Ask us anything about developing security talent and teams (session #2)
Organizations of all sizes continually struggle to address modern-day cybersecurity talent supply and demand disparities. Thankfully, there are experts out there who have faced these challenges head-on and have come out on top.
During Infosec Inspire, we were fortunate to gain expert insight from professionals who have made notable strides in this space. We were joined by:
- Jessica Amato, Operations Manager at Raytheon Technologies
- Katie Boswell, Director of KPMG Cyber
- Jason Jury, Lead Associate at Booz Allen Hamilton
- Romy Ricafort, Senior Director of Sales Engineering at Comcast Business
Should you pay the ransom?
Here are just a few highlights from the discussion:
What advice do you have for people looking to transition into a new cybersecurity role?
Video clip: How to transition to a new security role
Romy: Don’t wait for someone to push you to do it. If you want a position, learn what it takes to do the job and start preparing for it. It’s up to individual enthusiasts to own their path. It’s also important to learn from others. Ask questions around how established professionals got where they are and what paths worked for them.
Jessica: You are in the driver's seat of your career. Networking is key. Taking the initiative to make your first connections into the industry is critical. If you see something you are interested in or like in the industry, be curious and talk to those people in your network to learn more. Talk to your mentors to see if the path you have in mind makes sense.
Jason: Explore the various domains of cybersecurity and get a sense of what it means to work in the industry. Narrow your focus and find as many answers as possible on your own, then start reaching out to experts for additional insight.
Jessica: Be vocal about your interests, passions and goals. Companies should also create an environment where people can express that interest. It’s beneficial to the organization to listen and help employees transition into these roles within the company instead of seeking external roles.
How do you recruit the right pool of cybersecurity talent?
Katie: Early efforts should start at the campus level. Plan to engage strategically with the right schools that can fill the skill sets you need. If possible, rely on a team of recruiters who can also help you look for niche skills.
Jessica: Leverage partnerships with academic institutions. Also, work with your talent acquisition resources to ensure they understand what skills you are seeking and can help. On a more advanced level, host invitation-only events to bring in qualified candidates and get to know them better. Lastly, work to understand skill sets and levels of expertise needed across the organization from interns and college hires to advanced professional hires. Then, host virtual events to bring pipelines of those pools into your organization in a larger scale fashion.
How can organizations partner with colleges to hire for internships and entry-level opportunities?
Katie: Create a rich pipeline of talent through internships and start the process early. Post internship opening at the beginning of the year so that you have talent lined up and confirmed before the summer season arrives. Also, expand your talent pool to include foreign nationals and students from different backgrounds when possible. Have students begin working on certifications during internships so that by graduation, they are already qualified professionals with both credentials and experience.
Romy: Work with academic institutions across a variety of cybersecurity domains to bring talent in early. Don’t neglect to focus on the culture fit of talent as well. Also, note that the strongest candidates will have multiple offers and choices. It’s important to get in early, teach them about company and culture, and ensure it’s something they want to be a part of.
Has the pandemic changed the supply and demand within the cybersecurity workforce?
Video Clip: Is remote work driving more people into cybersecurity?
Jessica: There has been an uptick in demand. This is due in part because of the pandemic and in part because of the state of the industry. People realize even more just how much damage can be done through breaches as the technical revolution leads to increasing cyber risk.
Katie: As the pandemic requires more companies to embrace remote work, there has been an increased demand for resources to help solve remote work transitions in a way that is secure. From a training perspective, organizations also need to be agile with learning and development in order to continue training efforts in remote settings.
Jason: The current state of the world has forced organizations to consider how as many programs as possible can be converted and scaled virtually. Prepare for the inherent trials that come with this setup, such as the need for additional production staff and the missed face to face experiences that are often necessary to host training labs or teach more hands-on lessons.
Romy: In the past, many employees had two-to-three-hour commutes. In today’s environment, where most are working remotely, more people are reallocating that time to engage in development programming. Organizations have a greater opportunity to focus on upskilling now.
ChatGPT training built for everyone
In conclusion
When it comes to developing cybersecurity talent and teams, the early bird gets the worm. A common theme throughout the session has been highlighting the need to partner with academic institutions to start building talent pipelines for your organization as early as possible. Establish these programs with diversity and inclusion in mind and be ready to take the agile approach warranted by the dynamic nature of the industry — especially amidst the pandemic. Keeping these key recommendations in mind will put you one step closer to developing, engaging and retaining the team you need to secure your organization.
Watch the full and fascinating conversation between Jessica, Katie, Romy and Jason via our video recap.