Talent > Skills > Certifications

Pythia Cyber realizes that many a cybersecurity battle is won or lost long before the attack. Cybersecurity is about forethought, not reaction. But must as we love a good set of NIST CSF policies and procedures, we recognize that your cybersecurity program is only as good as the people who implement it. Therefore we offer consulting to help you find, hire and retain the right people. The right people are the people who will do the best job in your specific environment, both now and in the future.

How do we do that? We use proprietary instruments to measure applicants talents because when it comes to building and maintaining teams, Talent-based hiring is better than Skills-based hiring and both are better than Certification-based hiring. Why is that the case? Because of The Problem we all know about but so rarely talk about.

The Problem for technology in general the pace of change is so great that relying on what someone did a while ago (for which they received certification) is not a great idea. Trying to verify their current skills is better, but the chances that your skills testing is up-to-date are low and all even up-to-date skills testing gets you is a degree of certainty that the candidate is proficient at soon-to-be obsolete tasks and technologies. You need to know that the candidate has the talent to learn, adapt and continue to be excellent even as the technology landscape changes.

The Problem for cybersecurity in particular is that The Technology Problem is compounded by the unpleasant fact that legions of evildoers are actively working against you. Why can't you just out-compete them? Because the playing field is very uneven: there are more of them and they are motivated by fear of injury or death at the low end and vast sums of money at the high end. Alas, this is not an exaggeration. At the low end we have "scam farms" doing the low-tech phishing that plagues so many elderly and lonely people.

"Scam farms" refer to large, often prison-like, compounds across Southeast Asia where victims of human trafficking are forced to run online financial scams, including "pig butchering" and romance scams. The Philippines is a known location for these operations, which are often run by transnational Chinese crime syndicates. References: [1] [2] [3]

Are you as motivated at the slaves of human traffickers? I doubt it. I certainly am not.

At the high end we have organized crime, often of Russian origin, who are well-trained, well-equipped and well-funded. Often better trained, better equipped and better funded than you are, unless you are part of a government agency or Fortune 100 company.

Russian-linked hackers generate immense, varied income, with over $400 million in cryptocurrency flowing to them in 2021 alone. While some top earners make over $3.5 million, average profits are highly volatile, with simulation data showing many earning little, while others average around $178,654 annually. References: [4] [5]

The good news is that their job is harder than yours: they have to figure out how to breach your technology or subvert your colleagues. You have to monitor your technology and your colleagues behavior. You have to plan for their success and mitigate the losses. You can't threaten your team with death, nor can you shower them with riches, but in other good news, you don't have to: you can get excellent performance out of a solid wage and an engaged and reasonable corporate culture.

But it sure would make your life easier if your team had talent. Yes, they must be minimally competent. Yes, they must be experienced or extremely quick studies. But more than these they must have the ability to learn and adapt. The fact that they learned something similar at some point in the past is better than nothing but it is not nearly as good as we can.

We can help you find people with the talents you need to keep you safe today and learn to keep you safe tomorrow.