Is the cyber talent ecosystem broken? [CISO Perspectives]
Apr 17, 2025
auto_awesome
Ed Adams, Head of Cybersecurity for North America at Bureau Veritas Group and author of 'See Yourself in Cyber', explores the severe disconnect in the cyber talent ecosystem. He discusses the urgency of addressing outdated job qualifications and the need for practical skill development to meet evolving industry demands. Adams also shares insights on fostering diversity in cybersecurity, advocating for inclusive hiring practices. His unique perspective emphasizes the importance of soft skills and collaboration across teams to reshape the industry's future.
The cyber talent ecosystem suffers from unrealistic job expectations and unclear qualification requirements, hindering the entry of new talent into the industry.
Emphasizing diverse pathways into cybersecurity, including non-technical backgrounds, can attract a broader talent pool and enhance team effectiveness.
Deep dives
Understanding Cyber Talent Ecosystem Challenges
The podcast delves into the persistent challenges that the cyber talent ecosystem faces, highlighting a lack of clarity surrounding job requirements and the qualifications needed for various positions. Even seasoned cybersecurity leaders struggle to define what they truly desire in candidates, which creates confusion for aspiring professionals looking to enter the field. This issue has resulted in job descriptions that often do not reflect the actual demands of the role, leading to frustration for both employers and potential hires who cannot meet unrealistic standards. The episode emphasizes that without a clear understanding of knowledge, skills, and abilities (KSAs) needed, the industry will continue to experience difficulties in filling the growing number of cybersecurity roles.
The Need for Standardization in Job Requirements
A significant point raised in the discussion is the overwhelming inconsistency in job descriptions within the cybersecurity industry. Many job postings set unrealistic expectations, such as requiring advanced certifications for entry-level positions, deterring qualified candidates from applying. Furthermore, despite the existence of frameworks like NICE, which outline necessary skills and knowledge for various cybersecurity roles, many organizations overlook these standards. Standardizing job descriptions to align with these frameworks could streamline the hiring process and better equip candidates entering the workforce.
Encouraging Diverse Pathways into Cybersecurity
The conversation also underscores the importance of embracing diverse pathways into the cybersecurity profession, highlighting how technical backgrounds are not always essential for success. There is a growing recognition that individuals with non-technical degrees can excel in cybersecurity roles by leveraging skills such as communication, critical thinking, and problem-solving. The episode features anecdotes, such as a successful CISO who has a background in Spanish, showcasing the value of varied experiences in enhancing cybersecurity teams. By shifting focus from traditional requirements to an emphasis on teachability and adaptability, the industry can attract a broader and more capable talent pool.
Fostering Collaboration Between Cybersecurity and Development Teams
Finally, the podcast emphasizes the need for improved collaboration between cybersecurity professionals and other teams within organizations, such as development and IT. Effective communication and a shared understanding of goals can enhance cybersecurity practices and integrate security into the development process from the outset. The discussion highlights the concept of ‘yellow teams’ which refers to developers and engineers, stressing that teaching these teams the basics of cybersecurity can significantly improve an organization's overall security posture. By creating a culture of collaboration and mutual understanding, cybersecurity can be viewed not as an external force, but as an integral part of the organization’s success.
We're sharing a episode from another N2K show we thought you might like. It's the first episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy!
Show Notes:
The cyber talent ecosystem faces severe indigestion, which has stifled growth and closed doors to new talent. In this episode of CISO Perspectives, host Kim Jones sits down with Ed Adams, the Head of Cybersecurity for North America at the Bureau Veritas Group, to discuss what has caused this indigestion and how leadership can better address these challenges. A key aspect of this conversation revolved around discussing Ed's book, See Yourself in Cyber: Security Careers Beyond Hacking, and how he expands the conversation surrounding traditional roles associated with cybersecurity.
Want more CISO Perspectives?:
Check out a companion blog post by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals.
