world in which we live. Having a diverse, inclusive workforce is the right thing to do, and after we became an independent, standalone cybersecurity company in 2017, we made and have kept this a priority.

 The steps we’re taking include:

  • Achieving pay parity between women and men employees in April 2019, making us the first pureplay cybersecurity company to do so.
  • In 2018, 27.1% of all global hires were female and 13% of all U.S. hires were underrepresented minorities.
  • In June 2018, we launched our “Return to Workplace” program for men and women who have paused their career to raise children, care for loved ones or serve their country. The 12-week program offers the opportunity to reenter the tech space with the support and resources needed to successfully relaunch careers.
  • Last year, we established the Diversity & Culture Council, a volunteer-led global initiative focused on creating an infrastructure for the development and maintenance of an integrated strategy for diversity and workplace culture.
  • McAfee CEO Chris Young joined CEO Action for Diversity Inclusion, the largest group of CEOs and presidents committed to act on driving an inclusive workforce. By taking part in CEO Action, Young personally commits to advancing diversity and inclusion with the coalition’s three-pronged approach of fostering safe workplaces.

Looking to the Future

While I’d love to see a future where fewer cybersecurity professionals were needed, I know that for the foreseeable future, we’ll not only need great technology but also talented people. With that reality, we in the industry need to expand our vision and definition of what constitutes cybersecurity talent. The workforce shortage is such that we have to do expand our concepts and hiring requirements. In addition, the discipline itself will benefit from a population that brings more experiences, skills and diversity to bear on a field that is constantly changing.

The post Expanding Our Vision to Expand the Cybersecurity Workforce appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/expanding-our-vision-to-expand-the-cybersecurity-workforce/feed/ 0
Why AI Innovation Must Reflect Our Values in Its Infancy https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-ai-innovation-must-reflect-our-values-in-its-infancy/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-ai-innovation-must-reflect-our-values-in-its-infancy/#respond Mon, 20 May 2019 15:00:09 +0000 https://securingtomorrow.mcafee.com/?p=95165

In my last blog, I explained that while AI possesses the mechanics of humanness, we need to train the technology to make the leap from mimicking humanness with logic, rational and analytics to emulating humanness with common sense. If we evolve AI to make this leap the impact will be monumental, but it will require […]

The post Why AI Innovation Must Reflect Our Values in Its Infancy appeared first on McAfee Blogs.

]]>

In my last blog, I explained that while AI possesses the mechanics of humanness, we need to train the technology to make the leap from mimicking humanness with logic, rational and analytics to emulating humanness with common sense. If we evolve AI to make this leap the impact will be monumental, but it will require our global community to take a more disciplined approach to pervasive AI proliferation. Historically, our enthusiasm for and consumption of new technology has outpaced society’s ability to evolve legal, political, social, and ethical norms.

I spend most of my time thinking about AI in the context of how it will change the way we live. How it will change the way we interact, impact our social systems, and influence our morality.  These technologies will permeate society and the ubiquity of their usage in the future will have far reaching implications. We are already seeing evidence of how it changes how we live and interact with the world around us.

Think Google. It excites our curiosity and puts information at our fingertips. What is tripe – should I order it off the menu? Why do some frogs squirt blood from their eyes? What does exculpatory mean?

AI is weaving the digital world into the fabric of our lives and making information instantaneously available with our fingertips.

AI-enabled technology is also capable of anticipating our needs. Think Alexa. As a security professional I am a hold out on this technology but the allure of it is indisputable. It makes the digital world accessible with a voice command. It understands more than we may want it to – Did someone tell Alexa to order coffee pods and toilet tissue and if not – how did Alexa know to order toilet tissue? Maybe somethings I just don’t want to know.

I also find it a bit creepy when my phone assumes (and gets it right) that I am going straight home from the grocery store letting me know, unsolicited, that it will take 28 minutes with traffic. How does it know I am going home? I could be going to the gym. It’s annoying that it knows I have no intention of working out. A human would at least have the decency to give me the travel time to both, allowing me to maintain the illusion that the gym was an equal possibility.

On a more serious note, AI-enabled technology will also impact our social, political and legal systems. As we incorporate it into more products and systems, issues related to privacy, morality and ethics will need to be addressed.

These questions are being asked now, but in anticipation of AI becoming embedded in everything we interact with it is critical that we begin to evolve our societal structures to address both the opportunities and the threats that will come with it.

The opportunities associated with AI are exciting.  AI shows incredible promise in the medical world. It is already being used in some areas. There are already tools in use that leverage machine learning to help doctors identify disease related patterns in imaging. Research is under way using AI to help deal with cancer.

For example, in May 2018, The Guardian reported that skin cancer research using a convolutional neural network (CNN – based on AI) detected skin cancer 95% of the time compared to human dermatologists who detected it 86.6% of the time. Additionally, facial recognition in concert with AI may someday be commonplace in diagnosing rare genetic disorders, that today, may take months or years to diagnose.

But what happens when the diagnosis made by a machine is wrong? Who is liable legally? Do AI-based medical devices also need malpractice insurance?

The same types of questions arise with autonomous vehicles. Today it is always assumed a human is behind the wheel in control of the vehicle. Our laws are predicated on this assumption.

How must laws change to account for vehicles that do not have a human driver? Who is liable? How does our road system and infrastructure need to change?

The recent Uber accident case in Arizona determined that Uber was not liable for the death of a pedestrian killed by one of its autonomous vehicles. However, the safety driver who was watching TV rather than the road, may be charged with manslaughter. How does this change when the car’s occupants are no longer safety drivers but simply passengers in fully autonomous vehicles. How will laws need to evolve at that point for cars and other types of AI-based “active and unaided” technology?

There are also risks to be considered in adopting pervasive AI. Legal and political safeguards need to be considered, either in the form of global guidelines or laws. Machines do not have a moral compass. Given that the definition of morality may differ depending on where you live, it will be extremely difficult to train morality into AI models.

Today most AI models lack the ability to determine right from wrong, ill intent from good intent, morally acceptable outcomes from morally irreprehensible outcomes. AI does not understand if the person asking the questions, providing it data or giving it direction has malicious intent.

We may find ourselves on a moral precipice with AI. The safeguards or laws I mention above need to be considered before AI becomes more ubiquitous than it already is.  AI will enable human kind to move forward in ways previously unimagined. It will also provide a powerful conduit through which humankind’s greatest shortcomings may be amplified.

The implications of technology that can profile entire segments of a population with little effort is disconcerting in a world where genocide has been a tragic reality, where civil obedience is coerced using social media, and where trust is undermined by those that use mis-information to sew political and societal discontent.

There is no doubt that AI will make this a better world. It gives us hope on so many fronts where technological impasses have impeded progress. Science may advance more rapidly, medical research progress beyond current roadblocks and daunting societal challenges around transportation and energy conservation may be solved.  It is another tool in our technological arsenal and the odds are overwhelmingly in favor of it improving the global human condition.

But realizing its advantages while mitigating its risks will require commitment and hard work from many conscientious minds from different quarters of our society. We as the technology community have an obligation to engage key stakeholders across the legal, political, social and scientific community to ensure that as a society we define the moral guardrails for AI before it becomes capable of defining them, for or in spite of, us.

Like all technology before it, AI’s social impacts must be anticipated and balanced against the values we hold dear.  Like parents raising a child, we need to establish and insist that the technology reflect our values now while its growth is still in its infancy.

The post Why AI Innovation Must Reflect Our Values in Its Infancy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-ai-innovation-must-reflect-our-values-in-its-infancy/feed/ 0
I am an AI Neophyte https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/i-am-an-ai-neophyte/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/i-am-an-ai-neophyte/#respond Mon, 13 May 2019 13:00:23 +0000 https://securingtomorrow.mcafee.com/?p=95162

I am an Artificial Intelligence (AI) neophyte. I’m not a data scientist or a computer scientist or even a mathematician. But I am fascinated by AI’s possibilities, enamored with its promise and at times terrified of its potential consequences. I have the good fortune to work in the company of amazing data scientists that seek […]

The post I am an AI Neophyte appeared first on McAfee Blogs.

]]>

I am an Artificial Intelligence (AI) neophyte. I’m not a data scientist or a computer scientist or even a mathematician. But I am fascinated by AI’s possibilities, enamored with its promise and at times terrified of its potential consequences.

I have the good fortune to work in the company of amazing data scientists that seek to harness AI’s possibilities. I wonder at their ability to make artificial intelligence systems “almost” human. And I use that term very intentionally.

I mean “almost” human, for to date, AI systems lack the fundamentals of humanness. They possess the mechanics of humanness, qualities like logic, rationale, and analytics, but that is far from what makes us human. Their most human trait is one we prefer they not inherit –  a propensity to perpetuate bias.  To be human is to have consciousness. To be sentient. To have common sense. And to be able to use these qualities and the life experience that informs them to interpret successfully not just the black and white of our world but the millions of shades of grey.

While data scientists are grappling with many technical challenges associated with AI there are a couple I find particularly interesting. The first is bias and the second is lack of common sense.

AI’s propensity to bias is a monster of our own making. Since AI is largely a slave to the data it is given to learn from, its outputs will reflect all aspects of that data, bias included. We have already seen situations where applications leveraging AI have perpetuated human bias unintentionally but with disturbing consequences.

For example, many states have started to use risk assessment tools that leverage AI to predict probable rates of recidivism for criminal defendants. These tools produce a score that is then used by a judge for determining a defendant’s sentencing. The problem is not the tool itself but the data that is used to train it. There is evidence that there has historically been significant racial bias in our judicial systems, so when that data is used to train AI, the resulting output is equally biased.

A report by ProPublica in 2016 found that algorithmic assessment tools are likely to falsely flag African American defendants as future criminals at nearly twice the rate as white defendants*. For any of you who saw the Tom Cruise movie, Minority Report, it is disturbing to consider the similarities between the fictional technology used in the movie to predict future criminal behavior and this real life application of AI.

The second challenge is how to train artificial intelligence to be as good at interpreting nuance as humans are. It is straight forward to train AI how to do something like identifying an image as a Hippopotamus. You provide it with hundreds or thousands of images or descriptions of a hippo and eventually it gets it right most if not all the time.

The accuracy percentage is likely to go down for things that are perhaps more difficult to distinguish—such as a picture of a field of sheep versus a picture of popcorn on a green blanket—but  with enough training even this is a challenge that can be overcome.

The interesting thing is that the challenge is not limited to things that lack distinguishing characteristics. In fact, the things that are so obvious that they never get stated or documented, can be equally difficult for AI to process.

For example, we humans know that a hippopotamus cannot ride a bicycle. We inherently know that if someone says “Jimmy played with his boat in the swimming pool” that, except in very rare instances likely involving eccentric billionaires, the boat was a toy boat and not a full-size catamaran.

No one told us these things – it’s just common sense. The common sense aspects of interpreting these situations could be lost on AI. The technology also lacks the ability to infer emotion or intent from data. If we see someone buying flowers we can mentally infer why – a romantic dinner or somebody’s in the doghouse. We can not only guess why they are buying flowers, but when I say somebody’s in the dog house you know exactly what I mean. It’s not that they are literally in the dog house, but someone did something stupid and the flowers are an attempt at atonement.

That leap is too big for AI today. When you add to the mix cultural differences it exponentially increases the complexity. If a British person says put something in the boot it is likely going to be groceries. If it is an American it will likely be a foot. Teaching AI common sense is a difficult task and one that will take significant research and effort on the part of experts in the field.

But the leap from logic, rationale and analytics to common sense is a leap we need AI to make for it to truly become the tool we need it to be, in cybersecurity and in every other field of human endeavor.

In my next blog, I’ll discuss the importance of ensuring that this profoundly impactful technology reflects our human values in its infancy, before it starts influencing and shaping them itself.

*ProPublica, Machine Bias, May 23, 2016

The post I am an AI Neophyte appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/i-am-an-ai-neophyte/feed/ 0
What are your employees doing over Labor Day? Are they putting your company at risk? https://securingtomorrow.mcafee.com/business/employees-labor-day-putting-company-risk/ https://securingtomorrow.mcafee.com/business/employees-labor-day-putting-company-risk/#respond Fri, 01 Sep 2017 12:00:13 +0000 https://securingtomorrow.mcafee.com/?p=77350 Ah –  Labor Day weekend, that blissful time of travel, BBQs, discovery, relaxation, and hunting for a Wi-Fi connection so that you can check your work email. While it may be good for the company that employees are staying connected, if they are not practicing safe connections they may be putting the company at risk. […]

The post What are your employees doing over Labor Day? Are they putting your company at risk? appeared first on McAfee Blogs.

]]>
Ah –  Labor Day weekend, that blissful time of travel, BBQs, discovery, relaxation, and hunting for a Wi-Fi connection so that you can check your work email. While it may be good for the company that employees are staying connected, if they are not practicing safe connections they may be putting the company at risk.

Most employees probably start out intending to unplug during the long weekend, whether to get some needed stress relief, take a break from work, or just out of respect to those that they are visiting with. Unfortunately, only 45% are successful at remaining unplugged on vacation, according to a recent survey by McAfee. What’s more, if it wasn’t for the anxiety of dealing with some work obligations, whether stated or implied, 57% would prefer to be completely unplugged.

It’s usually the phone that gets them. While the large majority of people are willing to leave their laptop (72%) and their tablet (60%) at home, only 27% are willing to leave the phone behind. This is often for good reasons, staying in touch with family and friends, getting directions, or looking up local attractions or restaurants. But, with the phone nearby, most can’t go very long without a digital work fix. More than half of those surveyed will spend at least an hour a day over the holiday weekend on some type of connected device, checking email, social media, or texts.

The ubiquity of Wi-Fi makes it easy to sneak in a quick work check and even though there may not be an easy way to check the security of available connections, most people connect anyway.  51% connect even if they can’t confirm the security of the network. When traveling, most people (72%) use the hotel internet to remain connected, while others look for an internet café or some other public Wi-Fi.  Public W-Fi networks can be compromised by cybercriminals, who use them to steal credentials, intercept sensitive documents, and install malware on connected devices.

Relaxation clouds the judgement of many vacationers with 20% not even thinking about the security of the Wi-Fi networks they tap into. Urgency is a major factor. The more urgently they feel the need to connect, the less likely they are to worry about security. Thus, a Labor Day vacation for one employee can result in Labor Day headlines for the company and holiday overtime for your security team.

As connected people, we understand the lure of the internet, and the anxiety that many feel at being completely unplugged. So, we have a few WiFi hygiene tips for those who need to connect over the long weekend.

Some tips for employees to connect safely while on vacation

  1. Browse securely when away from home. If employees can’t resist the call of the Wi-Fi, they should make sure that they are connecting securely, using a Virtual Private Network (VPN) to keep information private and ensure that data goes straight from the device to where they are connecting.
  2. Ensure devices are updated. Make sure devices’ operating system and applications are kept updated. Using old versions of software could leave you open to security vulnerabilities.
  3. Apply comprehensive security. Ensure devices are updated with the latest comprehensive security software to ensure connected devices stay clear of viruses and other unwanted malware.
  4. Use a device locating app. If a device is lost, it can be very difficult to recover. Location applications can help you find, lock, and even erase a device’s data in the event of loss or theft.

Taking a few minutes to check these items off your list, before you don your flip-flops, position your sunglasses and head out into the traffic melee that heralds the last holiday of summer,  will ensure that sneaking in a few emails from the beach doesn’t put you or your company’s digital assets at risk. Enjoy!

The post What are your employees doing over Labor Day? Are they putting your company at risk? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/employees-labor-day-putting-company-risk/feed/ 0
Rising to the Occasion as the New McAfee https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/rising-occasion-new-mcafee/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/rising-occasion-new-mcafee/#respond Thu, 13 Apr 2017 19:00:48 +0000 https://securingtomorrow.mcafee.com/?p=71504 As a new standalone company, there’s great opportunity in front of us to recapture our identity. And since our identity lies at the core of everything we do and all our interactions, this opportunity is going to help us reinvigorate both our employee and customer base. More importantly, it’s allowing us to rediscover what makes […]

The post Rising to the Occasion as the New McAfee appeared first on McAfee Blogs.

]]>
As a new standalone company, there’s great opportunity in front of us to recapture our identity. And since our identity lies at the core of everything we do and all our interactions, this opportunity is going to help us reinvigorate both our employee and customer base. More importantly, it’s allowing us to rediscover what makes McAfee great, as well as actively reclaim our role as a leader in the industry. But before we get there, we’re embodying a “make or break” mindset to guide us along the way as we go after cybercriminals, draw outside the lines, and work better together. And though the opportunity in front of us is great, we’re not intimidated. In fact, we will rise to the occasion. Here’s how:

Reclaiming a Leadership Role

Most players in the cybersecurity industry are ambitious and agile, including the new McAfee. In fact, as a new company, we have the opportunity to lead the pack when it comes to how the industry approaches cybersecurity innovation and leadership.

So, what will this leadership role look like for us? For starters, leaders push the envelope, and drive the market to deliver better products– which is exactly what we plan on doing. We’re also going to ask the tough questions, drive thought leadership, and come to the market with easily adaptable, unique technologies that deliver meaningful outcomes.

Make or Break Mindset

As a standalone company, we will succeed by living and breathing a “make or break” mentality. We are on our own now and it feels good but we recognize that with independence comes ownership and responsibility. We are taking this very seriously and through our commitment to our customers and the industry we’re going to prove that our claim to leadership is valid.

This mindset also hones our focus in on what we need to do to keep our customers safe. This has been part of the McAfee DNA since inception. Through the years, I’ve seen the mettle of this company tested. When adversaries have struck with merciless force against our customers, I’ve watched the men and women of McAfee rally, literally working around the clock to restore order.

That’s the thing that’s always amazed me about this company– nobody stands around and complains about the situation, they just ask how they can help and they get it done. Whether it’s for 1 customer or 500, our team stands up and make it happen. It all goes back to the passion we have for this industry. We can often make the difference between a customer coming out of a situation barely scathed, or coming out with a catastrophic issue. There is no better feeling than knowing you and your colleagues helped a customer through what could have been, or maybe was, their darkest hour. And as the new McAfee, we will continue to put our customers first by doing whatever it takes to make the customer base secure.

That mindset will also permeate how we innovate and look at problem-solving. We’re going to “draw outside the lines so to speak by looking at a multitude of ideas, inputs, and disciplines. Industry’s reinvent themselves by looking beyond how things are done today and by viewing the current reality through a different lens. The freedom and agility that comes from being a stand-alone business gives us the liberty to use a fresh approach to innovation and solution development. That Make or Break mentality will play a role here as well by driving us to adjust our solution development approach to the situation at hand.

However, it’s important to note, a company and its innovations won’t rise to the occasion unless individual employees do first. And a crucial aspect of standing strong as McAfee is standing together internally – which means taking pride in being a McAfee employee.


A Palpable Pride in the McAfee Family

McAfee is a family. At the end of the day, we’re all proud and grateful to be able to work for such an amazing organization. In fact, that pride ends up being one of our strongest assets, because when people feel that way within an organization, it’s palpable, especially to our customers.

Customers can tell when employees take ownership and are engaged, and it makes them have confidence in who we are as company. More importantly, it makes them feel safe. And at the end of the day, that is what we do.

Join the conversation about #newMcAfee! Tweet to us at @McAfee and @McAfee_Business

The post Rising to the Occasion as the New McAfee appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/rising-occasion-new-mcafee/feed/ 0
Incentives Drive Results https://securingtomorrow.mcafee.com/business/incentives-drive-results/ https://securingtomorrow.mcafee.com/business/incentives-drive-results/#respond Wed, 01 Mar 2017 05:05:51 +0000 https://securingtomorrow.mcafee.com/?p=69975 The Challenges of Misaligned Incentives in Cybersecurity Cybercriminals are encouraged by their results, stealing money, breaking services, or gaining notoriety, and can quickly change tactics that are ineffective. But what encourages a cybersecurity team to do their best? Maybe more important, what discourages them? To understand more about this, we surveyed 800 cybersecurity professionals from […]

The post Incentives Drive Results appeared first on McAfee Blogs.

]]>
The Challenges of Misaligned Incentives in Cybersecurity

Cybercriminals are encouraged by their results, stealing money, breaking services, or gaining notoriety, and can quickly change tactics that are ineffective. But what encourages a cybersecurity team to do their best? Maybe more important, what discourages them? To understand more about this, we surveyed 800 cybersecurity professionals from five major industry sectors, and asked them about their incentives, metrics, and processes. Analyzing the responses, we identified three key incentive misalignments: between corporate structures and the free flow of criminal enterprises, between strategy and implementation, and between senior executives and those in implementation roles.

Corporate Structures versus Criminal Enterprises

The two big differences between cybercriminals and a typical corporate cybersecurity team are the flow of information and the use of specialized resources. Cybercriminal information markets quickly disseminate successes, code, and newly discovered vulnerabilities, encouraging and fueling innovation. While the adoption of threat intelligence sharing is increasing, it has a long way to go to match the speed and details available on the dark web. These markets also support a great deal of specialization, enabling malware coders, exploit hackers, and social engineering con artists to become very good at their trade. This is a significant difference from most cybersecurity groups, which operate in more generalist roles, and only calling in external security specialists when necessary.

Strategy versus Implementation

According to our study, most organizations consider cybersecurity to be their number one risk, and have developed strategies to deal with new and existing threats. However, there are some sizable gaps between strategy and implementation, most notably the biggest consequence of a security breach and methods used to protect the organization. IT executives surveyed were primarily concerned about reputational impact, with less than one-third believing that an incident would result in financial loss, possibly creating a false sense of security. At the same time, almost two-thirds are acquiring overlapping security technologies to protect the organization. While this may sound like a good idea, overlapping technologies that are not integrated and communicating with each other can result in security gaps, due to inconsistent policies and dissimilar configuration tools.

 Senior Executives versus Implementers

There appears to be a substantial gap in perceived incentives between senior IT executives and cybersecurity operations. More than one-quarter of the operators surveyed reported that there were no incentives in their organization, such as bonuses or recognition, compared to only 5% of the executives. It could be that employees lower down in the organizational structure are unaware of performance incentives, or they don’t consider the offerings to be effective. It is not always necessary to hand out cash for better results. Other studies have shown that professional development opportunities are considered as or more valuable an incentive than bonuses, and they increase your team’s knowledge and capabilities at the same time.

 What Can Be Done?

It may seem strange to copy some aspects of criminal behavior, but there are things to learn from how cybercriminals operate. Security-as-a-service can provide the necessary flexibility to counter cybercrime-as-a-service operations. Specialized consultants can augment the in-house team with expertise and focused resources when necessary. Performance incentives and recognition can encourage stronger defenses and faster patch cycles.

 

The post Incentives Drive Results appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/incentives-drive-results/feed/ 0
It’s a Quarter-past Cloud, Do You Know Where Your Data Is? https://securingtomorrow.mcafee.com/business/cloud-security/quarter-past-cloud-know-data/ https://securingtomorrow.mcafee.com/business/cloud-security/quarter-past-cloud-know-data/#respond Tue, 08 Nov 2016 16:40:59 +0000 https://securingtomorrow.mcafee.com/?p=68642 Cloud adoption is not something in our future—it’s today’s reality. Recently, McAfee, like many other enterprise organizations, implemented a “cloud first” policy. That is, we prioritize on cloud-focused architectures for our solution development and business to ensure we meet the scalability and agility requirements of both the public cloud and private cloud data centers. And […]

The post It’s a Quarter-past Cloud, Do You Know Where Your Data Is? appeared first on McAfee Blogs.

]]>
Cloud adoption is not something in our future—it’s today’s reality. Recently, McAfee, like many other enterprise organizations, implemented a “cloud first” policy. That is, we prioritize on cloud-focused architectures for our solution development and business to ensure we meet the scalability and agility requirements of both the public cloud and private cloud data centers. And we aren’t the only ones. According to the latest SANS survey, “Security and Accountability in the Cloud Data Center,” almost a quarter of respondents (24%) are in organizations adopting a “cloud first” strategy. The shift to the cloud is on, and moving at lightning speed. Leveraging the cloud is essential for organizations to keep up with business demands and stay competitive.

Vanishing Perimeter Erodes Defense
In the past we had centralized IT, where it was easy to draw a line around the boundary of the organization and rely on perimeter security to keep the organization safe. With highly mobile and cloud-savvy end users dominating your workforce and your lines of business dependent on cloud-based applications, the network perimeter has become permeable. Now, it is nearly impossible to draw a tidy line around where your organization ends and the internet begins.

The erosion of the network perimeter, coupled with end-user access to cloud applications and compute, has resulted in today’s decentralized reality. In a perimeterless environment, the speed at which data can move from a device to the cloud, and the many paths that it can take, make it extremely difficult for security professionals to maintain visibility and control of corporate data.

Cloud Security
According to the latest SANS research, most organizations believe the agility and flexibility of cloud-delivered services outweigh the perceived loss of visibility and control. Seventy percent of respondents’ organizations use public cloud computing services despite long-standing fears about information security and the lack of visibility into cloud provider security controls.[i]

Among other notable findings from the SANS study, 48% of respondents store employee data in the public cloud, and 24% store customer financial information even though 62% find unauthorized access by outsiders and cloud tenants (chosen by 59%) to be their biggest security concerns related to cloud application use.

Cloud Security Requirements
The evolution to cloud has brought to us faster line-of-business provisioning, elastic scaling, as well as portability and fluid cost models. We find ourselves in a digital landscape that is much more agile and elastic than our current security solutions were built to address.

It is imperative that cloud security solutions deliver these three requirements:

  1. Monitor what is happening in the cloud. Determine what new workloads have been spun-up and if they are secure. See and control east-west traffic and provision security automatically as needed.
  2. Provide visibility of Shadow IT. Automatically apply data security and malware protections to discovered SaaS applications and sensitive data in the public cloud. Discovery is only part of the solution. Obtaining visibility of SaaS application and AWS workload usage in your organization is important, but don’t stop there. Data protection and malware detection are needed for your public cloud instances, to ensure sensitive data is secured and your resources are monitored for a breach or an attack.
  3. Unify private, public, and hybrid security in one management and communications platform. A new approach is needed for integrated, automated, and orchestrated security. This is the only way to ensure that security in, to, and from the cloud is as simple, economical, and secure as any other cloud-enabled service.

Most firms adopting the cloud are adjusting their security programs to ensure a secure transition. They are also partnering with security vendors that recognize that cloud may require changes in the solutions they bring to market.

Moving to the cloud is inevitable. Moving to the cloud securely is imperative. You need a new generation of security and privacy technology to enable cloud-driven business, and that is why you require a security partner that is committed to building “cloud first” solutions.

[i] “Security and Accountability in the Cloud Data Center: A SANS Survey,” October 2016

The post It’s a Quarter-past Cloud, Do You Know Where Your Data Is? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/quarter-past-cloud-know-data/feed/ 0
Software-Defined Data Centers Require Software-Defined Security https://securingtomorrow.mcafee.com/business/cloud-security/software-defined-data-centers-require-software-defined-security/ https://securingtomorrow.mcafee.com/business/cloud-security/software-defined-data-centers-require-software-defined-security/#respond Mon, 07 Nov 2016 23:50:26 +0000 https://securingtomorrow.mcafee.com/?p=64266 If you are like most organizations, the majority of your apps have been virtualized but are still running in your own data center[1]. IT has been busy renovating the data center to take advantage of the increased agility and reduced operating costs of a private cloud. You may have virtualized data-center network and storage as […]

The post Software-Defined Data Centers Require Software-Defined Security appeared first on McAfee Blogs.

]]>
software-defined-1
If you are like most organizations, the majority of your apps have been virtualized but are still running in your own data center[1]. IT has been busy renovating the data center to take advantage of the increased agility and reduced operating costs of a private cloud. You may have virtualized data-center network and storage as well, adding automation and orchestration, resulting in a software-defined data center (SDDC) that can reduce costs up to 75% and decrease deployment times from weeks to minutes.[2]

software-defined-2

Unfortunately, many CISOs and IT decision makers are still unsure about the security of a private cloud. Half of IT decision makers are concerned about a sensitive data breach in their private cloud, and 63% of CISOs don’t fully trust their own cloud, according to a recent research study.[3]

Along with the benefits, private clouds do bring some new risks. For example, there tends to be a big increase in traffic between virtual services, which is not inspected or secured by traditional security systems. To increase the confidence of CISOs and business leaders, your cloud data center needs a security strategy and architecture that are designed in and built in, not bolted on. Visibility and protection need to extend wherever the processes and data are. This should include heterogeneous cloud environments, both private and hybrid, to support future needs.

Integrated security solutions are essential to securing this new cloud architecture in order to effectively and efficiently support security operations. Intrusion-prevention and anti-malware systems, optimized for virtual environments, need to share threat intelligence to combat emerging threats. Policies need to be applied to applications and servers as soon as they are provisioned.

The best match for an SDDC is software-defined security, matching the agility of server, storage, and network virtualization with dynamic security provisioning and policy management.

software-defined-3

Using security controllers that are designed for virtual environments, you get the same cost efficiencies and flexibility for security operations. Policies and protections are tied to each virtual machine (VM), and will remain with that VM throughout its life, regardless of where it moves. Security processes can scale up and down as needed, matching demand. Automation is a fundamental component of software-defined security, keeping up with the rapid moves and changes of virtual processes and reducing the risk inherent in manual processes.

A software-defined security model augments your resources, including the security operations team. Virtualization optimizes resource use and brings scale, agility, and cost savings to security, while enhancing protection. Security becomes easier to provision, deploy, and manage, building on automation to link policies and processes from the moment they spawn or move. Visibility expands throughout the clouds, enabling centralized discovery, management, and security of all workloads, applications, and data, including shadow IT.

Private clouds are a critical turning point as IT transitions to a services model, and attackers are responding to this shift. Legacy security technologies do not afford sufficient or appropriate protection, leaving too many gaps for attackers to exploit. With the best private cloud security, designed for your architecture, attackers may run, but they cannot hide.

[1] Flash Forward: Moving Critical Workloads to Engineered Systems, The Aberdeen Group 2015

[2] Global Financial Institution Selects Software-Defined Data Center, VMWare.

Circumstances will vary. McAfee does not guarantee any costs or cost reduction.

[3] Blue Skies Ahead? The State of Cloud Adoption, Vanson Bourne for McAfee 2015

The post Software-Defined Data Centers Require Software-Defined Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/software-defined-data-centers-require-software-defined-security/feed/ 0
Dynamic Endpoint – some things are simply better together! https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/dynamic-endpoint-things-simply-better-together/ Thu, 29 Sep 2016 18:47:03 +0000 https://blogs.mcafee.com/?p=53002 I like chocolate but I don’t seek it out. Peanut butter – I can take it or leave it. But put them together and now you’ve got my attention. Some things are better together. That doesn’t mean they aren’t perfectly good by themselves. It just means that combined, they provide a superior experience. Although comparing […]

The post Dynamic Endpoint – some things are simply better together! appeared first on McAfee Blogs.

]]>
I like chocolate but I don’t seek it out. Peanut butter – I can take it or leave it. But put them together and now you’ve got my attention. Some things are better together. That doesn’t mean they aren’t perfectly good by themselves. It just means that combined, they provide a superior experience. Although comparing peanut butter cups and Dynamic Endpoint Defense might seem like a stretch, they are both the result of putting two perfectly good ingredients together to create something that delivers greater satisfaction and a more superior experience than the individual elements alone. Endpoint Security technologies today are generally single purpose and fail to deliver a superior level of satisfaction for most, if not all, of their users. They are not converged or integrated or even aware of each other. They protect, detect, or correct in isolation. Yet the need from security practitioners is nearly the opposite – they need security that is delivered in a coordinated, integrated, and system-aware solution. In other words, they want the Reese’s* Peanut Butter cup of security – simple, superior, and satisfying.

There is little satisfaction in today’s approach to endpoint security. The product-for-every-problem approach is only good until there is a new problem tomorrow.  To secure complex environments, you need security that is as dynamic as the environment it’s protecting and the threats it’s protecting against. Dynamic endpoint defense requires a fundamental shift from deploying isolated countermeasures designed with the sole directive of payload recognition, to a collaborative set of converged capabilities that can identify, contain, and eradicate threats across all points of attack progression as part of an integrated security platform. Only through a system and platform based approach will the industry eliminate security silos and deliver real-time, holistic security that addresses the entire threat defense lifecycle from protect to detect and correct.

McAfee Dynamic Endpoint will bring together our best security management and on-device protections integrated with cloud based analytics to deliver dynamic and highly adaptable protection against known and zero day attacks. It will do this by utilizing a multitude of approaches to identify transient attack techniques and lateral movements that do not manifest themselves in obvious ways.

dynamic-endpoint

By leveraging multiple security capabilities as part of an integrated system, McAfee® Dynamic Endpoint will provide proactive protection, advanced detection, and automatable correction addressing the entire threat defense lifecycle. Delivering our solution in this way will reduces computing overhead on the system while providing extensibility that makes it easy to evolve your endpoint security footprint. Early testing of McAfee Dynamic Endpoint shows promising results. It prevented 60% more threats than signature-based solutions, reduced team training times by 80% and took 66% less operational personal than Best of Breed approaches. The integrated approach to securing the endpoint enables security teams to do more, faster with fewer resources.

McAfee® Dynamic Endpoint will be comprehensive in its approach to securing endpoints. As a result of being fully integrated into McAfee’s platform, its capabilities will help to ensure the health, integrity, and improved TCO of the entire security infrastructure.  The endpoint does not live alone in an IT infrastructure. It coexists with many other security solutions. At any given time a computing compromise may occur rendering the IT infrastructure only as strong as its weakest link. Our McAfee platform approach will mitigate this risk.

Our endpoint will connect, in real time, to Mcfee and Partner solutions subscribed to the McAfee Platform via our Threat Intelligence Exchange and Data Exchange Layer. Being part of this platform means that an attack, and the associated threat intelligence, discovered by McAfee Dynamic Endpoint, will be shared in real-time with all other countermeasures subscribed to the platform. Delivering on this strategy requires scale from an endpoint penetration, threat intelligence, and management perspective. McAfee delivers that scale with over 90 million corporate endpoints protected with our endpoint solution, a product and partner management console in the McAfee® ePolicy Orchestrator®, a tightly integrated threat intelligence cloud processing 420 billion lines of telemetry a month, and a security partner ecosystem with 135 partners committed to platform integration. This platform approach means that an attempted compromise and threat discovery on a single endpoint protected by the McAfee® Dynamic Endpoint solution will become the seed of immunity for the entire network.

At FOCUS 2016, our annual user conference at the Aria Casino In Las Vegas Nevada November 1-3, 2016 we will showcase new solutions in support of Dynamic Endpoint and it’s integration with the broader McAfee platform.

Bringing together advanced and traditional endpoint security in McAfee® Dynamic Endpoint, in addition to the integration with the broader McAfee Platform, will allow us to deliver a more superior experience than delivering any of them alone. Stand-alone, each delivers value but together they deliver superior satisfaction.  

Who knew that peanut butter cups and Dynamic Endpoint could possibly have anything in common!

© McAfee Corporation

NOTICE:  The information contained in this document is for informational purposes only and should not be deemed an offer by McAfee or create an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.

McAfee, McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks of McAfee Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.

The post Dynamic Endpoint – some things are simply better together! appeared first on McAfee Blogs.

]]>
Cybersecurity and Me https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/cybersecurity-and-me/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/cybersecurity-and-me/#respond Wed, 27 Jul 2016 23:41:59 +0000 https://blogs.mcafee.com/?p=51587 I keep the things people care about safe. Their bank accounts, their private data, their social media accounts, their children, spouses, grandparents, employees and their company secrets. I didn’t set out to work in cybersecurity. But given what I’ve learned about the business, its people and their sense of mission, and our growing criticality to […]

The post Cybersecurity and Me appeared first on McAfee Blogs.

]]>
I keep the things people care about safe.

Their bank accounts, their private data, their social media accounts, their children, spouses, grandparents, employees and their company secrets.

I didn’t set out to work in cybersecurity. But given what I’ve learned about the business, its people and their sense of mission, and our growing criticality to the world at large, I urge you to think about it.

As a young professional, technology was not my strong suit. I majored in management at Oregon State, with a minor in behavioral science. I was not up coding all night. I was waitressing and bartending to pay tuition. I graduated without a job and finally found a rent-paying gig as an administrative assistant.

Hardly a storybook start for a would-be cybersecurity leader.

But after laboring for several years in a succession of corporate vineyards – becoming a product manager, getting an MBA on the side – a professional networking contact reached out and I was offered a position at McAfee. I joined as the VirusScan product manager (it was our flagship corporate solution at the time).

Just the next stop on the corporate shuttle, right? Wrong.

I saw within a year what a different industry security was. I stopped looking for the job that would deliver long-term job satisfaction realizing that I may very well have found it. I’ve now worked at this company for 16 years.

Drinking the security Kool-Aid was not my plan. But after one short year I realized coming to work and keeping people safe was pretty cool. Not inventing rationales for obscure widgets, or assessing my worth according to how much jargon I could cram onto a presentation slide. I knew I was doing good and creating value for a world that had come to rely, with astonishing speed, on digital systems born fragile and vulnerable that have been playing catch up with the bad guys ever since.

Cybersecurity attracts extraordinarily committed people. Early in my McAfee term the I Love You virus broke out – a malicious e-mail attachment that affected tens of millions of PC’s. It was not just another day at the office. We had grown men and women melting down on the phone, terrified that their company’s security teams might not tame the malware before it overwrote critical files and resent itself to all their employees Outlook contacts. I had colleagues work 3 days straight, pitching in without pause – amazing engineers, researchers and managers who brought passion to the task of protecting our customers. If we didn’t feel like a family before we certainly felt that way after 72 hours of pizza, Chinese take-out, and a steady stream of caffeine. It felt like a cause.

At times like that ours is not a normal life. Of course I stayed.

In the years since the I Love You virus, cyberattacks have only grown more malicious and fateful. It has matured from mostly innocuous pranking to well-organized crime. Malware is an established industry with its own developers, pricing models and distribution chains. The bad guys have become serious adversaries.

Why don’t more young people respond to the urgency and rewards that come with such   exciting work – the development of digital protection and detection technologies for the whole civilized world?

It’s partly because we have to make a better, clearer case. We need hard science skills and hard coding chops, but you don’t have to be a computer science or mathematics major to contribute to this industry. Look at me. I understand technology and know how to communicate its powers – and when the tech arena gets more good communicators, the public will better understand this field and more importantly, why it is so important to them personally and professionally.

It’s partly because private industry and higher education need to up their collaboration game. When McAfee piloted cybersecurity coursework with Cal Poly and my alma mater, Oregon State, the classes we designed filled up in 15 minutes. So we know we can ignite the next generation’s interest. We, as an industry, ought to work with more universities to proactively develop and disseminate cybersecurity curriculum.

And I think we have to reach young people sooner. When I talk to students in middle school and high school I tell them a cybersecurity career offers a chance to fight bad guys, yes. It rewards adrenalin junkies, yes. But it also makes you a caretaker, teacher and a hero all at once.

If in the 8th or 9th grade I had heard that pitch, who knows how much more quickly I might have gravitated to the career I love today. If today’s 8th or 9th graders hear it, I hope they’ll consider joining me.

Cybersecurity is more than lines of code. It’s keeping people and corporations safe and teaching them how to keep themselves safe. It’s what I do, and I want more company.

For more information on the state of the cybersecurity workforce, read the new report, “Hacking the Skills Shortage”, from McAfee and CSIS.

This blog originally appeared on my LinkedIn page

The post Cybersecurity and Me appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/cybersecurity-and-me/feed/ 0
Overcoming the Attacker Advantage: The New Role for Endpoint Security https://securingtomorrow.mcafee.com/business/overcoming-attacker-advantage-new-role-endpoint-security/ https://securingtomorrow.mcafee.com/business/overcoming-attacker-advantage-new-role-endpoint-security/#respond Tue, 27 Oct 2015 18:45:57 +0000 https://blogs.mcafee.com/?p=45886 In the continuing battle between cybercriminals and information security, the criminals currently hold the upper hand. They know almost everything about our defenses, but we only know about the threats that we can catch. We keep introducing new devices, greater mobility, and more storage places, which do help us work better but also increases the […]

The post Overcoming the Attacker Advantage: The New Role for Endpoint Security appeared first on McAfee Blogs.

]]>
In the continuing battle between cybercriminals and information security, the criminals currently hold the upper hand. They know almost everything about our defenses, but we only know about the threats that we can catch. We keep introducing new devices, greater mobility, and more storage places, which do help us work better but also increases the attack surface. Combating this advantage and turning the tables back in our favor means changing some fundamentals about our defenses.

Endpoint defenses have become a collection of antivirus, firewall, and process monitoring, often from different vendors, supported by frequent updates to keep them knowledgeable about current threats. This approach is complicated to manage, processor intensive, and sometimes out of date and vulnerable to emerging attacks.

To overcome the attacker advantage, we need a new approach, which combines these functions into a cohesive whole, whether from one or multiple vendors. Instead of frequent updates of virus definition files, we need real-time communications between endpoint counter-measures and other security technologies, so that you can get an accurate picture of who is attacking what and where, now.

We need much broader sharing of threat information, within your organization, within your local community, industry, region, country, and around the world. Threats are coming from multiple vectors and a myriad of sources, and broader threat intelligence sharing will be mandatory to getting ahead, and staying ahead, of cybercriminals.

The performance issue, which has long been a complaint of end users, needs to be firmly addressed. Scans that interrupt the workday, slow down the computer, and impact end user productivity need to be replaced with something more intelligent and adaptive to the user’s behavior. We do not need to scan every file and process every time, but should instead learn through observation what can be trusted and what is suspicious, to focus resources appropriately. Smart security processes can and should operate in the idle time between a user’s work, with the goal of zero impact to productivity.

Security operations need much better visibility into what is happening around the organization, and actionable information on what to do about it real-time. Forensic analysis is great for determining how to build better defenses, but less useful when trying to reduce response times from days or weeks to milliseconds. When an attack or compromise is detected, the affected system should immediately publish the information it has, so that others can block the malicious files and processes before they can spread.

Finally, we need to reduce the complexity of deploying, configuring, and managing security systems. Too many organizations have expensive security tools deployed in monitor or default mode, either sitting silently and watching the bad guys wander in, or generating an overwhelming number of alarms with no discrimination between important and inconsequential.

At McAfee, we have been working on these issues, both internally and with partners. These are issues for all organizations, and for the entire security industry. A collaborative approach, including global and community threat intelligence sharing, data exchange between different technologies and processes, and improved performance, will accelerate time to protection and enable security teams to resolve more threats faster with fewer resources.

The post Overcoming the Attacker Advantage: The New Role for Endpoint Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/overcoming-attacker-advantage-new-role-endpoint-security/feed/ 0
Defending Against the Dark Arts Isn’t Just for Wizards https://securingtomorrow.mcafee.com/business/defending-against-the-dark-arts-isnt-just-for-wizards/ https://securingtomorrow.mcafee.com/business/defending-against-the-dark-arts-isnt-just-for-wizards/#respond Mon, 30 Mar 2015 20:30:27 +0000 https://blogs.mcafee.com/?p=42389 Expelliarmus!  Wouldn’t it be nice if that worked in the real world? Unfortunately, there’s no magic charm that can be used as ‘Defense Against the Dark Arts’ against cyberthreats and malware. Every minute there are 307 new cyberthreats and according to a recent report by McAfee Labs, the number of malware exploits increased by 76 […]

The post Defending Against the Dark Arts Isn’t Just for Wizards appeared first on McAfee Blogs.

]]>
Expelliarmus! 

Wouldn’t it be nice if that worked in the real world? Unfortunately, there’s no magic charm that can be used as ‘Defense Against the Dark Arts’ against cyberthreats and malware.

Every minute there are 307 new cyberthreats and according to a recent report by McAfee Labs, the number of malware exploits increased by 76 percent in the last year.

So clearly, cybersecurity is a growing issue and something needs to be done to mitigate it.

But, these problems can’t be solved by one single entity; they are issues that we need to band together to solve. This is why we teamed up with Oregon State to do something about it – because what’s the best defense against cybercrime?

Education.

Namely, educating the next wave of university graduates and equipping them with the professional skills they need to make the cyber world a safer place.

McAfee Senior Manager of Data Operations, Carey Buelt, happens to be an Oregon State grad and thus, led the effort to bring our successful ‘Defense Against the Dark Arts’ course to the school.

In this half lecture/half lab course, a total of nine instructors each teach for a week or two on a cybersecurity topic in their area of expertise. The goal is to provide students with an awareness of the current threat landscape and enlighten them as to what’s out there in terms of security jobs.

This course will encourage students to take a look at the real cybersecurity problems we face and start brainstorming ways they can protect themselves and the companies they will go on to work for.

While a single class in cybersecurity will not solve the global shortage of professional security skills as a whole, this partnership is a necessary step to building a world-class program in cybersecurity that will go on to span multiple colleges and universities.

We hope you feel inspired by this example of what can be accomplished when two industries put their minds together and collaborate to solve an issue. Together, let’s work to make the world a safer place.

You can learn more about the course, here and to stay up to date with the latest in cybersecurity, be sure to follow @McAfee_Business on Twitter.

The post Defending Against the Dark Arts Isn’t Just for Wizards appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/defending-against-the-dark-arts-isnt-just-for-wizards/feed/ 0