BSidesLV & Skill Transitions

Thinking back to BSides Las Vegas this past summer, there was an interesting talk in the Hiring Ground track, “The Commoditization of Security: Will You Be Replaced By A Script” by Nathan Sweeney.

Nathan mentioned trying not to get too focused on a specific product or technology. He recalled working with DHCP specialists at one time. I’ve never heard of a dedicated role for DHCP. Conversely, COBOL is old but isn’t going away. What technologies stick around, what technologies easily translate, and what is automated away?

Looking at my own resume, my network firewall skills are likely the skill to rapidly fall out of demand. Everyone is buying ‘next-gen’ firewalls, but even the complexity of those are likely to fall out of popularity as we move to cloud services and remote workers. We’ll still have them, but it’s looking more and more like they’ll be going the way of DHCP. You’ve got it, but it mostly self-configures based on content from associated technologies in the vast majority of environments.

You plug in your Next-Gen Firewall. BGP participation sets up the routes for each interface. Cisco ISE applies the network layer controls. The CASB applies cloud access controls. Your threat data integration sets up the IPS type blocking policies. You’re done.

That should be the goal anyway.

Equifax & Remote Verification?

We don’t yet know who has the Equifax data or the entirety of the information they have.

We know what we can see when we pull a credit report. We see our addresses, our phone numbers, and a list of every line of credit associated with our name.

The OPM data is in the hands of the Chinese government. They probably won’t leak / sell it.

What if the Equifax data gets sold or dumped? We could be looking at a collapse in remote verification. How do you verify someone if the common answers to questions are entirely public? I don’t know how.

Traditional banks could require in-person visits rather than online setup / reset. That’ll work for a good number of people. The transient (college students, travelers, armed services) will all be out of luck if there bank is regional and they’re out of the region. Online financiers like PayPal will entirely be out of luck.

What about healthcare providers? How do they handle their customers? If I have questions about my health insurance, do I have to travel to a participating practice? That seems obtrusive.

Will we see authentication services spring up? Oh, you’d like to open a PayPal account? You’ll need to visit a USPS facility or AuthCo for an verification code to complete your signup / application.