3 tips to build a stronger cybersecurity team with Katie Boswell and Jason Jury
While building stronger security teams isn’t rocket science, there are some proven strategies to succeed.
In a recent discussion at the Infosec Inspire Cyber Skills conference, Katie Boswell from KPMG Cyber and Jason Jury from Booz Allen Hamilton discussed how to build stronger security teams using three key career path development strategies:
- Well-structured onboarding experiences for new security hires
- Mentorship opportunities for all employees
- Ongoing skills development
Jury, the corporate cybersecurity training and development manager at Booz Allen Hamilton, says that one of his roles is to create different learning experiences and development strategies to bridge the gap between the company, the market and the talent.
There are two things his company is doing during the onboarding process. First, it uses skill assessments to help determine where new hires are at in terms of IT and cybersecurity aptitude. Secondly, it uses assessments to determine whether new hires are a good fit.
“Cyber Core is one program we offer at Booz Allen Hamilton helping individuals assimilate into a cybersecurity role,” he says. “We want to make sure that they understand our mission, what we do [and] why we do it. In addition to that, we also walk them through things like the risk management framework, which is essential for anyone working in cybersecurity.”
Boswell, the director of cybersecurity for KPMG Cyber, says new employees often join their program straight out of college or technical school. Her organization, through its Cyber Academy program, takes a proactive approach to training staff on cyber issues. According to Boswell, KPMG Cyber focuses on learning as much as possible — via internships and the job interview process — about the professionals coming on board. Her organization figures out what new recruits learned in school and what their interests in the industry are. It then offers baseline training for professionals in different verticals.
“We hope that when our professionals come in we’ve had an opportunity to get to know them — perhaps through an internship program and through the interviewing process,” she stresses. “We have a good idea of where, within our communities in cyber, they’re going to fit. So then we have a baseline training for each one of those areas. For instance, if you come into a community where the majority of your work is going to be around identity and access management, then we have a course specifically built to enable you to get that foundational knowledge.”
Clip: “The importance of mentorship programs in cybersecurity”
Both KPMG Cyber and Booz Allen Hamilton believe strongly in mentorship programs. It’s especially important that mentor-mentee pairings exist at all levels of the company — and that those who participate do so voluntarily. “It’s one thing to take a training,” says Boswell. “It’s another thing to actually feel like you’re able to apply it to your day-to-day job. That’s where that mentorship is really important. If new workers come up against issues where they’re not sure what to do they have someone to call or email to seek advice.”
Boswell adds that the mentor-mentee relationship isn’t just for newbies learning the ropes. It exists in different forms, up to the most senior professionals at KPMG Cyber. When done well, both mentors and mentees benefit. “Mentorship is definitely not just at a new-joiner level,” she says. “It’s something that exists up through our most senior professionals in different service areas. We have a really strong leadership team to support our senior professionals. Our mentorship program gives senior team members an opportunity to grow our professional talent and ready the next generation of technical specialists.”
Booz Allen Hamilton brings in seasoned practitioners to meet with the participants of its Cyber Core program as well. Previous program graduates return to share how they’re using the skills that they learned through the program.“Mentors literally just went through the same program, so they understand the process and the ecosystem we’re using.” He adds that the hope is those who complete the program will return at some point to become mentors to new recruits.
Ongoing skill development
Clip: “Are cybersecurity professionals learning the right Skills?”
After a company hires an employee, the skill development process begins. And it never ends. In addition to onboarding, the company and the employee have to commit to ongoing training and skills development that will ultimately boost performance, increase workplace morale and heighten knowledge of policies and objectives.
“We’ve shifted gears and are focused on the top skills that are in demand versus prescriptive career paths,” says Jury. “Our cyber learning website is structured to touch on the top categories. That can be offensive cyber, that can be defensive cyber, cyber engineering or risk management framework. Once you go into one of the sites, we introduce you to the overall definition of that space.”
According to Boswell, KPMG Cyber aims to give employees at all levels a variety of options — and on-demand content is especially useful since workers can access it when they want. “We also make it a part of our program to involve leaders at different levels,” she says. “We’re very oriented around the services we deliver. For instance, we know that building privacy professionals is going to be important to us. So to do that, we make sure we have some of our most senior privacy professionals involved in the building of our learning paths and the content of those ongoing skill development courses.”
For more insights on building stronger teams, watch the full conversation from Infosec Inspire.
Building Stronger Teams, Infosec