Exploring Careers in Cybersecurity: Protecting Our Financial System

Did you know there are over 300,000 unfilled jobs in cybersecurity nationwide? This second of a two-part Maximum Employment Matters webinar explores job opportunities that help secure our financial system.

Webinar Video

Related Resources

image of a person standing on top of an iceberg

How to Work in Cybersecurity

Learn how to get started in a cybersecurity career, from the types of degrees available to the various careers in the field.

Making Personal Financial Decisions Lesson 10: The Three D's of Identity Theft

Students are introduced to various options for deterring and detecting identity theft. They then play a game about identity protection. Students will learn that 100% identity protection is not possible and ways to defend themselves if identity theft occurs.

The Center for Financial Innovation and Stability's series, Notes from the Vault

Financial Know-How

Notes from the Vault examines topics surrounding financial stability and innovation, banking and supervision, and international finance. The posts are intended to stimulate discussion of these topics and place them in a context for nonspecialists.

Webinar Transcript

Amy Vaughn: Hello and welcome to our Maximum Employment Matters webinar. Today we'll discuss careers in cybersecurity with a focus on cyberterrorism and protecting our financial systems. I'm Amy Vaughn from the St. Louis Fed, and I'll be facilitating today's call. Before turning our call over to our presenters, let me go over the logistics for today.

For today's Webex you have three options to listen in. You can have the webinar call you, you can call in, or you can listen via your computer. And if you lose audio at any time, go back up to the "quick start" menu in the left-hand corner and choose your audio connection. Like all Maximum Employment Matters calls, this one is being recorded, and everyone's lines are muted, and you do not have the option to share your video at this time.

So, questions, we really want to hear them. If you have any during the webinar, please submit them by typing your question in the Q&A panel in Webex. We will be stopping at certain points, but send them in whenever you think of them.

So there's a legal disclaimer on the bottom of slide two. And that says, "The views expressed in this presentation are those of the presenters and not the official opinions of nor binding on the Federal Reserve Bank of Atlanta nor the Federal Reserve System."

And now that we've covered all the important stuff, let's get to the really important stuff. And I'm going to turn over the call to the host for the program, Julie Kornegay from the Federal Reserve Bank of Atlanta.

Julie Kornegay: Thanks, Amy. Can you go ahead and close out our poll question for us? Let's see if we can get those answers in. All right. So it looks like, "Have you been a victim of a cybercrime?" we have four people saying yes and six saying no. We've got several that didn't answer. But interestingly enough, according to our speaker yesterday from the FBI [Federal Bureau of Investigation], with the hack on Equifax's credit card company, that we are all victims of cybercrimes. So on that cheery note, I'd like to welcome you to today's edition of Maximum Employment Matters.

We're going to look at cybersecurity and the important careers within this field. The cybersecurity programs have been constructed differently than our past programs. And I really felt like we needed to raise awareness around some of these important jobs as well as the work that these folks are doing. So yesterday we focused on protecting our infrastructure, and today we're going to talk about protecting your money and protecting the payment system.

So let's see, we're going to go to the next slide. Okay, all right. I'm excited to introduce our first speaker, Nancy Donahue. Nancy joined the Federal Reserve's Retail Payment Office in 2008 and after almost 20 years in banking. Earlier this year she moved to the Retail Payments Risk Forum where she focuses the majority of her time on primary research of payments, payment fraud, and risk. She's the project manager of the Federal Reserve Payment Study. Nancy, thank you for joining us today.

Nancy Donahue: Thank you for inviting me, and excited to talk to all of our listeners today. So to start out, you know, what is the United States payment system? So a payment system is any system used to settle financial transactions through the transfer of monetary value. It includes the institutions, instruments, peoples, rules, procedures, standards, and technologies that make that exchange possible.

Let's see. In the graphic there in the slide, our payment system involves multiple entities to complete a single transaction. So you have the payee, which is consumer or a merchant. And they're paying a business to purchase something or paying another person. And those transactions flow through a network or an operator or a processor and then goes out to the different paying and receiving financial institutions, depending on where people bank.

So parties in the payment chain, as I said, are consumers, merchants. You will have the central bank in there or the mint if it's cash. And then the payments and infrastructure, which is, as I said, your card network, your ACH [Automated Clearing House] operators, which might be the central bank, armored car services. The most common types of payments instruments in the U.S. are cash, check, and then multiple flavors of card payments: credit, debit, prepaid. You probably have multiple types of cards in your wallet right now. And then ACH transactions are those electronic transactions like for your bill pay.

What is the role of the Federal Reserve System in the U.S. payment system? Retail payments are vital to the nation's commerce. These payments can cover anything from making a car payment that's automatically debited from your account to paying your bills online or using your debit card at the gas station. And they also include Treasury payments like Social Security payments.

So the Federal Reserve System performs five general functions to promote the effective operation of the U.S. economy and more generally, the public interest. So those primary functions are conducting monetary policies, so when you think about setting interest rates to control inflation; promoting the stability of the financial system; promoting safety and soundness of individual financial institutions, so bank examinations; fostering payment and settlement system safety and efficiency through services to the banking industry in the U.S. government.

Many people maybe don't realize that we are the bank for the Treasury Department. So we're the paying agent for Treasury items. But them promoting consumer protection and community development through bank supervision and regulation, research and analysis, community economic development, and administration of consumer laws and regulations.

In terms of the Fed's role in payments, the Retail Payments Office, which is located in the Sixth District, which is the Atlanta District of the Federal Reserve System, operates and oversees payment operations for the Federal Reserve System. So that means all checks that are written in the United States, if the bank where they are deposited clear through the Federal Reserve, they come through the Atlanta Fed at some point in that process. Also, we are one of two ACH network operators in the U.S. The other one is the Clearing House.

So thinking about…what are the current trends in retail payments? So the chart in this slide reflects the current trends for the four retail payments—so again, that's card payments, checks, and ACH payments—in the U.S. based on results from the last two Federal Reserve Payments Study data collections. And we collected this data from banks and card networks.

What we have seen in trends over the last several years is that cards dominate the payment landscape, which you could have probably guessed based on your own personal choices whenever making payments. Very few of us write checks anymore, and very few people carry cash. So looking at the line graph depicting all types of noncash payments, we see growth in all areas except for check, which has gone down.

Looking at just 2016, debit cards grew by over 60 billion transactions. And credit cards—which is what we call general-purpose credit cards which is like your Visa or MasterCard where you can use them anywhere, so they're general purpose—they grew over 35 billion transactions. And then prepaid debit cards, which you've seen quite a bit of growth in the prepaid debit cards, those grew over 10 billion transactions. But then check has trended downward for the last many years. And again, that's just reflective of change in consumer choices in making payments.

What is fintech? So the fintech sector encompasses the product and service companies that support the technology needs of the financial industry and ultimately the payment processing infrastructure. So the Technology Association of Georgia broadly defined "financial technology" as the application of technology to financial services. So when you think about some of the new products that have come up, you know, being able to pay things with your phone, Venmo, Zelle, some of these other what we call P-to-P or person-to-person applications, which you probably use in your own day-to-day lives, those are examples of financial technology.

So fintech companies have developed a very large presence here in Georgia, which is now home to over 120 fintech companies. And we see more coming in every year, making Atlanta one of the largest fintech hubs in the world. Conservatively, these companies employ over 38,000 people across a number of technical fields here in Georgia. And with the fintech presence and payments companies that we have here in Georgia, over 70 percent of all U.S. card transactions are processed through payment processing firms based here in Georgia, which has earned us the nickname of Transaction Alley.

So what are the current and future employment trends in the fintech industry? FinTech Atlanta, which is an industry association that represents a broad spectrum of fintech companies, estimates a current requirement of more than 5,000 professionals in the next three years to meet the employment needs in the fintech sector. And in the slide there, you see a table, that table's from the Georgia Department of Labor and the Technology Association of Georgia, showing Georgia IT [information technology] job trends and job openings just for the month of August. And we see there's over 5,000 IT openings in Georgia alone for information technology, software development, sales and marketing, and system administration.

What are some of the career paths that are in highest demand? So the University System of Georgia undertook a comprehensive research project over the last couple of years sponsored by our governor's office as part of Georgia's High Demand Career Initiative. And they published the report earlier this year called "Fintech Talent Development Insights." And it is available on the web. Examples or common job titles for these five high-demand career paths that are listed here, I shared those with you. But this list is very consistent with what we saw in the previous slide for the job openings. So these are widely recognized as high-demand career paths with a need, a current and future need.

How can these employment needs be addressed through education? So the University System of Georgia in the report proposed eight educational initiatives you see listed there in the slide. These educational initiatives range from opportunities for individuals that already have their college degrees or are currently employed in a technical field to go back through a boot camp or a weekend program to obtain certification for a specific skill set or knowledge. To then fintech curriculums and courses of study at the university and technical college level, intern and apprenticeship programs for high school and college students, e-based learning, and then lastly, a specific program for cybersecurity beginning at the high school level. And what this program would offer is cybersecurity courses and certifications, allowing students to earn credit toward postsecondary degree where the University System could deliver courses at the high school level and make them available statewide to all the students.

What type of roles exist in the Fed when we think about technology roles? Certainly we have a robust information security area. We employ information security architects, engineers, analysts, always looking at potential threats, you know, protecting our network. But then in the retail payment space, we have business application and delivery managers, software release coordinators, change coordinators. So these are people who are involved in implementing new payment processing platforms for the Federal Reserve System and then maintaining those systems as well.

So then summing up: again, based on research that has been conducted by public institutions and private industry and the trends in payments that we see to create a frictionless but highly secure experience for the consumer with ever-increasing mobile options, the need for highly skilled technical workers in order to create new and innovative products should remain.

Kornegay: Great, thank you. Thank you so much, Nancy. Appreciate that. Well, so I believe we have a poll question coming up. And while we get that up and loaded and give you guys a minute to respond, I'm going to go ahead and introduce our next speaker. And I'll remind you also, if you have questions for Nancy, please be sure to type those into the chat box at the bottom, and we'll look at questions here in just a little bit.

So our next presentation comes from Michael Levine, Levine, I'm so sorry. Yeah. He is CEO and managing director of executive recruiting for Advantage Talent. ATI is an executive search firm that engages with clients and works to keep them relevant by embracing contemporary disruptive technology skills. He's a certified blockchain expert, an RTA developer, a CPA, a career agent, and a public speaker. Oh, you're a busy man.

Michael Levine: Thank you, Julie.

Kornegay: Thank you for joining us today.

Levine: Appreciate that.

Kornegay: Oh. Oh, yeah. Amy, can you close out the poll and see if we've got answers? Our question is, "Do you understand how blockchain works?" Oh, wow. So majority—overwhelming majority say no, they are not sure. So maybe you can enlighten them.

Levine: Hopefully, after today you will all have a better understanding. So thank you for the opportunity to speak today, and very, very happy to talk about blockchain. This is a pretty exciting area for us, for what we see going on in the economy in general and where the opportunities are. On the screen you'll see that there's, according to Upwork, 6,000 percent year-over-year growth in jobs within the blockchain environment, and we're seeing significant growth in our practice also. It's a really exciting time both for new grads and experienced professionals.

And although cryptocurrency gets most of the press around blockchain, there is a lot more to blockchain than just cryptocurrency. The other opportunities for blockchain are, and this is just a sample, but anything related to supply chain, real estate, medical data. There's a tremendous amount of activity around goods and services. And one of these services is banking.

So on the left-hand side of the screen you'll identify that the banking transactions taking place outside of a blockchain environment, there's something called a centralized ledger. I'll speak about that in a second. On the right-hand side, the pictures relate to a distributed ledger, and that is the blockchain environment. Before I get into too much detail around blockchain itself and the banking industry, what I'd like to share is some characteristics of what blockchain transactions include.

So on the left-hand side there is very significant, and by the way, this is common to both. There's very significant security in both a non-blockchain centralized ledger and also a blockchain distributed ledger. Security looks a bit different. There's probably cryptography used in both. On the blockchain side, on the right-hand side in the distributed ledger, every member has an identical record of all transactions that are in the blockchain. And it creates very significant barriers to hacking. So from a security perspective, blockchain has very interesting and robust security measures that are incorporated into it.

In addition to that, another characteristic is verification and authentication. On the left-hand side where there's Clearing House, there's one central repository for the transactions. And that works out well. The challenge occurs when each of the individual financial institutions has their own record of the transaction that takes place. And even if there's a transaction between two banks, one of them has a challenge with the recording of one of those transactions, there's going to be disparity between the different banks or the different entities.

Now, if you flip over to the right side, within a blockchain environment, everyone has the same records. There's one truth, and that truth is shared by everybody. So there's no concern related to reconciliation between one institution and another, and it makes it so that there's continuity, there's security associated with it. The one truth is consistent, and there is no opportunity to change. So from a reliability perspective, within the blockchain, it's a permanent record, there is no way to change it, and it's easily verified and reconciled and audited.

So what are some of the benefits? Why would we utilize blockchain? The answer to that is that there are significant characteristics that apply to two different areas related to savings and then also enforcement of compliance. And within savings, there are transactions that take place between banks, and there are transactions that take place between a bank and the individual customers. When we talk about the transactions at the bank level between banks, there's a very significant increase in speed by utilizing the blockchain.

Many of the transactions can be automated, and the people that are processing these transactions can find themselves in a position where the blockchain allows for the transaction to take place automatically so people can focus on other things. One example of this type of transaction is something called a smart contract. And with a smart contract, when the conditions of a transaction are met, they're reported as being met in the next step, and a transaction happens automatically. It eliminates a lot of processing of delays, people in the middle don't get involved, errors are diminished, and the security is increased. Again, opportunities for significant savings.

In addition, there's requirements related to "know your customer." And if banks can achieve compliance with those requirements, once a bank goes through all the steps of "know your customer," then that information does not have to be replicated by other banks that a customer may be going to. So there's a significant savings associated with "know your customer." And in addition, the steps that a customer takes in the requirements for "know your customer"—for example, with auto loans or credit cards or mortgages—the customer is in a position where oftentimes within the same bank, they have to go through the same process multiple times.

And in a blockchain, once that happens once, there's not a requirement to do it again within the same bank. And because banks are often complying with the same "know your customer" rules and they have the record within the blockchain, there's no reason that if a customer has an auto loan with one bank and credit cards with another and mortgages with a third, that they would have to go through three different processes. All of that is recorded in the blockchain, and they don't have to worry about that anymore.

So some people ask, what are the hottest areas? Nancy made reference to some of the top cybersecurity jobs within blockchain. The blockchain developer is very significant, has a very significant presence in blockchain right now. Blockchain quality engineer, blockchain attorneys, blockchain engineers, and blockchain project managers. And I'll briefly cover each of those in what they do. Blockchain developers, usually that role revolves around coding. From a quality engineer perspective, they're responsible for ensuring the quality in all areas of blockchain development, automation, frameworks and tests, manual testing, dashboards, all of which goes toward mobile and web and platform engineering research. And so, they also advise on blockchain tools and develop quality assurance, automated test standards. They write, define, and implement, test automated strategies for load performance tests.

And then we get to the blockchain attorney. And there's significant work around blockchain contracts and initial point offerings. The blockchain engineer has a really good understanding of a company's technical needs and creates blockchain apps that address those needs. And then the project managers will have a significant role in converting a company's needs from common language—say, English—into technical language. And then when they're working with the technical folks, taking it back to the businesspeople in order to be able to have an understanding of what it takes in order to get that blockchain project moved through the process.

And just an example with the blockchain development engineers. They get involved with a lot of different areas. There's significant custom development in blockchain. There's custom security, securing data through trust and verification systems. And then there's a tremendous amount of activity around hyperledger platform development and cryptocurrency, which there's a theory in this one platform, there's smart contracts, solidity—those are all concepts that, as a person decides to get involved with blockchain, they're ultimately going to see.

There's also very significant activity within the blockchain community, within the banking community, specifically, related to security settlement. And there's a significant amount of activity among major banks with patents. So it's a field that is growing very quickly, and these roles and responsibilities are fairly new. So the people that are getting involved with blockchain are in a wide-open environment right now.

So it begs the question, you know, what is happening from a competitive perspective with companies in the blockchain environment, and where are skilled workers coming from? Identifying skilled workers is really important to business in general, and in blockchain it is critical. Identifying the right talent at the right time makes all the difference in being able to have a successful blockchain project. And blockchain is an emerging technology where relevant skills are difficult to find.

There are three areas where the widening skill gap is diminished and the hiring landscape is changing in different ways. The first of those is something called new-collar workers. And this is a really interesting concept in that people historically had career paths where they were going to school to get an education and then there was a clearly defined way that they were going to be able to grow through their career. And what we're seeing now is that in new-collar worker environment, the person that is working doesn't necessarily have to follow the rules of specific education in order to be able to gain a career within blockchain.

There are a lot of different ways that somebody can gain access to a blockchain career and the education associated with it, and IBM is a very significant player in that market. All of the other blocks that are on the slide are different ways that a person can go to gain the education in order to be able to begin a career in blockchain. And if you're really interested in learning more about the different resources, some of which are free, some of which are very inexpensive, it would be a good idea to take a look at something called a MOOC. And it stands for massive open online course, under whatever topic, be it blockchain or any of the other disruptive technologies. And you'll find that you will be overwhelmed at the number of resources available to you if you want to learn more about disruptive technology.

The second way that companies are identifying talent is through what is considered to be a hybrid employee. And it used to be traditionally that a company would say a person has to have a certain level of education and they have to have experience in that industry or that field and they also have to have a computer science major and have a tremendous amount of experience in coding. And what we're finding now is that companies are identifying that a person would have to have one or the other, either what's in the top blue section or the bottom section with the computer science major and the coding. And when they get to work, anything that they need to know in the other section would be filled in with on-the-job training.

And then the third way that people are identifying work and companies are identifying people is through the freelance platforms. And the top platforms that serve as the mechanism are Upwork, TopTal, Dream, and Blockchain Common APP. And it is really interesting to watch as these platforms are growing very quickly. In fact, one of them is in the process of a public offering, and the activity on both the company side and the individual side is significantly increasing on a day-to-day basis.

So what we are seeing, again, this is a very exciting time from a blockchain perspective, not just from cryptocurrency but because of all the other applications of blockchain. Again, supply chain, real estate, medical records—there are a tremendous amount of opportunities within goods and services transactions. And we're very happy to be participating in the growth of this very exciting field. Thank you, Julie.

Kornegay: Thanks, I feel like I know a lot more about blockchain now. So thank you very much for your insight. And again, if you have questions for Michael, please type them in the chat box, and we'll do the best we can to get to as many questions as possible. So let's see. On our next slide we are introducing our next guest. So our final guest for today comes from my alma mater, the University of Alabama at Birmingham [UAB]. I'm excited to welcome Gary Warner.

He is the director of research in computer forensics at UAB. Since arriving in 2007, he's created and taught a variety of classes in computer science and just sciences related to our cybersecurity and computer forensics. More than 200 students have worked as employees or volunteered in the UAB computer forensics research lab, which was established in March of 2010 via funding from the Department of Justice and serving the community by assisting in investigations for many companies and law enforcement agencies. So, Gary, welcome. Thanks for joining us today.

Gary Warner: Thank you. It's a pleasure to be with you. So one of the questions that people frequently ask is, if you wanted to come work in my lab, what kind of students am I looking for? Today I wanted to share with you a few of the things that we do here. And as we talk through that, I'll share as well what are some of the careers that are available here that might make you want to consider this course of study.

So the first thing that's most important to recognize is there are a whole lot of unfilled jobs currently, but it's going to get a lot worse. Currently, there are two and a half vacancies for every qualified candidate that are looking for a job. You know, they called it the field with a zero percent unemployment, and they're saying that within just a few years we'll have more than a million unfilled jobs in the space.

One of the resources that I really encourage your participants in the panel today to look at, the URL is up at the top there. It's cyberseek.org. And there's a heatmap.html page. What that map is going to tell you is at any given time how many cybersecurity jobs are open across the country and then how many are open within your state or region that you're considering as a potential place you'd like to work. As you can see, the orange bar in the bottom left is saying that there are currently 768,000 people who have jobs in cybersecurity.

But even with that high number, there's still 301,000 vacancies right now. So the demand is quite high. In the Southeast, in particular, where I'm at and where, you know, the Fed that's hosting the meeting today is located, just in Alabama, you see we have 8,700 in the cybersecurity workforce but 4,400 job openings. The same ratio is true in several other places. You'll see in Georgia almost half of all cybersecurity jobs are vacant. Same in Florida; we've got about a third. In California even there's 35,000 vacancies right now, with 85,000 people in the field.

If you look at it by the metropolitan areas as well, you can look at it that way instead of by the state. So just in Birmingham, for example, where I live there's 635 currently vacant cybersecurity jobs. In Atlanta there's 8,700. In Huntsville there's 2,600. In Charlotte there's 5,200. And the problem is people can't find enough people to fill this.

I love the idea that Michael was just sharing about alternative paths into these jobs. And we'll talk a little bit more about that. Because the current problem, nationwide, we're only going to graduate about 11,000 computer science students next year. And we have 301,000 job vacancies. You can see where that doesn't scale well.

But what kinds of jobs do people do in cybersecurity? And the nice thing is, depending on what you're interested in, there's lots of different types of jobs. Some people work in what's called a security operations center. These are kind of like the rooms you see in some military programs where everybody's sitting at a desk with three monitors and there's 20 big monitors up on a wall. Several of my graduates have gone on to work in, especially in the financial services area, in security operations centers.

And the idea there, is that if there is anything unusual on the…whether it be on the network, whether it be on the ratio of good log-ins to bad log-ins for the financial products, or even if it's an activity that's going on within a particular banking location, all of those things are going to sound alarms, which pop up on the screen. And then one of those analysts' jobs is to dig in and find out what that means. In some networks that alarm may be an indication that there's a computer virus on the network. Some it may be we've had a high number of people reporting a phishing email. So there's lots of jobs where it's a reactive job where an alert is issued and you react to it.

There's other types of jobs that are more forensic analyst jobs. These may be somebody in an investigative situation where we have a hard drive that we know belonged to a criminal and we have to figure out all the evidence on it. Or we have a hard drive that we believe had a computer virus on it. How do we find the virus, isolate it, and find out what that virus does?

Other people are more interested in attacking. So if you have a proclivity toward hacking, let's try to put that to a good use. Almost every web application that's published by a corporation these days needs someone to attempt to attack it and to document what types of attacks are currently successful against that application. So this is a way that we help developers to build more secure code by looking at the code they've put out and attacking it to see if there are any weaknesses. Hopefully, we have a feedback loop that helps us developers do a better job next time.

One of the other resources that's available, this is from us-cert.gov. There's a thing called the National Initiative for Cybersecurity Careers and Studies. And what they're listing here, and you see the URL again there at the bottom. This URL will go through each of those seven different categories of cybersecurity careers and dig in deeply and tell you more about what to do if you're interested in that career, what are the key knowledge areas that you're going to be working in, what specialty skills might you need to have. But it doesn't treat cybersecurity as a whole. It digs in and gives different examples for each one of those.

Well, those loop back to that heat map. In addition to the map showing just the raw numbers, it also breaks it down by what categories. So let's talk about what kinds of careers and what kinds of activities are involved in each of these. I've got three of those circled in red boxes because we're going to get back to those in just a minute. But let's begin with the one that has the most job openings.

Operate and Maintain: operating and maintaining, these are the people that just keep your computers, your servers, and your networks running properly. A lot of these are tech-support-type jobs. This would include certain aspects of designing networks, deploying networks, all this type of activity, and then just those people who are watching for alerts about unusual traffic activity, this sort of thing. All of that can be under Operate and Maintain. These are jobs that often don't require a college degree.

If you have a technical certificate, if you sometimes have an associate degree from a community college, those are jobs that are very often available to those. And what we often recommend to college students is, go ahead and get a technical certificate, get an entry-level job in this Operate and Maintain space, and use that to learn more about the field and to start generating some income so you can go to school to get a more interesting job.

Securely Provision is where most of our…sorry. On Operate and Maintain, if you're a hardware person, if you love building computers, taking apart computers, understanding the components, if you're constantly modding and upgrading your system, those are all things that might be great Operate and Maintain things. Think Best Buy Geek Squad there.

Securely Provision is more where our programmers are going to be living. So if you're a developer, if you're someone who loves writing code, if you started off as a web developer and have now migrated up to doing coding in Java or Python or CE, you may want to look in the Securely Provision space. There's a couple of areas here. One side of Securely Provision is helping to administer the user IDs and the passwords, building the access control lists that are necessary for this type of work to identify which people and which network locations are allowed to access certain things. These are the people who configure your firewalls, for example, or your intrusion detection systems or intrusion prevention systems.

So all of that stuff here in Securely Provision is going to be more the designers, builders, and system architects. Another role, by the way, in Operate and Maintain are the people who patch things, who watch to see what new vulnerabilities there are and then deploy the patches to keep all the systems up to date.

The box called Oversee and Govern, that's an area more that has business perspective to it. These are the people who are writing security strategy, and often this requires some management experience. So a lot of times what you'll see is someone who works their way up through Operate and Maintain jobs or Securely Provision jobs, after they become a supervisor and a manager, they may migrate over to start into a more strategic direction role.

Now the three red boxes, why I'm highlighting those is those are the ones that we work with mostly in my area. I like to think of it as Operate and Maintain and Securely Provision may be your infantry in your military, whereas Protect and Defend and Analyze, those are more the Special Forces, if you will.

In the space of Analyze, I'll tell you just a little bit about my lab which is—part of it is pictured there. In my lab we have a lot of people that do what we call all-source intelligence work. So all-source intelligence is where we take every available resource to answer a question that's going to help somebody make decisions of better ways to protect their networks. So some questions can be broad or narrow. In this space, I gave a few examples. For instance, what ransomware families are most common?

We get questions like that a lot because I have 12 students that work in my lab right now who do malware analysis. That's what they do for me. They take apart computer viruses. They infect themselves with computer viruses. And they provide real-time reporting back to law enforcement agencies and corporate partners on how these viruses work.

A more specific example would be how does the SamSam ransomware spread within hospitals? So perhaps our client is a health care company and they're wanting to know the best way to prepare to defend from a particular virus. In that case, in addition to infecting ourselves with SamSam and seeing how it works, we may actually go interview people who have been through that experience of being infected and talk to them about how did the network spread or the malware spread in their health care environment.

Other things that we do is a lot of dark web monitoring, social media monitoring, online forum monitoring. So a question might be, what dark web portals are talking about a particular bank the most? We just had a request today from a banking partner that said, "We've heard that there's a particular cybercrime forum. A criminal has mentioned that he has a Wells Fargo insider who works as a teller. What can you tell me about that person's account?"

My students were able to respond to that because we have accounts in all the bad-guy places. So here's some more examples. We watch Instagram and Facebook and Twitter. For example, this guy is on Instagram telling people they can make $4,000 a day, just send him a text message. And what he's going to do is, he's doing mobile deposit fraud. Well, we've actually studied how this attack technique works and have done briefings for places like the Financial Services Information Sharing Analysis Center, the FS-ISAC, and the American Bankers Association.

Some of my students are at Microsoft right now talking about these kinds of attacks with one of the major financial partners that we work with. In that space, gathering that information from social media, it's not just sitting and reading Facebook pages. We've actually developed tools and techniques and automated a lot of things. So I have about a third of the students who work in my lab are actually working as programmers who help us build better tools for that. And as we tool those things, that gets us into this next category I wanted to talk about, which is called Collect and Operate.

In the space of Collect and Operate, the objectives here are that we want to take those things that an analyst has found that are useful to the decision maker and see if we can automate the process. So for example, in the area of counterterrorism financing, we're in many different online forums related to terrorism and gathering all of their messages, finding any time they mention Twitter or Facebook or several other social media sites, and then going and getting those messages and finding all the people who follow that person's Twitter account and all the people who have responded to that person's Facebook posts and all the Facebook groups that person is in. And doing automated analysis of all those messages to identify who are the most influential people, who are the people who have mentioned money or virtual currencies in that space.

In the area of malware, we look at about 30,000 malware samples a day in my lab, which is why we can make statements about what malware is most prominent. Just yesterday there was a press release from the FBI that you can see up on the Department of Justice website. A particular criminal was running a botnet called Kelihos, was arrested and pled guilty yesterday. And they thanked our university because we actually led an industry task force to help identify who this person was. In fact, I may have a slide on that.

But here's some examples. These are Twitter profiles—I'm sorry—Facebook and Twitter things both. Looks like the image overlaid on itself. Sorry. One of those is showing Facebook groups that are related to phishing. That's the one Yahya Zahr is a member of, and then the other is showing Twitter pages. This is what it looks like when we start doing analysis of how those groups are related to each other. So automating the process of graphing that and then making sense of those graphs, that's all part of this Collect and Operate space.

This graph as an example, about 2.8 million messages that were shared on social media where a criminal mentioned a bank and identified who the 25 people who mentioned the top 25 banks the most were. And then as we zoomed in on that, we saw, for example, here's a Facebook account belonging to a guy named Oluwa Blinks. He mentioned Capital One in 262 posts related to cybercrime, or PNC 252 times, JPMorgan Chase 217 times, Wells Fargo 173, etc.

And the point here was that until someone had collected this information into a single place, none of those banks realized they were all looking at the same criminal who was attacking them all. And those are the kinds of trends that become obvious when you take the time to automate the collection. So it's not one guy looking at one web page or one guy reading one thread on a forum. It's a computer that gathers four million messages and then tries to make sense of them by doing pattern analysis.

This is one of those forums as well. This is a criminal forum called Altenen. They specialize in credit card fraud. And you see the toward the bottom there, there's a forum called "accounts and database dumps," which is part of the Altenen forum. And at the moment I took this screenshot, there were 725 people logged in looking at messages there. And you see that there are 3.5 million posts that have been made in that portion of the forum. Well, that forum has hundreds of thousands of criminals. This is showing that at the time of the screenshot, there were 3,380 users reading messages on a forum that only has the purpose of providing information about credit card fraud to other criminals.

So the next area that I wanted to focus on is what's called Protect and Defend. The main areas here, we talk about computer network defense and analysis, as well as computer network defense infrastructure, incident response, and vulnerability assessment and management. All of this is about proactively defending our network. If it's beforehand, we call it network defense; if it's after the hack has already occurred, we call it incident response.

And we do this kind of work a lot. These are some of the times the FBI has mentioned our lab for help with this type of work. This was from a case we did for ICE [Immigration and Customs Enforcement], Homeland Security Investigations portion of ICE, where we seized 1,500 domain names that were selling counterfeit pharmaceuticals. My students actually did the search warrant analysis on over 80 search warrants that included 500,000 emails in order to makes sense of this and get the case brought to prosecution.

In the Investigate area, that's not listed on the cyberseek.gov jobs or cyberseek.org site because it's not considered a cybersecurity job. It's more considered a law enforcement job. But there's a lot of jobs both in industry and in law enforcement that fall into this space. And some of those are through partnerships. So I work very closely with the InfraGard program where people working in corporate security assist law enforcement at the FBI in their investigations.

The Secret Service has a similar program called the Electronic Crimes Task Force, which is partly law enforcement people and partly people, especially in the financial services industry, partner with the Secret Service. So just because you're not working for a law enforcement agency doesn't mean that you're not going to be assisting in investigations. ISSA [Information Systems Security Association] is another organization you might want to look into. And both InfraGard and ISSA in most locations have a student membership as well.

This is the case I was just mentioning a minute ago. Kelihos was a botnet that delivered four billion spam messages a day. And our students started a task force that included people like Spamhaus and Cisco and ThreatSTOP and a few other major companies. We did weekly briefing calls to gather information about how this botnet worked and shared it to law enforcement. And again, he's the guy that pleaded guilty yesterday.

A lot of students will ask about what certificates they should pursue. And unfortunately, most high schools are telling people to get a CompTIA Security position—or certificate. What this chart's showing is that there's 167,000 people who have that certificate and only 33,000 jobs that want that certificate. The same is somewhat true for the CIPP. It's a bit of a worthless certificate. Far more people have that certificate than there are job openings for it. The most valuable one is actually the CISSP. And the CISSP you can see that there's actually about 76,000 jobs or people that have that, but you'll notice there's 78,000 jobs that are open that require that certificate.

Well, every one of those 76,000 people already has a job. So that's a situation where we could use a whole lot more people who have that certificate. And that particular certificate breaks down into 10 different security domains that they ask you about. And I list them there. I think we should probably stop there. We're running short on time. And it may be time to turn it back over to Julie for questions. Is that right, Julie?

Kornegay: Yeah, that's fine. Thank you. There was a lot of really, really good information. And I want to personally thank you for taking out the bot. I get a lot of that spam type of email, and it just makes me crazy. So I'm going to take control of the webinar tool so that I can advance my slide. And let's see. Now, Gary, I think you might have to give me control back of the webinar tool. There we go. "You are now the presenter," excellent. So I'm going to advance forward and…

Warner: Oh, I'm sorry, Julie. Let me mention one last thing here very quickly. This is a high school competition that we've hosted the last two years sponsored by Palo Alto [Networks]. This is called a capture-the-flag competition where high school teams came to compete answering cybersecurity challenges, and this was sponsored by Palo Alto. We gave out $20,000 in scholarships there.

And then I also wanted to mention just real quickly the Cyber Detective Camp that we run. And the top left there, that lady in the black jacket there, that's [FBI] special agent Kim Castillo who's now a supervisor on the cybercrime program at headquarters who came to spend some time with our students talking about some cases that the students had originated. But I just wanted to mention those two things before I turned the ball back over to you. Sorry about that, Julie.

Kornegay: Not a problem. Thank you. Again, thanks so much for all that wonderful information. And we've got about five minutes left, and I want to get to some questions. So go ahead and type those in, and I'll look at those in a second. But to kick us off, I asked this question on yesterday's webinar, and I was so impressed with the responses, I thought I might ask our presenters today for their thoughts on the same question.

So according to the Bureau of Labor Statistics, the important qualities candidates in this field should have include analytical skills, detail oriented, ingenuity, problem-solving skills, communication, and teamwork. I've got Nancy and Michael here. I'm not sure which one of you guys want to jump in first. But which of these skills do you think are most important? Michael?

Levine: I'll start. I think they're all important. And there's one that's not necessarily listed that's probably more important than all of them and may combine a few, and that's the ability to pivot. Because a lot of the jobs that are coming into being now that are in very high demand, may, two or three or four years from now no longer be the place to be. There may be others that are more important and more lucrative. So being in a position where a person is always asking the question, "What if this job were to disappear a month from now, what would I do and how do I get prepared for it," I think that's the most important skill set.

Kornegay: So never get too comfortable.

Levine: Absolutely.

Kornegay: Good, good. What about you, Nancy?

Donahue: I think for me as a hiring manager, problem-solving skills. And that translates to just many different areas. Being able to roll your sleeves up and dig into a problem no matter what it is and seek our your own answers, but then being able to interpret what you find and make recommendations, to me, is invaluable.

Kornegay: You know, I always try, you know, we all have our challenges, but I always try to have a possible solution before I go to management with a problem.

Donahue: Yes.

Kornegay: And I feel like that, in a lot of ways, will help you earn the respect of the leadership and to know that you have control of the situation.

Donahue: That's exactly right.

Kornegay: Good. Well, Gary, what do you think? Do you have any thoughts on this topic?

Warner: There's a couple things there. One is we use the tagline quite frequently, especially in our malware lab, we say, "Malware analysis is a team sport." And the thing that we find is a lot of people try to be the star. They try to hog all the attention by hoarding information. And you absolutely have to be in the information-sharing business if you want to have a career in this space.

The second part is a little bit like what Michael was saying. Some of the jobs that people have today or that they went to school for won't exist in four years. And if you think about it, you know, Facebook is, what, 10 years old now? A lot of the things that we're talking about today won't even be relevant by the time you finish your degree. What will always be relevant is the ability to quickly read and assimilate new information and put it to practical use.

So I'm looking for people who can demonstrate that they can read and take new information in quickly and then, for whatever odd reason, what we see is that with regard to testing, the number one predictor of success in this area is high math scores. And I don't use any advanced mathematics in my work, but what we've realized is that the people who score well in mathematics are almost always also the ones who have the logical approach to problem solving and that just really make great investigators and cybersecurity analysts.

Kornegay: Thanks, Gary. That's really good advice. And I like what you were saying about teamwork as well. So in the chat box we have a question, and it says "Understanding that Georgia is the latest and greatest fintech hub, are there comparable classes or education programs in other states that the Atlanta Federal Reserve serves?" Fintech is really new. Nancy, I'm going to sort of let you lead. But I don't know of any other programs. I think Georgia's really on the forefront. But what are your thoughts?

Donahue: The recommendations that were made to state of Georgia really came out of a partnership between private industry and industry groups in the fintech space, payment space, you know, pushing the University System to help solve the problem with them and get some programs in place. So it's very new here and still in the approval stages.

Kornegay: Yeah, definitely. I can see how developing that course of study and the curriculum surrounding those types of jobs and just the preparation that you would need, you know, even locating talent to teach those courses. We've just talked about how these jobs are all in high demand. How do you fill the jobs that are…to teach the people to fill the jobs? It's sort of a chicken-or-an-egg thing.

Donahue: Well, there's not even an industry definition for fintech. It's all just so new.

Kornegay: Yeah. The payments are moving fast. So we are at 5:31, and I want to bring our session to a close. So let's see here. On behalf of everyone, I'd like to thank you for participating in today's Maximum Employment Matters. You will receive a survey via email. And we would like to ask you to take a moment and fill this out. Let us know how we're doing, what other topics you might find interesting. If you know of someone that would find this session valuable, it was recorded, and it will be archived on the Maximum Employment Matters webpage in the coming weeks. And with that, I'm officially bringing this session to a close. Thank you for joining us and have a great rest of your day.

Levine: Thanks, Julie.

Kornegay: Thank you.