View this email in your browser

Defense in Depth

Create A Pipeline of Cyber Talent

The demand for cybertalent is sky high. It's very competitive to get those people with key skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO at LinkedIn. Our guest is Jesse Whaley, CISO, Amtrak.

You don’t know if you have talent until you know the positions you need. You might have an organization full of unicorns, but if they’re not in the right positions to best secure the organization, they aren’t doing much good. "You don't build a good team without knowing about all the positions on the field and putting the right plan in place to develop the players that will fill those roles,” said Simone Petrella of N2K Networks. Continuing the sports analogy, Jorge G. Lopez of Zoom added that this is an organizational effort saying, “like athletes, you need coaches to help ‘tune performance’ and create a shortcut to greatness."

Bring everyone into the wider picture. It often helps to give a more holistic view of security operations. This can let people see beyond their own little silo and see how they are impacting the bigger picture. "Train people on rotation like the Japanese method where everyone gets some experience,” suggested Michelle L. As part of this, Chris Carter at Optiv suggested using “mentorship and shadowing to create a pathway to certifications and continuing education.”

Security leaders don’t benefit from an aura of infallibility. Failures will occur in cybersecurity, it’s only a matter of if your staff will be prepared for it. Sometimes mentorship requires letting someone see how you approach failure. “Allow someone to watch you fail in the middle of a project or security event. Let them see your thought process, any calculated risks, and lessons learned," said T.J. Patterson of STAR Financial Bank. Dan Desko of Echelon Risk + Cyber said leaders should give this same latitude to staff, "At some point you need to step back and let people run free, either make mistakes they can learn from or succeed or both!"

Any talent pipeline requires building trust. You won’t get unicorns without giving them space to try things. “It takes development of safe-space to learn, experiment, and make mistakes. This will pay off in multi-skilled loyal team members," said Jesse Webb of Avalon Healthcare Solutions. Ashley Woodhall of Practical Infosec recommends outlining achievable tasks that require a little problem solving, “then get out of the way. This is where the real learning comes in."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Opal

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Mike Woods, corporate CISO, GE.

Thanks to this week's headlines sponsor, Conveyor

Cyber chatter from around the web...

Jump in on these conversations 

"For developing further in my career: degree or certification?" (

More here

)

"How common are compromised user accounts in your organization?" (

More here

)

"In your experience, what security measure has been the most successful in preventing cyberattacks and data breaches?" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [08-18-23] Hacking Conferences

Save your spot

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.