BradEgeland.com
  • Welcome
  • Blog
  • Expertise
  • Resume
  • Software / Service Reviews
  • Contact
  • Videos
  • Books / White Papers
  • Mentoring Contact Form
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Cyber Chiefs are Trying New Ways to Attract Talent

4/27/2022

0 Comments

 
Picture
Picture
Cybersecurity and risk executives are adopting new ways to attract talent, in part by looking outside degree requirements and traditional technology backgrounds.

Organizations such as the International Information System Security Certification Consortium, or ISC2, say the demand for cybersecurity workers is far outstripping the available workforce.

The nonprofit training organization estimates in its latest annual workforce study that around 2.72 million more cybersecurity workers are needed globally.

While that figure is down from 3.12 million in the previous year’s study, hiring remains a slog, especially for companies looking to expand their cyber teams during a period of heightened threats from hackers.

Shaun Marion, chief information security officer at fast-food chain McDonald’s Corp. , is in the midst of bringing many contracted cybersecurity roles in-house, especially those at the entry level, he said. Mr. Marion also plans to hire another 30 to 40 cyber professionals this year.

The shift will help improve prospects for people who want to build cyber careers at McDonald’s, Mr. Marion said. “Once I get people here, I can expose them to all the opportunities they have,” he said. “It’s not hard to retain. But getting them in is hard.”

At payments provider Visa Inc., which has around 1,150 staff working on cyber-related roles globally, Chief Risk Officer Paul Fabara said he is keenly aware that losing employees without the ability to replace them can be just as disruptive as not being able to fill the roles in the first place.
“You have to start planning way in advance,” he said. “If you start by the time attrition hits you, if you don’t have three or four people in the pipeline for a single role, you’re going to fall short of meeting the demands of that job.”

That can have real consequences for companies, and for the remaining employees who still have to run security operations centers, fusion centers and other cyber operations at peak performance levels.

“The worst thing you can do in this type of environment, because you’re operating on a 24x7 basis, is to burn people out,” Mr. Fabara said.

Thinking broadly about candidates is key for Steven Babb, CISO at Mitsubishi UFJ Financial Group’s investor services business. Mr. Babb said he supports initiatives that aim to increase gender representation in the workplace, and he’s also interested in candidates who aren’t necessarily from straight cybersecurity backgrounds but may have relevant experience in other departments.

“We give people the opportunity to come in to learn about the business, to learn about our technology and to apply what they know, such as transferring skills from other areas into security as well,” Mr. Babb said.


At McDonald’s, Mr. Marion says the help desk can feed the general roles in the cybersecurity group because technicians there know how to handle ambiguity and solve problems in real time. Serious online gamers make good staff for the security operations center, he said, where the ability to work odd hours, cooperate and think quickly are required.

“I search for attitude and aptitude and lay security training on top of that,” he said.

The idea of considering candidates with nontraditional backgrounds is gaining traction for external hires, as well as existing employees. For Mr. Marion, looking only for college graduates is “myopic.” Not only don’t the numbers support that route, but requiring a degree eliminates good candidates, he said.

The cybersecurity industry has come under criticism in the past for its unrealistic requirements for entry-level positions, with some banks and other organizations asking for advanced degrees and professional certifications that require years of experience to achieve.
​
“College is not for everybody, and not everyone has access to college because they lack the financial wherewithal or community support,” Mr. Marion said, which often excludes people who could help round out the gender and ethnic diversity he seeks in his staff.

Some senior roles need a degree, such as in cyber and privacy risk assessment. But many positions don’t, he said. Stripping mentions of degrees and professional certifications from many cyber job descriptions took some convincing of the human-resources group, he said.


And the numbers favor his approach. According to the most recent figures from the National Center for Education Statistics, just about 2 million bachelor’s degrees were conferred in 2021.


“The point is, you won’t get all your talent from college,” he said. “Even if you could, I don’t know that I’d want to.”
​

Write to James Rundle at james.rundle@wsj.com and Kim S. Nash at kim.nash@wsj.com


By 
James Rundle and Kim S. Nash


0 Comments



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, cybersecurity enthusiast, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.