Aspen Cybersecurity Group
The Aspen Cybersecurity Group is a cross-sector public-private forum comprised of former government officials, Capitol Hill leaders, industry executives, and respected voices from academia, journalism, and civil society that have come together to translate pressing cybersecurity conversations into action. At its inaugural meeting in January 2018, the group decided to focus its efforts in three key areas of need: (1) improving operational collaboration between the public and private sector; (2) developing the skills and education necessary for a workforce that will increasingly confront cybersecurity challenges; and (3) securing and ensuring confidence in emerging technologies, including the Internet of Things (IoT). These three areas were identified as requiring urgent attention by a group that crosses party lines and includes both policymakers and practitioners. Learn more about the Aspen Cybersecurity Group here.
The proliferation of connected devices has created great benefits while significantly increasing the attack surface. Our Emerging Technologies group believes changing the dynamic requires an environment that incentivizes products be secure-to-market and increases consumer transparency. As a first step in that process, the group has articulated a set of guiding principles intended to establish common expectations for IoT consumers and developers/manufacturers alike.
Talent & Workforce
The U.S. currently has a cyber workforce shortage of 300,000 individuals and the trend line predicts an increasing gap. This is largely due to the fact that demand is significantly outpacing supply, large candidate pools are left untapped, employer requirements aren’t well sync’d to the skills needed, and awareness of cyber career paths remains low. After months studying the challenge, our group of experts has proposed a mix of principles, partnerships, and specific steps employers can take to close the gap.
We currently suffer from suboptimal coordination in steady state and incident response environments. This persists because we lack a defined framework for collaboration, clarity on the relevant players and their roles and responsibilities, and a shared perception of the value of collaboration. Our experts have developed a framework for operational collaboration (inclusive of steady state and incident response environments), defined enabling traits and a criteria to determine the relevant actors, and articulated actions to effectuate an effective framework.