At Pythia Cyber we are about behavioral cybersecurity  and when it comes to predicting behavior, talent trumps credentials . By which we mean that your certifications tells us what you have done, but your talent profile tells us what you are capable of in the future. Specifically, Ted has a series of posts about the talent profile of different cybersecurity roles, specifically Talent needed to be front line cyber defender Talent needed to manage cyber defenders Talent needed to lead a cybersecurity program As a counterpoint to Ted's behaviorial science perspective I present a series of my own, giving examples of practical applications of talent assessment to cybersecurity. This post is about how a talent assessment can help you solve a common problem with retaining and compensating front line cybersecurity personnel: avoiding using promotion as a reward for performance. Consider the case of the lower level cybersecurity worker, the technician, who is terrific at their job. You want...

The Big Cheese. The Top Banana. The Head Honcho. Number 1. We previously discussed cybersecurity technician talent and cybersecurity manager talent, and now it's time for cybersecurity executive talent. The executive in charge of cybersecurity must have technical credibility. It may be more at the level of minimum competence at this point in the person's career as long as the executive can understand what the technical team is doing and communicate it effectively to peer leaders. We propose that talented cybersecurity executives will keep up at more than a minimum competence level simply because they like the subject matter. In contrast to cybersecurity managers, the cybersecurity executive has an enterprise-wide perspective that allows for understanding, advocating, and communicating the role of cybersecurity within the organization's risk management process. The executive is responsible for the 'profit and loss' (P&L) of the cybersecurity function, which requi...

The groundhog has emerged to find...6 MORE WEEKS OF HACKS AND CYBERATTACKS! Wait, only 6??!! The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen. And so, the litany of the hacked for January 2026, which now includes some big-time targets, entire cities, and nation-state actors. Amazing that the groundhog even tries to guesstimate! Caracas, VZ...Islamic Republic of Iran Broadcasting (IRIB)...Kensington and Chelsea Council, UK...Instagram...Google Play...Palo Alto Networks...Sedgwick Government Solutions...KPMG Netherlands...Crunchbase...Nike...Poland's power grid...Fortinet...McDonald’s India...Luxshare Precision...Ingram Micro...Spokane County, WA...Gmail (AGAIN!)...The College Board's online SAT... The list goes on. Here's an...exciting...bonus: according to James Azar over at the Cyber Hub podcast, malicious Chrome and Edge browser ...

Boss man. Boss lady. Your cybersecurity manager is the lynchpin that makes your cyber-operations work.  We previously discussed cybersecurity technician talent, and now it's time for cybersecurity manager talents. Cybersecurity technician talent is the foundation for cybersecurity manager talent. Unfortunately, and we see this all the time, high-performing technicians are more likely to be promoted to manager. Promoting high-performing technicians to management makes sense in many ways, some good and some bad. It's critical for the cybersecurity manager to know cybersecurity. Also, and we all understand this, we're not going to promote people who are poor performers at a lower level.  This is the argument about minimum competence again. Sure, technician performance is a sign that the person is minimally competent, and yes that counts.  But there are too many differences in the demands on managers versus technicians for competence at a lower level to predict performance at...

  The nuts and bolts. The inside-out. Top to bottom. A to Z. The whole enchilada. Your cybersecurity technician may not come in knowing all these but this is the cybersecurity technician's domain. Cybersecurity technician talent is not dependent on where (or whether) that person went to college, or their MOS in the military, or the factoid that they held this job at a different organization. Sure, those are signs that the person is minimally competent, and yes that counts. But even recruiting at the 'right' elite college won't guarantee you more than that. Because other things count, also. And you/your recruiters are remiss if they don't take these other things into consideration. What counts beyond minimum competence is talent. We previously discussed the definition of talent offered by Conchie & Dalton: "A measurable, innate characteristic that a person demonstrates consistently in order to achieve high performance. Talents are strictly defined. A person...

Ah, how little joy it brings me to regularly search for "cybersecurity news today" and then to read the AI summary. Today, that means this: As of late January 2026, critical cybersecurity developments include  CISA adding a severe VMware vCenter flaw (CVE-2024-37079) to its exploited list, a surge in Chinese-linked cyber espionage using AI, and massive ransomware threats targeting critical infrastructure . Key focus areas include AI-driven attacks, browser security, and urgent patching for zero-day vulnerabilities This a good example of the current threat environment: A new exploit in some widely-used software (VMware in this case); AI-powered state-sponsored spying (the Chinese Communist Party in this case); Ransomware continuing to flourish, because it is profitable; Web browsers being targeted, because we use them so much and for so much; Urgent patching for zero-day vulnerabilities. All of this has become depressing normal for cybersecurity professionals; so much so th...