Top 5 soft skills and the Federal Cybersecurity Reskilling Academy

Chris Triolo, VP of Customer Success for Respond Software, and Cyber Work podcast host Chris Sienko discuss the Federal Cybersecurity Reskilling Academy and the top soft skills that can help you break into a cybersecurity career.

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • Transcript
    • Chris Sienko: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of infosec professionals while offering tips for those trying to break in or move up the ladder in the cybersecurity industry. Our guest today is Chris Triolo, the VP of Customer Success for Respond Software. He and I are going to talk about the top five soft skills and why they are just as critical as technical aptitude when preparing for a career in cybersecurity. The shortage of cybersecurity professionals around the globe has never been more acute research by ISC Squared places the estimate at just under 3 million with roughly 500,000 of those positions located in North America. Couple of this with the continued explosion of threats and the industry is in dire need of support. The government is also taking note of this need and in response developed the Federal Cybersecurity Reskilling Academy. With this program, federal employees can gain hands on training in cybersecurity, one of the fastest growing fields in the country. The reskilling effort is part of the administration’s commitment to develop a federal workforce of the 21st century as outlined in the president’s management agenda and the recent government reform plan. The Federal Cybersecurity Reskilling Academy exhibited several valuable soft skills that made them rise above the immense number of applicants during an interview process, including communication and collaboration, analytical mindset, keen understanding of human behavior, research and writing experience and curiosity and creativity. And we’re going to talk to Chris about all of these. Chris, thank you very much for you being here today.

      Chris Triolo: Thanks for having me, Chris.

      Sienko: So to start at the very beginning, we always like to ask our guests how and when did you first get started in computers and security and why?

      Triolo: Yeah, It goes back to about 1997, ’98. It’s been more than 20 years at this point. It really started for me, I got a position as a temp, as an office manager at a defense contractor. And so basically I was a front desk person and there wasn’t a lot for me to do in that job, but I did have a computer in front of me with internet access. And so I took advantage of that. Right? It was there and I started using it and started learning, essentially teaching myself. But what was cool is that I was working for a company that this was there a satellite office for them and the locals needed IT help and there was no IT person there. So I started helping them. I learned networking, how to get them on the network, how to configure their email clients, how to get access to file shares and this kind of thing. And it was great. I learned it, I was helpful to them. They made me a permanent right. From a temp to a permanent position. But where things got really interesting for me is one of my bosses came to me one day and said, “I think I’ve got a position for you. I want to punch you out at Schriever Air Force Base,” it was in Colorado Springs at the time “to do information assurance,” IA. I didn’t even know what IA was, right? I mean, that’s what the DOD calls information security, right?

      Sienko: Yep.

      Triolo: And I said, “You know I don’t know what this is. Right?” And he said, “Don’t worry, you’re going to learn because you have the right aptitude. You’re the kind of guy who can pick this stuff up real quick and we’re going to send you the training and things like that.” And so that’s basically how it began. They had a political situation going on out there that they thought my soft skills were going to be really helpful for. And that’s where I first started seeing how soft skills and a career in information security actually tied together really well.

      Sienko: Okay. So yeah, let’s jump back to that first position when you were the temp and you just sort of learned how to get people onto the network and get people onboarded and stuff. Was it just like trial and error, were you just like running and grabbing books out of the library? How did you sort of ramp yourself up very quickly that way?

      Triolo: I mean, it was probably a combination of three things. One was books. Literally that was the time where most of the information was still being printed in books that you’d go to Barnes and Noble and take off the bookshelf.

      Sienko: All information is available in For Dummies form.

      Triolo: And so, yeah, exactly right? And I mean, don’t kid, right? That was actually a really useful book because hey got right to the point in those books. That was really probably the major source. In that position too, as I said, I was working with the IT department that was based back on the East Coast. And so I would reach out to them for help and explanations at times. And then, there was some stuff available on the internet, but it was a lot of trial and error. It’s about having those pieces of hardware, in your hands that PCMCIA cards, right? Which is the things you’d plug into a laptop and then have a dongle and so you’d have this equipment in front of you and you just practice with it and play with it. And the combination of that really gets gets you there.

      Sienko: Yeah. So let’s real quickly just turning career thing, what is your day to day work as VP of customer success for response software look like? What is your average day in terms of projects or hours or expectations from clients, things like that?

      Triolo: Yeah, so right now the primary goal for me or for my team is to get customers up and running on our software to get them trained up, understanding how to use it, making sure that it’s providing the value that we set out to provide when we sold them the product. But we are a relatively new company, so we’re three, three and a half years old at this point. And so, essentially that startup situation where a lot of the backend processes and tools and procedures have to be developed. So we’re still, spend a line of time, developing those and now it’s more refining them. We have a lot of that in place. But as we’re actually in real world scenarios, you start to see, okay we’ve got to make improvements and changes here. So we spend a lot of time doing that. But the other thing would be, as a startup, every executive in the company really has a sales responsibility is to talk to customers and explain to them, what our software does, what the value is and things like that. And people like me are actually uniquely qualified to have that kind of conversation because I’ve got this background with technical security. I was that practitioner. I learned all that time ago. And then, bringing that forward and being able to explain the products from a technical perspective, but also from a business value perspective. And so, it ends up being quite a bit of time doing that these days.

      Sienko: Okay. And you’re also a security evangelist for the company as well, is that right?

      Triolo: Yeah. And that usually finds its way in the form of conferences, speaking engagements where we’re, explaining to customers typically what are these challenges and security? This one that we’re discussing today being one of the major ones, the skills gap, shortage of people and what to do about it.

      Sienko: Yeah. So what is the sort of ratio between, I mean, I don’t know if you sort of divvy it up between your VP hat and your evangelists hat, but what is the ratio in the average day between doing this or doing that? Or is it all kind of fluid?

      Triolo: It’s pretty fluid, but I would just say in general it’s 80/20. 80% of the time I’m really focused on running the customer success team and 20% maybe out on the road doing conference talks and things.

      Sienko: Got you. So the focus of today’s episode obviously is the issues behind and some solutions to possibly the cybersecurity skills gap. So let’s start with the root causes. We noted in the intro that skills gap between qualified cybersecurity professionals and jobs that need them is estimated at just under 3 million with roughly 500,000 of those positions located in North America. So to start things right off, big picture stuff, what is the biggest cause of the skills gap in your opinion?

      Triolo: I think the digital economy has grown so fast that we just can’t keep up with it. Right?

      Sienko: Yeah.

      Triolo: The tech adoption has been so fast that the size and scope of the problem of the data that we have to process and manage, it’s just exploded. It’s gone exponentially. And the human population has not caught up with it. And I think is probably the primary reason. You hear all about the number of connected advices, everybody’s digitizing their operations. And although, I mean, you’ve got the IT focus, but what about the security focus? Right. And it tended to be an afterthought, I think. And things of that nature and that ended up creating this gap. And, honestly it’s, I don’t even know if we could catch up to it at this point.

      Sienko: Right. There’s only mitigating at this point or triaging I guess. So in our intro we talked about the Federal Cybersecurity Reskilling Agency. What is this, when was it founded and what are not only its concrete goals but the methods it’s using to try and achieve them?

      Triolo: Yeah. So the Office of Management and Budget actually hatched this last, it was November, 2018 when they announced that they were going to do this program. And what’s so interesting about it is, is they decided they were going to pull people from other federal jobs that would actually apply for this thing and teach them cybersecurity skills, enough to actually operate or act as a security analyst. But they weren’t going to draw from all your traditional IT type jobs, the ones that you’d expect that you’d be getting people from. And that’s pretty innovative and I think it’s, for certain, one reason of course is just the shortage. So as maybe a bit of a science experiment, can you pull people from traditionally non-tech IT jobs and make them effective and in this way. But what they did is they hooked up with Sans Institute, which is, going back to my first story, the first training I ever went to was Sans back 20 years ago. I mean, that’s where I got the best and most training for cybersecurity at that time. So they worked with them and they developed this curriculum. But the first thing that they developed is this on online assessment. And what the point was, was to see if they could test whether or not people had the right soft skills, problem solving skills, these kinds of things to make them probably have a good chance of being successful in the cybersecurity area. Right? And so that’s kind of where they started.

      Sienko: Yeah, I mean, I guess the idea is that you already have the IT area is under understaffed enough as it is. So why not why not get security folks from other areas that might be able to sort of endure it a little better. Right?

      Triolo: Yep. And then the approaches is kind of typical to how Sans does things. There’s classroom training and online training and things like that. But then they move to certification, taking tests and then it’s hands on practical experience. And I think this is the real key of how it actually becomes real is you could do a lot of that sort of book learning, but it’s when you put hands to keyboard, when you actually have to solve the problems that the concepts start connecting, you start building that skillset.

      Sienko: Okay. So moving into the sort of meat of the matter, the Federal Cybersecurity Reskilling Agency has identified these five invaluable soft skills that set potential cybersecurity professionals applying for jobs. Apart from the pack. So I’m hoping we can kind of go through them point by point. I have questions for you on each of the five if that’s okay.

      Triolo: Yep.

      Sienko: So first we have communication and collaboration. So what does that mean sort of empirically and how does one display communication and collaboration skills in one’s resume or interview? How do you sort of enhance that in your work skills?

      Triolo: Yeah, I like to say that security is a team sport, right? You’re rarely doing it alone. I mean, you may be doing some research project by herself, but ultimately you’re working in a team environment and that expands beyond just the security group. That goes into the IT group and maybe other groups even like human resources and legal and PR, if you have any kind of breach situation, those groups are others that would be involved. So having a ability to communicate well and to collaborate with others is very important skillset in terms of doing effective cybersecurity, and any of these organizations. If I’m talking to a prospect, if somebody I’m interviewing, what I’m basically asking for is for them to provide examples where, give me situations where you’ve been collaborating with your peers or you’ve had to communicate on a broader spectrum or that kind of thing to assess what their skill set is in that area.

      Sienko: Yeah. Yeah. What are some of the sort of shall we say green lights or whatever? What are some things you’d like to hear in an interview that indicate that someone is strong in this area?

      Triolo: Yeah, yeah. The one thing that I think about is security and security people. We have sort of a perfectionist sort of attitude, right? And we want everything to be secure and we want you to do everything the right way. At times, you kind of lose that idea of, well, you can only ask users to do so much, right? It’s user acceptability and things of that nature. And so the better approach is to figure out how to sort of influence, right? How do you influence people to do what you want them to do from a security perspective without getting them upset. So it’s those kinds of things that you’re looking for, like for people’s ability to influence, to be able to … They may not have the authority to get something done, but they’re able to get people to move in a direction even without that authority.

      Sienko: Got you. Okay. So let’s talk next about analytical mindset. I feel like this probably is the most sort of intuitive in terms of being able to see like, okay, I can see where this would be useful specifically for security, but how does one, would you say, develop this sort of skill? Are there methods or techniques that you would use to sort of develop an analytical mindset? Are there things you can do in your day to day job that will increase it?

      Triolo: Yeah. So, there’s quite a bit of things that you could do. I think about how when we train security analysts, over the years I’ve had a lot of opportunities to do that. And one of the things that we ask them to do is to write research reports. We give them a, for example, a breach or a compromise and say, explain what happened. And this gets people to essentially do two things, they externalize, which means, write it down and then they reduce, they break down the problem into parts and then explain what’s happened in these. And when you get people to do that exercise, you can see how, they start developing these, these analytical skills, right?

      Sienko: Yeah. Now is that sort of the sort of thing you would recommend people looking for a new job that they would sort of maybe write something out like that in a cover letter or sort of like find a way to sort of let the gatekeepers see an example of it?

      Triolo: Yeah, absolutely. I mean, if you’ve got the opportunity to do that thing, to write something, I don’t know. It may sound crazy, but yeah, do it, write it, publish something if you can. When you get a San certification, they will make you do that, write this research paper at the end. That is something that I’ve seen a lot of people use when they bring to employers and say, “Hey look, here’s the research paper I wrote.” It’s actually a really effective way for somebody who’s hiring to see that you’ve demonstrated this analytical skillset. One cool website that I’ll just have to mention is a clearerthinking.org and go to that and it’s got just tons of resources to help you understand what is this analytical mindset and how to develop it and how to think about it. The other thing that we talk about doing too is, is domain transfer is to think about how to apply concepts and strategies from one domain to the other, right? Most obvious in our industry is military. Like looking at examples of how military strategy can be applied to your cyber strategy. But healthcare is another one that you’ll see being used a lot. This idea of developing immunities and that kind of thing. How do you get your networks healthy? We use that analogy a lot, but it’s good and it works and it really helps I think, develop that analytical mindset.

      Sienko: Okay. And remind me of the name of the site again. Clear thinking, clear mindset. What was that?

      Triolo: Clearerthinking.org.

      Sienko: Clearerthinking.org. Okay, very good. So jumping to the next one, when you say keen understanding of human behavior, I mean that sounds to me like something that’s innate to certain people and less so to others. Is that a skill that can be developed? Understanding human behavior?

      Triolo: So, I’m going to tend to agree with you that it’s innate in certain people. We’re talking about EQ here, right? Emotional intelligence and people who have that, you tend to see, you kind of have it or you don’t. But I do think you can learn in this area, right? It can be studied, right? Criminology is a good example, right? I mean, you can study criminology and understand how criminals work, how they think, and then you start to see humans are very repeatable. They do the same things over and over and over, right? So once you start to understand their motivations, you can apply that. So I do think you do learn over time. I would love to person if I were hiring, right? That has that innate emotional intelligence.

      Sienko: Okay. So jumping onto 0.4 here. Research and writing experience. It’s less hard to define and easier to know how to develop, but even that, it’s like sort of get your opinions on this. How would you suggest that young cybersecurity professionals try to develop their research and writing experience and display it, especially for potential customers or employers to see? I think we talked about that before. You said publish your findings, publish your analytical mindset. What are some sort of publishing ideas that you have in terms of sort of both practicing your writing skills and also showing them potential employers?

      Triolo: Yeah. Just wherever you can, do your research, put together examples of writing. Take the time to do that. But it’s usually going to work best when you’re able to collaborate with others, when you get to share this information. So my suggestion would be to hook up with people that would give you that opportunity. Right? That’s going to take the time to read what you’ve written because it’s hard to get motivated to write stuff if no one’s going to read it. So whether that’s building networks, people in your company or local groups. Because there is all that kind of thing, especially in the security industry. We’re very welcoming.

      Sienko: Yeah. Encore groups and learning groups.

      Triolo: Right.

      Sienko: Social networks.

      Triolo: Many of these things. Yeah, exactly. You just reach out and it’s there for you. And that’s where I would start practicing these things. But Chris, I was an English major in college.

      Sienko: Yeah, same here.

      Triolo: Yeah, I saw that. And, I find it interesting. I never thought I would find myself in a technical job, let alone, info security job. That has served me so well throughout my career. I mean, you spend so much time writing and whether that’s, these kind of research things versus email communications and data sheets and you name it, right?

      Sienko: Talking to clients down off the ledge and all kinds of … Yeah.

      Triolo: Exactly. Exactly.

      Sienko: No, all my friends that were laughed at for being either English or philosophy majors are all doing okay now.

      Triolo: Yeah. I tell everybody, if you don’t know what you want to be just be an English major, it’ll translate later, I promise.

      Sienko: Yeah. Oh yeah, Nope. We all use it. So again, we’re moving to sort of a more abstract concept, curiosity and creativity. On one hand these seem like things that you either have or don’t, but I feel like there must be some tips for how to further expand your curiosity or creativity. There’s all kinds of brain training and sort of you say emotional intelligence type things. Do you have any ideas on this?

      Triolo: Yeah, this is definitely a tough one because you really got to have a passion for something because I think that is where the curiosity and creativity is derived from. It’s that passion itself. And one thing that you’ll notice, and I think you can talk to anybody in security and you’ll get sort of the same answer. The people who are best in security, you will see that passion. They will come with that, even if they have no security experience or knowledge, they will have this sort of a passion to learn, to want to know how things work, to want to know how to break things. And that and that sort of thing. So, I guess the bad news a bit to me is that it maybe it just doesn’t come naturally to everyone or if you don’t have a passion for that thing, it’s going to be hard to show either of those attributes to curiosity or creativity.

      Sienko: Yeah, that’s a downside. But on the other hand, I think that represents an upside for people who think, well I’m not technically minded enough but I still would like to get into cybersecurity, but I feel intimidated by sort of all the networking or all this sort of fiddly diddly do-dads or whatever. And we’ve had plenty of guests on the show who have said, “I’ll train anyone in the tech of it, I want to see what your problem solving skills are. I want to see what your soft skills are.” Things like that.

      Triolo: Exactly.

      Sienko: So moving back to sort of skills gap concepts here because of the speed at which up to the minute knowledge changes in the security game. They say that update knowledge has a half-life of about two years. So about every two years, half the knowledge that you have is no longer viable. Do you think this issue is bigger than just getting people onto the skills treadmill so that they’re staying fresh? Is that ever going to be a thing that can be sort of sped up or accelerated in any way?

      Triolo: Yeah. So it’s funny, I think that being on the treadmill is kind of the point, right? It’s people who are going to do well in this industry, you have a growth mindset. You want to learn every day. You want to have to keep pushing and learning the new techniques and how things are getting done. And if you’ve got that in mind that you’re going to have a life of learning, these are the types of people, again, that will do well in the industry. But that I think don’t get burnt out in these kinds of situations. Don’t feel like it’s actually, that it’s a tread. Yeah, exactly. And then you’re on this treadmill situation.

      Triolo: The other thing that I’ve noticed over the years, 20 years of doing security is that when you go up a layer of abstraction in thinking about the attacks and how they work, it’s actually kind of all the same stuff. The classes and bugs, they haven’t changed. It’s still a buffer overflow attack. It’s still a cross site scripting attack. It’s kind of the same class of attacks, but maybe different techniques and methods. And so depending on what your role is, you actually can keep a pretty current understanding of what’s happening in the industry without having to kind of turn over that knowledge every year.

      Sienko: Yeah. It’s like doing a malware update. All that new sort of ambient data is just getting sort of soaked in, but you’re still doing the same things. So within your own organization, how do you assess both the real skills gap in your organization, the actual skill level of your staff and the actual skill level applicants for your infosec positions? Are there questions you should be asking candidates or existing employees? Crude analogy. We talked about this a little bit with the sort of demonstrating your problem solving skills, but do you have any other tips to sort of help, HRC, what are examples? Because it would classically, HR has a problem of looking for, will they have the right sir, they have the right point on their resume or whatever. But how do you sort of get past that?

      Triolo: Well, I think one way is not so much to ask what, but show me how you think. Right?

      Sienko: Yep.

      Triolo: You give candidates questions, if I asked you to build Twitter, how would you go about doing that? Right? Do you build a web app first? Do you build the database in the back for … The way that candidates will answer questions like that will get you to understand sort of, how they think. Imagine you’ve been breached. How are you going to go talk to your manager about that or the organization about that, right? You kind of give them scenarios and see how they would sort of go through that. If you were going to conduct a vulnerability assessment, right? Instead of, do you know how to do vulnerability assessment, well, take me through the process. Explained to me what those steps are and that is a great way to kind of pull out that knowledge. I always want to do the technical questions. I don’t think you should miss those. I remember one of our questions, what’s the difference between TCP and UDP? Right? Has to be maybe the most basic networking question there is. And probably, I mean, since security, a lot of it is based on networking and how networks work, this would be very useful information for anybody who’s trying to get into the field. And you’d be surprised if you’d look at a resume that looks like it had all the right moves and then you asked that question and the answers you would get. Quite honestly, I would always be happy if someone said, “I probably can’t explain that to you. However, I have an analytical mindset and I want to learn and I think this stuff is great.” As opposed to someone who he doesn’t really know and then they try to start explaining to you what the differences between TCP and UDP and they end up disqualifying themselves immediately. Right?

      Sienko: Yeah. Would it be reasonable to say, “Well, I’ve never really worked with the distinction between the two, but we can sort of talk further about it”? Something like that?

      Triolo: Exactly. Exactly. And so, you’re kind of looking for that, I guess maybe a little bit of honesty.

      Sienko: Right. Yeah. So let’s talk a little bit about where companies are looking for candidates. You think it’s possible that qualified candidates exist and companies just aren’t reaching out to them? especially since you were saying that they don’t answer, they have to be it or tech focused. Are there sort of like untapped sort of wildernesses of potential candidates that we don’t know are out there or they don’t know they’re out there maybe?

      Triolo: Well, to answer the question, where are companies finding these people? They’re finding them from other companies.

      Sienko: Oh yeah, sure.

      Triolo: That’s the problem, right? That’s part of the problem is because-

      Sienko: They’re passing them around.

      Triolo: Yeah, as an industry it’s like we’re robbing Peter to pay Paul, right?

      Sienko: Yep.

      Triolo: And I get it. I mean, I want to do the same thing as a hiring manager because these people are tested, they’re proven, they have some level of experience in a real world environment as opposed to getting them from colleges and universities and things like that. I think the college university thing though is a really … this is the evolved for us. It used to be that no one had a security program. And now there are many, many out there, too many to even mention.

      Triolo: Some of them I think are doing some good practical hands on kind of a training and that is directly translatable or applicable to a job in the real world. Right?

      Sienko: Yes.

      Triolo: And so I’m always looking for that and encouraging and I do get around to different universities at times and talk about their programs to try to get out of that theoretical and get into the hands on because that’s the skills that actually translate for these people as they’re moving through. And if you’re able to create a crop of those kinds of students, that’s where we could be looking. Right? That’s where we could be getting a lot of these folks from. Right?

      Sienko: Yeah. So this is kind of a weird question. When I ride the bus to work in the morning, I’ll see advertisements for other states, I’m in Chicago. And so I’ll get to see advertisements from Wisconsin or Michigan saying move to Michigan, move to Wisconsin. And it seems very brash to me. But I’m thinking like, is there a possibility where the cybersecurity industry makes a concerted effort to sort of advertise itself as an interesting and viable career move sort of in other industry publications or locations? Because again, I feel like there’s needs to be this sort of beating of the Bush to sort of find, to let people in other sort of industries know, hey, this might be something you’d be interested in. You have all the qualifications more so than you need. Is there any benefit to that or am I lunatic?

      Triolo: No. I think you’re right on. I think there’s an awareness that needs to be developed. And by the way, let’s make it sound a little sexy, right? It was traditionally, I think people think of it as, well, I need to be a nerd, right? I need to be a nerd to get into the security space or whatever. Right. It’s not that at all, but getting that awareness out there. Absolutely. And that awareness could even be, I mean, I like your idea about pulling, I mean literally advertising in these other places and pulling people in, but doing that within your own companies, especially the larger companies of course where they’ve got lots of resources is, I don’t think we’re tapping into that enough. And again, we may be thinking of, I need the technical skills, the nerd qualities and these kinds of things. But going back to kind of what the whole talk is about is that there’s people that have these soft skills that are in your organization and you just got to find them. So getting that awareness out within your own organization is probably a good way.

      Sienko: Yeah. So we’re starting to wind down here a little bit. If you had kind of a magic wand to solve the skills gap once and for all, what would be the combination of actions you would take that would … What’s the kind of fast track measures of your dreams that would solve this tomorrow, if anything?

      Triolo: Well, I mean, the most obvious thing, magic wand, right? It’s-

      Sienko: Sorry. You skipped for a second for a second. What’d you say now? Your internet wobbled.

      Triolo: : Sorry about that.

      Sienko: That’s okay.

      Triolo: Stopping criminals, right? If there were no more criminals.

      Sienko: Yeah, there you go.

      Triolo: This wouldn’t be a problem. I know it sounds obvious, right? But that is really, really what it is. And if you could kind of wave your magic wand and remove that problem, then everything is easy. The thing about it is there’s always going to be criminals and it ends up being this cops and robbers scenario and every time the cops catch the robber, the robbers have to figure out new techniques and it ends up being this cat and mouse routine that goes on forever. And for that, I don’t feel like there’s a great way to solve it. I do think though, that this is where automation comes in, where we have to start leveraging the power of automation to start solving some of this. Not have to rely on humans as much as we do.

      Sienko: Yeah, yeah, yeah. No, one of our interviews with a cybersecurity analyst who said to move up to manager position, automate yourself out of your own job. You move up the next level that way. So what are your predictions for the skills gap in 2020? We’ve looked at the predictive version of what you would like, what do you think is actually going to happen between the sort of Federal Cyber Reskilling Academy and all this sort of stuff? Where do you see all this going? Do you see the gap widening? Do you see things moving in the right direction?

      Triolo: I honestly see the gap widening. I just don’t think we can catch up and it’s getting worse. I think these efforts like the, the cyber thing, the reskilling, these are good steps and we need to do these things and keep pushing. But ultimately I don’t think it’s going to be fast enough.

      Sienko: Okay. So we’ll wind up here. Tell me about your work at Response Software. What problems are you currently engaged in and solving for your clients?

      Triolo:  Well, quite frankly, our product is trying to address this problem head on. This is what we do. I mean, we’ve essentially built a virtual security analyst. Our software emulates the judgment, the reasoning of essentially a SOC level one analyst, right? The guy you have sitting in front of console’s looking at security alerts all day. Right? It’s a really tough job. It’s hard to find the bad guys in all of those alerts, there’s of false positives in those alerts. And getting humans to stare at consoles all day is just not the way it’s going to work. Right? You’re not going to be affected that way.

      Triolo: And so we’ve built software where we’ve essentially taken this knowledge, the reasoning skills of a human analyst and built that into software. And what that enables you to do, is to move your humans out of that role and put them in the security roles that require curiosity, creativity, collaboration and communication. The things that machines can’t do. And in this way we might actually make up some of this gap because if we can automate the things that are taking the most time and by the way are not necessarily efficient way to do it, we can free these people up to do the important security projects that you have.

      Sienko: Okay. One final question. If people want to know more about Chris Triolo or Response Software, where can they go online?

      Triolo: Yeah, come visit our website. It’s respond-software.com. We’ve got a ton of resources there. We talk all about this and our product. So do that. Follow us on LinkedIn. We’re always posting blogs and press releases and those types of things and that would be a great, great place to find out more about us.

      Sienko: All right Chris, thank you for joining us today. I think this is going to give our students and learners a lot to think about.

      Triolo: Thank you Chris.

      Sienko: And thank you all for listening and watching. If you enjoyed today’s video, you can find many more on our YouTube page. Just go to youtube.com and type in Cyber Work with InfoSec to check out our collection of tutorials, interviews, and past webinars. If you’d rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search Cyber Work with InfoSec in your favorite podcast catcher of choice. To see the current promotional offers available to listeners of this podcast, go to infosecinstitute.com/podcast. And as we’ve been saying in previous weeks, we have a free election security training resource used to educate poll workers and volunteers on the cybersecurity threats they might face this election season. More information, how to download your training packet, visit infosecinstitute.com/IQ/election-security-training or click the link in the description. Thanks once again to Chris Triolo and thank you all for watching and listening. We’ll speak to you next week.

Free cybersecurity training resources!

Infosec recently developed 12 role-guided training plans — all backed by research into skills requested by employers and a panel of cybersecurity subject matter experts. Cyber Work listeners can get all 12 for free — plus free training courses and other resources.

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.