Building the Next Generation of Cybersecurity Talent

CDO Magazine and ComSpark provide a new dimension to security at the Cybersecurity Midwest Summit 2022. Event participants shared expert insights and best practices regarding cybersecurity. Teri McLean, Account Manager at Secure Code Warrior, moderated the session “Building the Next Generation of Cybersecurity Talent.” The session featured the following distinguished speakers discussing the need for diverse talent and how to retain them in the security space:

• Matt Scheurer, AVP of Computer Security and Incident Response, Financial Services Industry

• Mitchell L. Harris Jr., VP, Manager of Information Security, U.S. Bank

• Lisa M. Heckler, VP, Information Security & Privacy, CareSource

• Vikram Ghosh, SVP, Global Alliances, Secure Code Warrior

Heckler opens the discussion by stating that building diverse networks in the workforce is critical. She mentions that at CareSource, almost two-thirds of the leaders are women.

Harris recalls building a Security Operations Centre (SOC) amidst the pandemic and concurs that bringing in people from diverse backgrounds expanded the talent pool. He worked on changing the norms for the job by paying more attention to aptitude than the college degree.

Highlighting the importance of mentoring, Scheurer says that the teacher in him gives the mentees a history lesson. “Because they did not spend time as a systems administrator, or network engineer, they do not have that intrinsic knowledge built in from all those years of experience,” he adds. Building an internal pipeline becomes easier when the team knows the organization's culture and practices and believes that fresh minds can be molded well.

Ghosh, echoing Scheurer regarding the necessity of mentorship, also emphasizes coaching. “Coaching is a lot about asking people to discover answers they probably already know,” he says.

Heckler remarks that some of the best minds she has worked with come with something other than a traditional computer science background. She mentions CareSource’s collaboration with Sinclair to build an apprenticeship program to create a pathway for new talent.

In agreement with Heckler, Ghosh states, “In a world where applications are becoming way more prevalent and faster, one of the challenges that we all run into is a shortage of talent.” He maintains that one way to address the skill gap between InfoSec professionals and application developers is by making learning fun for developers.

Elaborating further, Scheurer says, “I think it sets the stage well when you can help build on other people's knowledge.” 

Harris pinpoints passion and curiosity as must-haves for deploying and retaining the workforce. He shares that getting people back to the office post-pandemic has been a challenge. 

Harris adds that leadership support and organic conversations with peers motivate people to work from the office. “You have to train your people if you want them to be motivated,” Scheurer notes.

Heckler admits that developing a young workforce is challenging, especially in a hybrid/remote setting. Being intentional is the key; otherwise, it is difficult for the young talent to connect with the organization.

Ghosh comments that the boundary between development and operations broke because people wanted to work together. Heckler adds, “I think there's a ton of advantage in breaking down those silos and meeting cross-functionally.”

Curiosity and respect are fundamental aspects of fitting into a culture for Harris, Ghosh, and Heckler. Ghosh mentions the Open Source Security Foundation, which is putting together a grassroots community-led effort to instill secure coding practices worldwide.

Heckler proposes apprenticeship models that will benefit smaller companies by leveraging industry and university partnerships. As a result, the student can build resume-worthy skills, and the company can use college resources, she adds.

In conclusion, Scheurer says that communication and passion are prime factors in getting hired, and Heckler emphasizes having diverse conversations to break barriers and build relationships.

Watch other Cybersecurity Midwest Summit 2022 sessions HERE