Wanted: Highly Skilled and Certified Cybersecurity Expert
Here we are again. To borrow a phrase from Shakespeare's Henry V, "Once more unto the breach." I'm talking about the massive data breach of the consumer credit reporting agency Equifax which was hacked sometime between mid-May and July.
Like usual, this breach doesn't merely affect "we few." Rather, it's a couple of hundred thousand residents of the United Kingdom and Canada ... plus, oh yeah, 143 million Americans. That's almost half (roughly 45 percent) of all Americans! And we are not happy about it. The bad guys stole gobs of sensitive information — including names, social security numbers, birth dates, addresses and even driver's license numbers.
There's not much good news for anyone in all of that (the Equifax hackers excepted, one imagines). On the other hand, if you are a skilled (and certified) cybersecurity professional already, or simply interested in becoming one, well, opportunity is practically kicking your door down.
No business or organization wants to be the next Equifax (or Yahoo!, or Target, and so forth). IT professionals contemplating a switch to cybersecurity likely now enjoy a golden opportunity to have some or all of their training and certification paid for by a current or future employer.
IT newcomers looking for a specialization to pursue that has a stable long-term employment outlook would do well to investigate Security+ certification from CompTIA, SSCP certification from (ISC)2, CSX certification from ISACA, or just about any kind of certification from GIAC. And that's just brushing the tip of the cybersecurity certification iceberg.
Where was I? Ah, yes. Our story so far: 143 million Americans at risk of all manner of attacks and scams from suddenly well equipped cyberthieves.
Equifax discovered the breach on July 29. Of course, being a soulless, socially irresponsible faceless corporate entity, they waited to announce it until earlier this week. To add insult to our injury, three of the company's top executives managed to sell off their shares of stock right before reporting the breach. Thank you, Equifax. Way to watch out for our data.
Equifax chairman and CEO Richard F. Smith did offer some comfort to us in a statement to the press: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do." Wow! If Smith thinks it's a "disappointing event" for Equifax imagine how the rest of us feel.
I say "us" because it's likely that I'm part of that 143 million victims. Equifax is being helpful in letting us check if our data was part of the breach. A message on their site directs consumers to the oxymoronically named equifaxsecurity2017.com, where all you enter the last six-digits of your social security number and last name. I did so and voila! I got this comforting message:
You believe?! Seriously, Equifax, is this the best you can do?
Reporters and others have called the company and been stonewalled with a message that offers the polite suggestion that customers "sign up for credit file monitoring and identity theft protection." Then, like throwing a dog an already gnawed bone, Equifax deigns to offer a free protection service for one year through another company — even for customers not affected by the breach.
Legal experts warn, however, that accepting Equifax's "thoughtful" offer may result in signing away your rights. Bah! Equifax, the company that just keeps on giving. The "fine print" in the Terms of Service section of the data breach site contains what slime dwellers —also known as lawyers — call an "arbitration clause." Here is the relevant section:
AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.
Although the stated purpose of these clauses is to prevent an excessive burden on the courts, in practice they do nothing more than restrict consumers from suing.
The silver lining to this cloud is that the Federal Government is moving to bar arbitration clauses. The dark aspect of the cloud is that doing so, like everything else transacted in Washington, D.C., will take time. During which time 143 million of us are going to have to pay even closer attention to our credit card bills and wonder if we dare sign up for Equifax's offer of protection. It's times like this that I remember my dad's Number One Rule for Dancing with the Devil: Don't!
To further bowdlerize Henry V: "Once more unto the breach, trusting consumers; time to close up the wall with our financial well being." Maybe a more appropriate exclamation to describe the present dilemma would come from Richard III: "A highly-skilled cybersecurity expert! My kingdom for a highly-skilled cybersecurity expert!"