“One intrusion set [hacker attack], not the most prolific, we see pulling data out globally that is 50 times greater than Wikileaks ever day.” General Keith B. Alexander,

USA, Commander, U.S. Cyber Command

"French espionage is so widespread that the damages (it causes) the German economy are larger as a whole than those caused by China or Russia."an undated note from the US embassy in Berlin said, according to a Norwegian translation by Aftenposten.

"It [cyber-attack] could theoretically cause a loss of life, but also a huge economic loss.”Janet Napolitano

Department of Homeland Security Chief

“This summer a significant attempt on the Foreign Office system was foiled. These are attacks on our national interest. They are unacceptable. And we will respond to them as robustly as we do any other national security threat.”David Cameron, UK Prime Minister

“When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country.” Department of Defense

Cyberspace Policy Report (Nov. 2011)

“China is playing by different rules. One, they are stealing intellectual property. Number two, they're hacking into our computer systems, both government and corporate.”Mitt Romney

“Rogers has actually spoken with executives from some of the American businesses hit by cyberattacks, and he says stolen intellectual property from just one hi-tech company cost them billions of dollars in research and revenue as well as thousands of U.S. jobs.” The Chairman of the House Intelligence Committee

Republican Rep. Mike Rogers of Michigan

"When nations steal terabytes of information our nation suffers for 20, 30, 40 years.” (Retired) Lt. Gen. Steven BoutelleFormer U.S. Army's Chief Information Officer

BuildersThose who develop of secure code.

BreakersThose who locate vulnerabilities in written code.

DefendersThose who fend off active website attacks.

The biggest problem in application security today…

The need for qualified people.

BuildersGary McGraw (CTO, Cigital) says roughly 1% of all programmers should be software security pros, or “Builders” in our case. Gary, through a project called BSIMM, arrived at 1% by surveying dozens of software security programs among large companies and measuring what they do.

Worldwide programmer population: 17 million

We’ll need 170,000 “Builders”

BreakersWe’ll use a ratio of 1 “breaker” per to 100 websites. This ratio comes from internal metrics at WhiteHat Security generated from assessment conducted over the last 8 years and encompassing more than 5,000 websites.

“Important” (SSL) website population: 1.2 million

We’ll need 12,000 “Breakers”

Out of 550 million total websites that should be assessed continuously for vulnerabilities.

Defenders

No idea how to begin to estimate the Defender need, but it’ll be in the tens of thousands at least. Considering the vast number of website assets that must be protected, the 1 billion online users who someone needs to ensure are playing nice, and monitoring the serious volume of Web traffic they generate.

?

Hack Yourself

First