Editor's note: This article originally appeared in LM's sister publication, Supply Chain Management Review.
Steve Durbin, managing director at ISF (Information Security Forum) – a cybersecurity consulting firm, tells Supply Chain Management Review to expect “evolutionary” changes in the risk scenario this year. “Security is only as strong as its weakest link,” he says. “Despite organizations’ best efforts to secure intellectual property and other sensitive information, limited progress has been made in effectively managing information risk in the supply chain.” Too often, he adds, data breaches trace back to compromised vendor credentials to access the retailer’s internal networks and supply chain. Information shared in the supply chain can include intellectual property, customer-to-employee data, commercial plans or negotiations and logistics.
Supply Chain Management Review: Total landed costs are driving some companies out of California. Will greater cybersecurity resources keep them from leaving?
Steve Durbin: I doubt the greater cybersecurity resources provided to companies within California would have any impact on a business decision to relocate outside of California. The scarcity of cybersecurity resources is a global phenomenon, and almost anywhere they were to relocate would have similar constraints.
SCMR: Is the cybersecurity “talent gap” unique to California?
Durbin: California has a very large requirement for cybersecurity skills due to the dominance of the information technology and entertainment industries. While many capable cybersecurity professionals reside and work in California due to the availability of high quality jobs. However, the talent gap is so large against the demand that even the attraction of quality jobs cannot address it. Again, this is a global problem.
SCMR: Should universities and colleges nationwide concentrate on cyber security curriculums?
Durbin: I have always that universities and colleges should focus on core critical thinking skills and leave practical skills to those best suited to teach them; either technology employers or specialized boot camps. The rate of change in technology and the diversity of the installed base for cybersecurity tools is so high that the timeline for University curriculum could never keep up. However, understanding first principles and knowing how to be a critical problem solver applies to any technology you use.