The Future of Cyber is…A Struggle to Find Talent!
Recently we have seen a number of high-profile cyber-attacks involving ransomware and with these forms of attacks increasing, a warning from the National Cyber Security Centre (NCSC) has urged businesses to increase their defences. It is crucial that this increase in defence starts with ensuring the right culture and talent is in place.
I recently attended the Future of Cyber Security Event, the first live conference that I have been to in over 2 years, and this was also the case for many of the guest speakers.
I approached the day fully expecting the main focus to be on technical vendor solutions, legislations and frameworks, ransomware attacks… and yes this did play its part – however central to many presentations was;
- The ongoing struggle to find talent and some of the reasons behind this
- The need to find different ways to acquire and nurture talent in the cyber field
- The need to address the security culture within an organization - empower people and do not lead with fear
Live Q&A with Astronaut Tim Peake!!
It might seem like a strange place to start, but the day ended with a live Q&A with Tim Peake! An Astronaut walked amongst us, and when you take a second to realize that he is one of very few human beings who have seen the earth from space – it is quite something. There was a lot to take away from listening to someone like Tim, but one thing that stood out were his comments on the training to become an astronaut.
He had one, albeit intensive, day which was dedicated to exams. Exams and tests around the core principles of STEM, maths, physics, science, technology and so on. Of course, these tests were at an elite level to attain a high quality of candidate, but the rest of the year of training was based on teamwork in extreme circumstances. Soft skills came to the fore – living in caves, becoming an aquanaut as well as prolonged isolation. It was these tests of character, with the ability to handle stressful situations, and work as a team that made all the difference.
But where does this fit with the rest of the day?
One of the main themes to come out of the day was that of the challenge to find, engage with and inspire talent in the world of Cyber.
Amongst the expected themes of ransomware, increased and highlighted threat to critical infrastructures and operational technology (OT) environments – and the general recognition that there will always be cyber threats…one thing was often central to each guest speaker’s presentation – finding, attracting, and retaining talent. And interestingly from the speakers who consisted of CISOs, Directors, CEOs, CTOs, Senior Engineers – all people leading and hiring teams, time and again the message was clear - something must change in the way in which talent is acquired and nurtured in the cyber field.
Hiring for passion
One Head of Security, Mike Koss, someone with over 20 years of experience in IT Security spoke of how he hires for passion. Looks for an inquisitive nature and hunger to learn and investigate, then teaches them and nurtures them on how to focus that on cyber.
Jessica Barker talked about the importance of security culture – the need to look to the people you have and empower them. Engage them in what it means to be cyber safe, teach them that they are capable of adding value and do not lead with fear. Fear turns people off, positivity gets them involved.
Passion in Cyber Security
Melanie Oldham who has recently been awarded an OBE for Services to Cyber Security, spoke passionately about being proactive in the community. Go into schools and give people apprenticeships, look at the practical skill and application needed and use this!
Hacker turned CISO
But I think one of the most interesting talks came from Greg van der Gaast, who is a CISO at Scoutbee, and has a long and varied career in cyber which started on the wrong side of the fence as a notorious hacker! The team he has built at a senior operational level came from all walks of life, police, military, medical…and opening up the possibilities meant building that team at pace, while not losing any of the necessary impact of the cyber operation. The cyber frameworks he and his team have put in place suit the environment first, and recognized industry frameworks second. The cyber framework has to work for the environment it is deployed within, and not the other way around.
It was really interesting for me being in the world of recruitment to hear these thoughts and opinions from industry leaders on the ways in which the industry can and needs to change. And on a day in which I fully expected to hear about cyber threats and attacks (which was a part of it all of course) it was the message about how to mitigate those threats which surprised me. It was not about the product, the firewall, SIEM, SASE, antivirus etc, it was about the people – the need to get your team right – and that begins with the culture.
Bringing this back to Tim. Ok, the example of needing to survive in space might be extreme, but I think sometimes we need to look to the extreme to get a point of reference. Look at it the other way around, if getting the aptitude, culture and person profile is good enough to find the right people to launch a space mission and survive out there…then there is surely an argument to say the same approach is good enough to build a wining cyber team!
If you are struggling to find the right talent to support your business please contact David completing the below;