Cybersecurity Talent: First Of Many

We recently met up with our friend Barry Conchie. The topic was, as usual, cybersecurity talent. 

That's not where we started but most conversations with Barry center around talent.

We will have more about this later but as we spoke, the topics moved my mind to another old friend: Dr Brett Steenbarger, hedge fund trader and psychologist to traders.

Dr Brett writes frequently about a concept called "rage to master." Again, this is a topic we will return to, but three short-term implications for cybersecurity processionals of talent and raging to master are these:

1. The goal of cybersecurity is not a bright shiny product that you buy or a clean verification report. The goal is for you and your team to continually -- that means every day, people -- identify keys parts of your cybersecurity process that lead to and support security. A good result is that you're mastering the processes ensuring cybersecurity, which are always changing.

2. You need to know what your cybersecurity talent is. You probably have some, but how much and in what areas and how could you improve? Remember, the people you work against are always improving their cyberattack talent. 

Be honest: can you say to yourself that you too are always improving your cybersecurity talent?

3. Your cybersecurity platform is being attacked by gangs. Their idea of performance management is they fire or terminate someone who doesn't (if you will) hack it. What's your idea of cybersecurity performance management? Do you, for example, outsource it? Do you hire the cheapest possible call center associate service?

Because if you do I am putting you on notice that you are now liable in case your system is compromised and your company loses assets. Sorry to be heavy-handed because we at Pyhtia don't like fear as a motivator but the fact is that you need to engage now in better practices and better development. 

Be honest: if better cybersecurity process is too expensive, what do you spend your cybersecurity budget on?

Ask us how you can identify and improve your cybersecurity talent. If you don't you risk adversaries beating you and your team and your system like my Uncle Jack's tambourine (pictured) from his time in the South Pacific as a Marine in WWII. And your adversaries will like doing that. And you will not, nor will your leadership.