At Black Hat USA in Las Vegas, Anomali threat research team manager Joakim Kennedy explained to Eleanor Dallaway why he believes the open source movement in the cybersecurity industry will help to address the skills gap.
“One way of opening up the industry to more people is to provide good free tools accessible to everyone.” The open source movement allows people “to take the toolkits and moderate them.” This, he said, is particularly relevant to teenagers and people outside of the cybersecurity industry that may have an interest in joining. “The best way to learn is to get hold of toolkits and play with them, moderate them,” he said, explaining that his own path into the industry began as a teenager, “using whatever tools were available” and self-educating himself.
Making these open source tools available “will trigger the interest of the next generation of potential employees by giving them the tools to play with for free and get their interest. We need to get more interested people into the field and there’s a high threshold to get started.” He explained this high threshold means that the paid products and tools in the industry are very expensive. “The license price is too high.”
Anomali’s Kennedy explained that when new starters are employed without industry background, “it takes a lot of training to teach them new tools and techniques.” If open source toolkits were used in university programs, that would be helpful exposure to industry candidates, and would expose them to the tools they’ll need in future roles. “Imagine having to train new employees in Microsoft Office,” said Kennedy, to emphasize his point.
The evolution in the industry means our tools have to be modified to fit what is current. That’s the benefit of open-source...Joakim Kennedy
What makes a good cybersecurity professional, explained Kennedy, is “being a good problem solver, having curiosity and a willingness to learn.” If a candidate has those qualities, they can be trained, said Kennedy.
Open source toolkits are useful for researchers, but “the market isn’t there to sell it. We write them to give back to the research community. The evolution in the industry means our tools have to be modified to fit what is current. That’s the benefit of open-source – it can evolve with the industry.”
Eco-systems are being built around open source toolkits, explained Kennedy. “A lot of paid tools allow for open source plug-ins to automate tasks. A lot of these plug-ins are being released freely to support commercial services.”
Kennedy doesn’t understand why CISOs are often reluctant to allow open source tools into their organizations. “What are they afraid of? They can audit them – which you can’t do with a propriety product. They have to put their trust in that vendor for that. With open source, they can audit it themselves.”
When asked what new threats his team are observing, he responded “threats are just evolutions of older threats. What we’ve seen in the past year has been a shift in the way ransomware is being used.” Ransomware was taken over by cryptomining but when the crypto market crashed, ransomware took over once again. “Now, however, rather than targeting the masses, ransomware attacks are more targeted and focused in their approach. Gone are the days of spam and send-to-all targets. Now they specifically target their entrance and how to get in more closely.”
“Ultimately,” concluded Kennedy, “Security is being better than your neighbors so they break into them and not you. A lot of criminals just look at low-hanging fruit, so make it as hard for them as possible.”