CyberWire Daily - 2024 Cyber Talent Study by N2K and WiCyS. [Special Edition]
Episode Date: June 27, 2024Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Stu...dy. N2K and WiCyS have come together under a common mission to attract, retain, and advance more women in cybersecurity. Together, we strive to support women throughout their career journey, and secure the future of our industry.  This groundbreaking report leverages skills data from the professional members of Women in CyberSecurity (WiCyS), and offers valuable insights into cybersecurity competencies within the industry. The Cyber Talent Study establishes a new benchmark for understanding the capabilities and potential of women in cybersecurity, and can be used to inform both individual training needs and organizational strategies for career advancement and skills enhancement. Resources: Landing page: WiCyS Partners with N2K to deepen understanding of cyber competencies within the industry. Study Launch article: WiCyS Partners with N2K Networks for Pioneering Cyber Talent Study. Key Takeaways: Outstanding Performance: WiCyS members have demonstrated exceptional performance across several key areas of the NICE Framework, underscoring the importance of WiCyS’s training and development programs. Strategic Insights: Analysis revealed remarkable strengths and areas for development, providing WiCyS with actionable data to tailor future programs and initiatives and ensure its members remain at the forefront of cybersecurity excellence. Actionable Insights for Cybersecurity Workforce Development: The study revealed critical areas for targeted development to enhance cybersecurity workforce readiness. This insight empowers WiCyS to tailor its programs specifically to meet the diverse needs of its members, ensuring all participants are prepared to take on significant roles and lead in the cybersecurity industry. Leadership Readiness Among WiCyS Members: The study highlights that WiCyS members are highly skilled and uniquely prepared for leadership roles within the cybersecurity industry. Proven Expertise in Critical Cybersecurity Domains: The data show the outstanding capabilities of WiCyS members within the cybersecurity landscape. Excelling in nearly every N2K Functional Area mapped to the NICE Framework, WiCyS members have shown they not only meet but exceed the standards in key domains. You can access the final report of the 2024 Cyber Talent Study here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash n2k code n2k. And now, a message from our sponsor, Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, Thank you. that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface,
making apps and IPs invisible, eliminating lateral movement,
connecting users only to specific apps, not the entire network,
continuously verifying every request based on identity and context, Thank you. organization with Zscaler, Zero Trust, and AI. Learn more at zscaler.com slash security. Maria Vermazes, N2K host of T-Minus Space Daily,
recently spoke with WESIS Executive Director Lynn Dohm
and a panel of N2K experts, including Simone Petrella,
Dr. Heather Munthe and Jeff Welgen,
all about the 2024 Cyber Talent Study.
Hi, everybody, and welcome.
My name is Maria Varmasas, and I'm thrilled to be here talking with a fantastic group of people today about the Cyber Talent Study.
All right, before we get into that, before we get into what that is, I think it'd be great if we start first with introductions from each of our guests today.
Lynn, you're at the top of my screen, so why don't you go first?
Sure. Thank you, Maria. So I'm Lynn Dome. I'm Women in Cybersecurity Executive Director.
We often go by our acronym W-I-C-Y-S, and we pronounce it W-E-S-S-S, like we sisters,
because we're a global cyber sisterhood. So
our mission is to recruit, retain, and advance women in cybersecurity. We have over 9,800
global members and representation in 99 countries. In addition to that, we have 270 student chapters
and 70 professional affiliates all around the world. So each and every day, we're running many,
many different programming efforts with the reach of over hundreds of thousands of individuals, really
driving the change that's needed within the cybersecurity workforce. But it's important to
note that we exist because we're at a critical workforce shortage. And our mission to recruit,
retain, and advance women is bringing accessibility and opportunities for women to step in this space.
So that's what led us to partnering with N2K and this very fabulous cyber talent study that we're going to be talking about
today. Fantastic introduction, Lynn. Thank you. Keep in mind all those awesome things you said
as we go through the next intros. Simone, why don't we go to you next? Man, Lynn, you have that
so down pat that I don't think I could ever compete with that introduction. But I'm Simone Petrella,
president of N2K Networks. And our mission is to provide strategic workforce intelligence for the cybersecurity profession. And that includes everything from the talent insights that we
need using data to inform strategic decisions around the workforce and experience shortages
that we experience in cybersecurity, how we think about learning plans and development when it comes to training and developing that workforce.
And most importantly, because of our name, it is not only N2K, but it stands for News to Knowledge.
And so providing the professional development through the daily industry news and current
events that we get through organizations and podcasts like the N2K Cyber Wire.
Awesome. And Jeff, over to you next.
Yeah, great. And it's hard to you next. Yeah, great.
And it's hard to follow these two,
but my name is Jeff Welgen.
I'm the Chief Learning Officer at N2K.
And really my role at N2K
is to oversee our Cyber Talent Insights team
and capability,
as well as our training development team.
So we get an understanding of workforce needs
and are able to backfill those skill shortages and
knowledge gaps with great training or at least training recommendations. I'm honored to be part
of the study in the sense of just driving the mechanisms and capability to kind of analyze
the data and get that data and provide some really great results. Fantastic. And absolutely last but
not least, Heather. Hi, Maria. My name is Dr. Heather Monthe. I am a cyber workforce consultant with N2K.
I've got over 20 years of experience in STEM workforce development, a former university dean and professor.
And now I work with N2K and our customers, our clients, to build out training plans for their cybersecurity teams so that we can identify
some of the skills gaps that might be on the teams and how do we put together training plans
and pathways, career pathways that are effective and that actually work. And so that's my role here.
Awesome. Thank you, all four of you, for those great intros. And as I sort of tease at the top
of the show today, we're talking about the Cyber Talent Study, which is what brought N2K and WESIS together. And I'm super curious, like, how that conversation
went on, how this came about. I kind of want the origin story for this study. Simone, Lynn,
which one of you wants to take that? You want to answer, like, how did this get started?
Go ahead, Simone. Yeah, I'm happy to kick it off. So one of the, I think, things that's very important to us here at N2K is around, you know, we take our whole livelihood, our meat and potatoes, is dealing with how to provide data that tackles and can make an impact on the cybersecurity workforce shortage, talent shortage, experience shortage, however you want to categorize it.
However you want to categorize it. And that includes, and one of the things that we have always felt very passionately about is that you can't solve that problem if you also don't incorporate diversity into that conversation.
Because we're not going to be able to make a demonstrative impact if we only focus on what is sometimes an underrepresentation of women and minorities in the field. And so having connected with Lynn first at an event in Minneapolis,
we really shared a common vision around how do we encourage and propel more women to get into the field. But I'd say even more importantly, how do we think about those drop-off points when there's
that glass ceiling, or how do you actually get women to stay in cybersecurity and STEM fields?
And so we started to sort of talk about
how we could work together to help WSIS as an organization,
A, tell its great story about the mission that it's doing
and what it's contributing
to getting more women into the field,
but also provide some perspective on how do we maintain
and provide really aligned programming
that kind of solves some of these problems that
we see throughout the entire journey of women in the cybersecurity field.
Yeah, Lynn, anything to add to that? Because I know WSIS has been doing fantastic work around,
you know, getting women more involved in cybersecurity in general and also up-leveling
them. So I'm so curious, your view on, you know, the study and the need.
them. So I'm so curious, your view on the study and the need. Yeah. I mean, the need really came from Simone and I syncing up at that event about a year ago, which was just a great conversation
as it started. And then we started looking at how can we partner and solve and tackle this
challenge together? So WSIS last year started investing some time and attention in looking at
retention for women
in cybersecurity and what is the state of inclusion. And through that study, we discovered
some really important findings. And one of those was that women experience sources of exclusion
at a higher level than most individuals in the cybersecurity workforce, which would be men.
And that source of exclusion is coming from career growth and advancement.
And so we started looking at, well, how are women performing in cybersecurity as cybersecurity practitioners and in their careers?
And that's what led us to exploring further of what capacity is the state of women's cybersecurity and what is their level of performance. And we
were able to utilize the N2K's NICE diagnostic assessment to do that. And that's what led us to
moving forward with this study and to be able to report on these findings is not only do we want
women to get into cybersecurity, but we want them to stay and we want them to advance in their
careers because of it. And we felt like this study was an interesting way for us to look at what is that performance,
what are their areas of strength, and how could they leverage that to advance in their careers.
And so that led us to this important study.
Awesome. I do want to get into the results of the study, and I'm champing at the bit for that part.
You did mention the nice framework, the nice diagnostic, I should say. Jeff, this feels like a good moment for you to
come in and just tell us a little bit about what that is. Yeah, no, I appreciate the opportunity.
So we have fortunately, a few years ago, created a diagnostic assessment or tool that's aligned
to the NICE framework. So essentially, we're asking a number of questions
in that assessment that align to key roles, knowledge areas, task areas of the NICE framework.
And by doing that, we're then able to analyze the results of those questions
in relation to those knowledge areas. This is even more supported by collecting a few tidbits of extra information from some
participants. So like understanding experience levels, understanding what we call a functional
grouping, which is an additional taxonomy that N2K has added to our analysis of the framework,
meaning like, you know, generally speaking, what kind of functional group do you work in
in cybersecurity? Are you in analysis, offensive security operations, GRC, generally speaking, what kind of functional group do you work in in cybersecurity?
Are you in analysis, offensive security operations, GRC, etc.?
So we have that layer on top of it as well.
So by getting results of performance data on those questions combined with experience levels and combined with like a functional perspective, allows us to really parse out the data in meaningful ways and kind of say, hey, this group of people perform this way,
or more junior people are outperforming in one area or underperforming in another area.
So that is really the tool that allows us to deploy really great insights into this workforce.
I'll also kind of make a plug that NICE just did an update to the framework this
past March. So we're actively working to update our diagnostic to reflect those newest changes.
So there's some pretty significant changes in that, and we're excited to be releasing that soon.
Maria, one thing I just want to sort of like kind of comment on is one of the biggest challenges
that we have in the profession, and we talk about cyber workforce as an industry, is around data collection.
And so there's lots of opportunities to sort of understand and collect data on, you know, what positions are out there or how many openings are there for jobs.
But where you start to, I think one of the things that was most exciting to us is that with working with WSIS, you can look at that external data around what are the roles people are filling in, what are they in,
but then you're now looking at, you're collecting another data input around the performance of the
individuals themselves, and you can compare them against that role. And so that's really powerful
because you're turning pure data collection into insights that like the individual members can use to
understand where they want to go. But then we as organizations can kind of get a better sense of
what is the impact of these for, you know, of where women go? How do we think about how to
keep them in the field? What does that pathway look like? So that's just, you know, data.
Everyone likes to talk about data and machine learning and AI, but that's where it really
becomes compelling.
Yeah, and organizational change can happen after that point.
Yeah, go ahead, Lynn.
Yep.
Yeah, and another great, and thank you for that, Simone, is because another great area
for us as a nonprofit sitting in this space is it helps us identify areas of growth opportunity
and some gaps, and how could we as a nonprofit build programs to help
bridge that gap and help overcome some of those challenges that are identified here. So not only
is an opportunity for our RECIS members to participate in the actual assessment and study,
but also as a way for us as a nonprofit to be able to develop very intentional programming
for helping overcome some of the challenges.
Fantastic. Well, we've teased a little bit about the study, so let's get into the data.
Heather, this feels like a good time to bring your voice in. Do you want to walk us through
either, maybe we go by functional groupings, or I don't know if there's a way that you prefer to
sort of look through this data set because there's quite a lot there. But I'm thinking maybe it makes sense to go through the groupings first.
Would you like to walk us through it?
Yeah, let's do a review of the N2K functional areas.
So what N2K has done, what Jeff has started talking about a little bit is what we have done is we've taken the nice specialty areas and created these what we call functional areas or functional groups to really just group
this information at a higher level. One thing I really like about how this study was done
is that some things that we do know about women in STEM fields and women in male-dominated fields
specifically, that oftentimes when you are looking at yourself and your own skills,
women in particular will rate themselves lower on a self-assessment than men will.
Men will actually rate themselves higher
than what they actually are.
So you don't get a true sort of benchmark
of where your team is.
So if you're managing a team,
you're leading a team of 30 cybersecurity professionals and you all ask them to rate themselves on these particular skills, generally
speaking, the men are going to rate themselves higher, the women are going to rate themselves
lower, even though that's not a true understanding of where they actually are. And what I really
like about how this study was done is this is hard data showing this is where WSIS members
really excel compared to the rest of the people that have taken this particular assessment.
And what we found is there are four different functional areas that WSIS members excelled above and beyond the other people that have taken this assessment. communications and network security, cyber workforce training and awareness,
cyber IT leadership and management, and then IT policy and GRC or governance risk and compliance.
So generally speaking, the WSIS members that took this assessment, those are the four areas that they really excelled. What we did find when you look at it across all of the different NICE
specialty areas, and like what Jeff was
saying earlier, there has been some changes to the NICE framework. This is using the current
version of the NICE framework, using those different specialty areas. And WSIS members
excelled in nearly all of the different specialty areas on the NICE framework. So I really think it
shows that some of the things that WSIS is doing,
building this community of people who are supporting women in cybersecurity and helping
them develop out their skills, the things that WSIS is doing is working. But I also think it
shows that there were a lot of people that took, the majority of the people that took this
assessment identified as being in sort of a junior role. But we see things like leadership and policy and strategy and cybersecurity awareness.
And some of these more higher level strategic initiatives that are happening across the board
at a company, we've got junior members that are excelling in those particular areas. So I really
think this shows that companies have a lot of potential talent in their junior teams
and figuring out ways to expand upon that potential and help them grow within that company,
you know, through a career pathway, specific training, you know, leadership development, that kind of thing.
Yes, Jeff, I see you wanted to add something.
leadership development, that kind of thing.
Yes, Jeff, I see you wanted to add something.
Yeah, no, I just wanted to maybe elaborate and just add one point of minor clarification
to the points that Heather made.
Actually, the WSIS members outperformed all others
who have taken our diagnostic in every NICE category
per the previous version.
So there are seven categories in the NICE framework.
Analyze, collect, and operate.
Operate, maintain, investigate, oversee, govern,
protect and defend, and securely provision.
They've since had some new names assigned to them.
The point, though, that I'm really highlighting
is that WSIS members did better in all of those areas
than all other participants
when we kind of compare those two groups,
which is amazing.
And I think it really kind of made us start thinking about,
well, what's WSIS doing?
You know, like, is this something
that can be attributed back to WSIS specifically
and how they support their members?
Or is it something else?
And, you know, I think we're still, you know,
getting our heads around that, but I think WSIS has done a lot of really great programming and
I think there's something there to it. So I could almost turn it over to Lynn to elaborate on that
point too, where they've supported members. Yeah. I was going to say, Lynn, what was your reaction
when you saw that? You must've been like, heck yeah. I know, you know, just hearing it here
today, I'm like, it's celebrating again.
Once again, it's like something, you know, worthy of being celebrating for all our WSIS members.
And so WSIS being the community to not only advance in your careers, but also pay forward additional opportunities.
This is what we do. I mean, we're here to put together initiatives to be able to grow and advance and develop our members into their cybersecurity careers and
provide those advanced opportunities for where they go ahead. But a lot of our initiatives are
focused around more skill development and providing different training, different programs.
What's unique about WSIS is the wraparound services is not only are we interested in putting a programming effort
together, but it's also about having technical mentors in that to have ask me anything, to have
open office hours, to develop a cohort because we know that their community, the strength really
lies in the community and the effective communication that they have amongst themselves.
And so all of our programs are really focused around growing and developing that cohort
experience and everyone to lean in on one another through their career advancement and
also have that network now.
It's about forming and building that network.
And instead of women working in silos, not only in their jobs,
but not having a community to have around them,
we're helping fulfill that void
that currently exists for a lot of folks in the industry.
We'll be right back.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for
cyber criminals to bypass your company's defenses is by targeting your executives and their families
at home? Black Cloak's award-winning digital executive
protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io.
Members of WSIS and people who took this specific study, one could argue that they're more career motivated.
They in a way sort of self-selected, one could say.
But at the same time, I imagine we could also extrapolate the findings from this study and think about how it can apply to women across the cyber workforce in general.
I'm just curious, any thoughts on that?
Maybe Heather, I haven't heard as much from you curious, any thoughts on that? Maybe Heather, I haven't heard
as much from you. Maybe any thoughts on that there? Yeah, I think this goes to show just,
you know, sort of what I was saying earlier is that, you know, when we're looking at recruiting,
attracting, and retaining cybersecurity talent, when you're trying to build a diverse team,
you've got to look at some of the things that make qualified applicants
self-select out.
So out of that hiring process, right?
And so while we see in this diagnostic, we see in the data that women are excelling in
a lot of different areas within cybersecurity.
But when we start putting out job descriptions where we're looking at a level one or level two analyst type of role and we're listing out 15, 20 different pieces of software they want to have somebody to have experience with.
And maybe the mindset is, let's just put this out there and see what we get.
Let's see who applies.
The issue is that women look at that in general.
Women look at that and go,
I don't meet 100% of these requirements, so I'm not even going to bother applying.
And so they self-select out. So by really understanding sort of where the workforce is,
where we see the strong points of the women in cybersecurity members, the WSIS members,
and then really having that understanding of how we do our hiring process
when we're looking at, okay, we need to get more people in the door. We need to get more people,
more qualified people applying for these jobs. How do we do that? So what can we change about
our recruiting process? What can we change about our job description so that they're more attractive
to the right people versus we're just going to, you know, shoot for a unicorn and
see what we get. Yeah. Yeah. It's a familiar issue in not just in cyber, but in a lot of tech
world jobs as well, that whole unicorn hunting phenomenon. So a question to the group. I'm always
curious when we do studies like this about things that might have surprised you from the results.
Anyone find anything surprising from these results that, you results that you were really just like, wow, that's interesting?
One, I think the outperformance was surprising. I think this is not an easy diagnostic. It's very
difficult. So to see across all NICE categories was surprising. You'd expect maybe some here and some there, but 100%, that was surprising.
I think the other thing that leaves me questioning and hungry for more information is around representation.
Because when we looked at the representation of WSIS members who took this and we're asking them, well, what field or what functional area do you associate with,
we see really low representation in operational technology and engineering and in data engineering and analytics.
Now, you could make an argument that maybe those are smaller functional fields in cybersecurity,
so maybe the smaller representation there correlates to just the broader cybersecurity field. I don't know,
but I don't think that's the case. I mean, we only had three members in our 399 participants
who identified in operational technology and engineering. And we're talking about ICS
SCADA systems. And, you know, just based on experience, you know, working with people in
those roles, they're male-dominated subsets of the field. So I'm really interested in, you know, working with people in those roles, they're male-dominated subsets of the field.
So I'm really interested in, you know, figuring out that a little bit more and just kind of
learning a little bit more about how, you know, is that true? Do we have a real big deficit in those,
you know, areas? And if so, you know, what can we do to help promote more diversity in these, you know,
niche parts of the cybersecurity industry? That's a great point. That makes me think of a whole
bunch of possible cultural reasons that could contribute to that. But I won't conjecture since
it's not my study. Well, I think it's a fair point, Marie. I mean, like, you're the host of
T-minus and you're a space nerd, right?
You probably see this in that field too, in aeronautics and space.
Probably less women representation there too, I'm just guessing.
It's even less than cybersecurity in my anecdotal experience.
Coming from cybersecurity, going into space, I was like, wow, it's even worse in space.
But the queen bee phenomenon is a phrase that sometimes comes up, and I remember it wow, it's even worse in space. But the queen bee
phenomenon is a phrase that sometimes comes up. And I remember it came up a lot in my cyber years.
I don't know how much we want to get into anything like that. But it's certainly sometimes some women
self-select out because they go, I don't need things for women. I'm doing just fine on my own.
That kind of stuff is for women who need help and I don't need help. And that's a whole other
cultural discussion. Again, that is a very sidelined thing. So I'll just leave that alone. I'll just leave
that there. Yeah. But Simone, I see that you wanted to add something as well.
Yeah. Well, one thing that surprised me and yet didn't surprise me at the same time was we
obviously saw a kind of a really high volume of respondents that identified as more junior
in their roles. And that was, you know, across the board, especially in technical roles.
And I will caveat this to say, it's hard to tell from the data whether because we had a separate
management and leadership category, whether everyone kind of flowed over there. But it did strike me to see how much the
levels of technical identification in roles that are technical in nature, like at the junior level,
it started to drop off. And we saw less and less representation at the mid and senior levels.
And I know something that Lynn and I have talked about and WSIS is incredibly passionate about is the idea of when are women selecting out in the middle of their journey in cybersecurity
as a profession and why are they choosing to leave? And there's all kinds of cultural
phenomenons and things like that. But the reason I found that so interesting is because it's not only around the membership and the women who are part of WSIS, but it's about particular and anyone in a minority once they're on that career journey.
And that's not just support in technical training or career pathing.
All those are important, too.
But then what are the cultural implications?
How do you prevent them from wanting to step away potentially from the workforce?
Yeah, it's sort of like once they're, we're trying to get people through the door,
but once they're in, what happens next?
And people kind of go,
I don't know, not much left for me there.
Yeah, Lynn, please go ahead.
You're having these conversations every day.
So I'm so curious to hear your thoughts.
Yeah, and that's why it's really important
to have more data
and to be able to dig in deeper into this information
is for our employer partners
to really put
intentional actions in place to avoid these pitfalls that women are experiencing in their
career. And to piggyback on our state of inclusion assessment, it is showing that women are
experiencing that glass ceiling around six to 10 years within their career.
So what are we doing to overcome these challenges?
And now we have data to help support what we've always heard, you know, what we've always heard
all along. And now we finally have some data and some real good, valuable insights to share with
others so that we could start, you know, making a difference. So follow-up question for you, Lynn,
then. Recommendations to organizations. And we-up question for you, Lynn, then.
Recommendations to organizations. And we've touched on this a little bit, but truly, I mean, this is not something on an individual to take on and be like,
I'm going to change everything. We need organizations to really
step up and make some big changes. So what do organizations need to know?
Organizations need to listen to this podcast and to understand that this is a launching pad.
Like this is an opportunity
for them to take the information from the Cyber Talent Study and utilize it as a tool and to be
able to understand that these are the main areas and pinpoint those challenges and to start really
having these conversations about what are we going to look at our internal talent to ensure that
they're not stuck in
these common pitfalls that are being identified?
Also, if you balance the diverse talent that are on your teams at around five to six years
of an individual being in their career to ensure that they have a very clear career
growth and advancement mapped out in front of them and as a direct manager to those individuals
that they're being
very, you know, they're paying attention. They're paying attention to the data that's being reported.
And if the value of their team is really crucial to them, then they would really pay attention to
that career growth ahead of them as well. Any other advice for organizations in terms
of takeaways here? I just want to, Simone, go ahead.
Totally. I mean, totally agree with Lynn. Everyone should listen to this podcast.
So let's get it out there. But, you know, to sort of add on to that, you know, organizations,
you know, I'm going to throw the gauntlet at organizations to say those that are investing in talent development, they are, you know, sponsoring organizations and events that
are committed to this, you have to then be able to also invest the time and the attention
internally to be able to absorb it and fried that career path. And I think it's really easy
for organizations to say, we're going to put our name on this and we're going to do it,
but then they're not committing to actually executing on the strategic vision to make
that a reality and actually move the needle when it comes to changing the dynamic of women
in the cybersecurity workforce.
So, you know, my recommendation to them is
forge the partnerships, create the relationships,
but then do the work internally
to understand what is your cybersecurity talent strategy.
It is the largest operating expense
that you have in your budget.
I don't care how much money you have for tech. The biggest operating expense you have is in people. So you are already wasting
money and you can spend it more efficiently for the little bit that you have if you actually come
up with a plan for them. Men, women, minorities, anything. Yeah. Yeah. Yeah. No, that gauntlet has
been thrown, everybody. It's down. Let's do it.
Yeah, I mean, this is not to disparage the study at all.
This topic is not new, and I'm so glad to see that there's data around it.
And it's been a very hard problem to get around because of all the many different facets to, you know, what a career growth is, you know, social dynamics, everything.
I mean, it's been discussed
ad nauseum. So it's so wonderful to see the actual data that people can look into it, they can dive
into it and really sink their teeth in and try and figure out how to make it relevant in their
organization and also for the people on their teams. It's really fantastic stuff. So Jeff and
Heather, I know I haven't heard from you in a little bit. I wanted to also get any thoughts
from you about what you would like to see maybe organizations do with this
information. Heather, do you want to go first? Yeah, I think that this really does show that
there are a lot of opportunities for WSIS members to step into leadership positions.
And so making sure that as an organizational leader, that you've got the things in place to be able to
help those people that have really figured out that they're good at these kinds of things.
How can they progress in your organization versus silently going and looking for other jobs
elsewhere? And you lose that talent, you lose that organizational knowledge, and maybe even
that industry knowledge. So figuring out ways to really identify who these people are that are in your company that you know that they want to progress in their career and helping them do that.
That you've got something, some sort of career pathway or some sort of mechanism that they can learn about the different opportunities in the company and make it easy for them to make that shift,
whether it's a lateral shift, whether it's a promotion, whatever it may be.
Don't put in things, processes and policies and things like this
that make it difficult for them to do that.
And then you end up losing that knowledge.
Yeah, I was just going to say, I think I would like to maybe just highlight
that this is just the start, you know, and it should be a start for any organization, wherever they're at in this journey.
And I think it's important for organizations to realize it's important to start, but it's even more important to continue on with the journey.
Like, I'm excited about looking at this
in the future again with WSIS.
And, you know, let's go through
another diagnostic in a year or two,
whenever the right time is,
and keep track of it.
And let's use this data as a starting point
along a journey to make adjustments
where adjustments are needed. Sometimes that is in
a training and development plan. And what can we composition to members or employees to help them
in their career goals as it relates back to the organization. Sometimes it's refining job
descriptions to Heather's point earlier. How can you use the data to better reflect job descriptions
and include, you know, make sure you're being inclusive in those descriptions so you don't
exclude potential candidates. Sometimes it's part of a retention strategy. So the data I think that
I want to highlight here is this, it's giving us insight into a static moment across some WESIS
members who participated, but what it will do for us long-term is start evaluating and looking at these other components
that Lynn was highlighting earlier.
Like how does it tie into the diversity component?
How does it tie into training programs?
How does it tie into how we think about recruitment?
So I'm excited about taking that journey
and kind of seeing where the data can take us next time as we look at it
with some longevity. Fantastic. I know we're starting to wrap up and we're coming close to
the end of our time. I just want to give everyone a chance to do sort of a parting thought. Thoughts
on maybe what's next in the more short term. I know we've talked a bit about we need to revisit
the study maybe in a year or two, but in the shorter term, what is next? Maybe Lynn, we'll start with you. Well, first of all, we're going to take the time
when this study gets released to celebrate Rhesus members. I mean, let's just say here,
outperforming all other participants in all the categories is quite an accomplishment. And like
Heather showcased, you know, for junior folks to be performing at like these leadership roles,
like this is a time
to really be empowered by that data. And for our RECIS members to just, you know, pat themselves
on the back and say, what are we going to do with this ourselves? The second thing is be on the
lookout of what's to come, not only more assessments available in the future to identify more additional
data, but also training programs that are going to help support
some of the findings of the study itself.
So there's a lot to unpack here
and there's a lot to be super enthusiastic
and excited about additional programming efforts
moving forward.
So we're really excited.
Fantastic.
I'll go, Heather, if you want to
go next, then Jeff, then Simone, I'll have you wrap up. Yeah. My advice is really more for the
individual person who is trying to either get into this field or maybe progress in your career
is to apply for the job. You see the job postings on LinkedIn, Indeed, wherever they may be. And
even if it says there's 908,000
applicants already applying for the job. I would say, you know, for my parting thought is that,
you know, we have, I'm going to be a little bit self-promoting here, we have this capability
to help organizations get the same kind of insights into their own workforce.
And I think the intelligence we can provide to those organizations and the key leaders who are making those decisions on their talent and talent strategy, there's a solution for you.
And you can be empowered to do something with that data.
So I would leave any listeners with that thought, that feel free to reach out to us.
We are passionate about this mission set, just I would say workforce intelligence around cyber and how we can support teams. So we're
happy to support you and your talent development strategy too. Last word to you, Simone. Well,
I think first and foremost, my kind of what's next immediately is, Lynn and I have talked about,
we are very committed to taking this message out on the road. We're going to be presenting the findings of our study at the
upcoming NICE conference. That's the National Initiative for Cybersecurity Education. So they
have their annual conference. We'll be presenting there. And we'd like to keep using any form we can
and any stage we can to sort of proselytize the importance of the work we're doing, the type
of insights you can get from collecting this type of data, understanding the WSIS message,
understanding how you can implement it in your own organization. And I think that that has to be
put on a bigger and bigger stage over time. And then, you know, as far as what's next for N2K,
I'm really excited to see where we start to make recommendations on programming with WSIS and what that looks like for them and how do we actually get the feedback on what programs they implemented and how do we track what is working and kind of where folks are on their journeys in this field.
are on their journeys in this field.
Fantastic.
Lynn, Heather, Jeff, Simone, thank you.
All four of you for joining me today and for walking me through this fantastic cyber talent study.
I'm looking forward to seeing everything
that comes out of the study and all the follow-up steps.
This has been a great chat.
So thank you all for joining me today.
That's Maria Vermazes, host of N2K's T-Minus Space Daily,
along with WESIS Executive Director Lynn Dome
and N2K's Simone Petrella, Dr. Heather Munthe, and Jeff Welgin.
You can find more information about the 2024 Cyber Talent Study
in the show notes. Thank you. data products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your
role. Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.