By: Hord Tipton
One chooses their career path for different reasons – whether it be following in a parent’s footsteps or an innate desire to help others. I was inspired by a chemistry teacher to pursue a career in chemical engineering and found success in engineering nuclear weapons for Atomic Energy Commission, securing SCADA systems that controlled vital resources such as the Hoover Dam, and enhancing information and software security standards through credentials and education.
Throughout my vast career, I’ve seen computers shrink from room-sized to pocket-sized with more power in one device today than throughout an entire operating system twenty years ago. In 2002, I had to disable Internet capabilities from everyone in my agency [the U.S. Department of the Interior] because of a judges’ order. Imagine how this would affect business operations in organizations now.
Security wasn’t originally in my purview until my organization was sued for $76 billion dollars: That staggering blow would make anyone more focused on security! But now cyber security is one of the most rapidly growing industries with a near 0% unemployment rate due to the myriad of threats. Application vulnerabilities, in particular, was identified as the number one threat in the recently released 2013 (ISC)2 Global Information Security Workforce Study. The problem originates from the acceptance of insecure software as a cost of doing business. If a car company put out a car with faulty brakes, they would have to recall all of those vehicles. Software companies are not held to the same standard and our Certified Security Software Lifecycle Professional (CSSLP®) credential was developed to address this need and to consider security throughout the entire software development lifecycle.
Hear more in my interview with Gary McGraw on the Silver Bullet Podcast - https://www.cigital.com/silver-bullet/show-084/top.