Ask us anything about developing security talent and teams (session #2)
Organizations of all sizes continually struggle to address modern-day cybersecurity talent supply and demand disparities. Thankfully, there are experts out there who have faced these challenges head-on and have come out on top.
During Infosec Inspire, we were fortunate to gain expert insight from professionals who have made notable strides in this space. We were joined by:
- Jessica Amato, Operations Manager at Raytheon Technologies
- Katie Boswell, Director of KPMG Cyber
- Jason Jury, Lead Associate at Booz Allen Hamilton
- Romy Ricafort, Senior Director of Sales Engineering at Comcast Business
Phishing simulations & training
Here are just a few highlights from the discussion:
What advice do you have for people looking to transition into a new cybersecurity role?
Video clip: How to transition to a new security role
Romy: Don’t wait for someone to push you to do it. If you want a position, learn what it takes to do the job and start preparing for it. It’s up to individual enthusiasts to own their path. It’s also important to learn from others. Ask questions around how established professionals got where they are and what paths worked for them.
Jessica: You are in the driver's seat of your career. Networking is key. Taking the initiative to make your first connections into the industry is critical. If you see something you are interested in or like in the industry, be curious and talk to those people in your network to learn more. Talk to your mentors to see if the path you have in mind makes sense.
Jason: Explore the various domains of cybersecurity and get a sense of what it means to work in the industry. Narrow your focus and find as many answers as possible on your own, then start reaching out to experts for additional insight.
Jessica: Be vocal about your interests, passions and goals. Companies should also create an environment where people can express that interest. It’s beneficial to the organization to listen and help employees transition into these roles within the company instead of seeking external roles.
How do you recruit the right pool of cybersecurity talent?
Katie: Early efforts should start at the campus level. Plan to engage strategically with the right schools that can fill the skill sets you need. If possible, rely on a team of recruiters who can also help you look for niche skills.
Jessica: Leverage partnerships with academic institutions. Also, work with your talent acquisition resources to ensure they understand what skills you are seeking and can help. On a more advanced level, host invitation-only events to bring in qualified candidates and get to know them better. Lastly, work to understand skill sets and levels of expertise needed across the organization from interns and college hires to advanced professional hires. Then, host virtual events to bring pipelines of those pools into your organization in a larger scale fashion.
How can organizations partner with colleges to hire for internships and entry-level opportunities?
Katie: Create a rich pipeline of talent through internships and start the process early. Post internship opening at the beginning of the year so that you have talent lined up and confirmed before the summer season arrives. Also, expand your talent pool to include foreign nationals and students from different backgrounds when possible. Have students begin working on certifications during internships so that by graduation, they are already qualified professionals with both credentials and experience.
Romy: Work with academic institutions across a variety of cybersecurity domains to bring talent in early. Don’t neglect to focus on the culture fit of talent as well. Also, note that the strongest candidates will have multiple offers and choices. It’s important to get in early, teach them about company and culture, and ensure it’s something they want to be a part of.
Has the pandemic changed the supply and demand within the cybersecurity workforce?
Video Clip: Is remote work driving more people into cybersecurity?
Jessica: There has been an uptick in demand. This is due in part because of the pandemic and in part because of the state of the industry. People realize even more just how much damage can be done through breaches as the technical revolution leads to increasing cyber risk.
Katie: As the pandemic requires more companies to embrace remote work, there has been an increased demand for resources to help solve remote work transitions in a way that is secure. From a training perspective, organizations also need to be agile with learning and development in order to continue training efforts in remote settings.
Jason: The current state of the world has forced organizations to consider how as many programs as possible can be converted and scaled virtually. Prepare for the inherent trials that come with this setup, such as the need for additional production staff and the missed face to face experiences that are often necessary to host training labs or teach more hands-on lessons.
Romy: In the past, many employees had two-to-three-hour commutes. In today’s environment, where most are working remotely, more people are reallocating that time to engage in development programming. Organizations have a greater opportunity to focus on upskilling now.
ChatGPT training built for everyone
In conclusion
When it comes to developing cybersecurity talent and teams, the early bird gets the worm. A common theme throughout the session has been highlighting the need to partner with academic institutions to start building talent pipelines for your organization as early as possible. Establish these programs with diversity and inclusion in mind and be ready to take the agile approach warranted by the dynamic nature of the industry — especially amidst the pandemic. Keeping these key recommendations in mind will put you one step closer to developing, engaging and retaining the team you need to secure your organization.
Watch the full and fascinating conversation between Jessica, Katie, Romy and Jason via our video recap.
In this Series
- Ask us anything about developing security talent and teams (session #2)
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization