View this email in your browser

Defense in Depth

How To Get More People Into Cybersecurity

There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division.

Here’s what we talked about on the show.

Nobody likes the hiring situation and everyone sees the problems. Those hiring and being hired are frustrated with how poorly cybersecurity hiring operates. As Chris Hughes, CISO and co-founder of Aquia explained, in reaction to an article by Jennifer Riggins on The New Stack, the issue of why so many jobs remain unfilled is because of poor job descriptions, antiquated hiring and workforce practices, lack of diversity, not selling the purpose of the field, increasingly complex systems and environments, and a steep learning curve.

Are we overdoing it on job requirements? Jesse Hazel of NORC at the University of Chicago said he saw his old job listed, and it required 10 years of experience and a CISSP, two capabilities he didn’t have when he held that job. Requirements inflation happens because the hiring manager wants the talent of the person who left the job, not the person who entered the job. “Job description requirements is what is partially holding back the industry from tapping into greater diversity of expertise, thought, compassion, experiences, and doctrines,” said Hazel. 

The job requirements go up because the demand for skills keeps increasing. "The people element is ever so more important,” said Dan Rooney of Accenture. “Organizations are increasingly building more complexity into their model with new technologies and ways of working.” Yes, there’s more demand for skills, but many organizations aren’t realizing this has to come with measurable pay increases. "I see a lot of postings that are asking for someone to be overqualified but not adequately compensated,” noted Ivan Radusinovic of Lockheed Martin. When no one qualified wants to take those positions, those people still working start taking on the roles of 2-5 people and they get burnt out, explained Malia Mason of Corvus Insurance.

Anybody can be trained up, you just need the systems in place to do it. "The military will take an 18-year-old and turn him/her into a soldier in 16 weeks. They will continually train that soldier over the course of their ‘employment,’” explained Chuck Mackey of Fortress SRM. “If you hire, train, culturally integrate, and reward that person, you’ll be far better off. Turnover will decrease. Pay will normalize, and productivity will increase.” Sebastian Rohr of umbrella.associates GmbH is adopting this philosophy. He’s cross-training junior consultant/trainee positions for anybody who has a decent IT, admin, or infrastructure knowledge.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Brinqa

Super Cyber Fridays!

Join us Friday [07-21-23], for "Hacking 5G Security"

Join us Friday, July 21, 2023, for “Hacking 5G Security: An hour of critical thinking about the looming explosion of IoT on 5G networks.”

It all begins at 1 PM ET/10 AM PT on Friday, July 21, 2023 with guests Kevin McNamee, security product manager, Nokia and Howard Holton, CTO and industry analyst, GigaOm. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Nokia

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Janet Heins, CISO, iHeartMedia.

Thanks to this week's headlines sponsor, Wing Security

Cyber chatter from around the web...

Jump in on these conversations 

"Cybersecurity can be confusing, especially with all the misinformation and myths out there. And increasingly, cybersecurity isn't just for the IT department. What's the biggest misconception about cybersecurity that you think needs to be addressed in the wider community?" (

More here

)

"I cant land a job I want, and I dont know why" (

More here

)

"How do I support an aspiring cyber security professional?" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [07-21-23] Hacking 5G Security

Save your spot

and register for them all now!

The Board Shouldn't Rely on the CISO For All Cyber Knowledge

If you rely on the CISO to educate the board, the board makes decisions based on the information they have. That's a paraphrase from my CISO Series Podcast co-host, Andy Ellis, operating partner, YL Ventures. This is why it's critical for the board to have their own high-level knowledge about cybersecurity, and not rely solely on what the CISO tells them.

"You need that third-party voice. You need someone who can bridge the gap between what the CISO is saying and what the board understands," said John Masserini, senior advisor, TAG Cyber in our conversation.

The Board needs to know because as Masserini explained, "It really has pivoted from being that business-centric issue to where before it was just an IT issue."Watch the video

HUGE thanks to our sponsor, Sumo Logic

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.