CyberWire Daily - Setting better cyber job expectations to attract and retain talent. [Special Edition]
Episode Date: March 10, 2024In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar. In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job d...escriptions to better reflect cyber role expectations to improve hiring, training, and retention. To view the original webinar on demand, visit here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing
the world what AI was meant to be.
Let's create the agent-first
future together. Head to
salesforce.com slash careers
to learn more.
With TD
Direct Investing, you can get live support.
So whether you need help buying a
partial share from your favorite tech company,
opening a TFSA, or learning about investing tools, we're here to help.
But keeping your cat off your keyboard? That's up to you.
Reach out to TD Direct Investing today and make your investing steps count.
Plus, enjoy 1% cash back.
Conditions apply. Offer ends January 31, 2025.
Visit td.com slash dioffer to learn more.
Breaking news happens anywhere, anytime.
Police have warned the protesters repeatedly, get back.
CBC News brings the story to you live.
Hundreds of wildfires are burning.
Be the first to know what's going on and what that means for you and for Canada.
This situation has changed very quickly.
Helping make sense of the world when it matters most. Stay in the know.
Download the free CBC News app or visit cbcnews.ca. We here at N2K CyberWire are celebrating Women's History Month.
Join us as we highlight the incredible achievements and wisdom of our favorite women leaders in cyber.
Get ready to be inspired by their stories, experiences,
and invaluable insights throughout this special month of celebration. On this episode, we are joined by N2K's very own Dr. Sasha Vanderpool, as she shares her thoughts on setting better
cyber job expectations to attract and retain talent. Listen in and enjoy as we celebrate
this incredible month. My name is Dr. Sasha Banjapul. I am a cyber
workforce consultant at NCJ. Today's webinar is setting better cyber job expectations to attract
and retain talent. How to update job descriptions to better reflect cyber role expectations.
Here is an overview of what we will be covering in today's webinar. I will be discussing how
unclear cyber job role expectations are a problem and how strategic workforce intelligence can be
a solution. I will explain how you can evaluate your current job descriptions, update them, and create job role profile
visualizations to better set cyber job role expectations to enhance the hiring and retaining
of your cyber tools. The current state of the cyber workforce includes 664,000 unfilled positions.
Poor cyber job role expectations are a problem that has had an impact
on the cyber tower gap. When it comes to hiring, job descriptions are poorly written. Typically,
they're outdated, world-beat, either over-generalized or too specific, and unrealistic
expectations as they're seeking unicorns. Someone with 10 years of professional cyber experience and 10 certifications
for an entry-level position. This often leaves qualified candidates discouraged from applying,
ultimately slowing down the already extensive talent acquisition process.
When employees are eventually hired, we see training being underutilized by individuals
who are overwhelmed with the large library of options
that are not aligned to the gaps in their own knowledge, skills, and abilities, not defined
for the expectations and evaluation needs of their specific cyber job role. If job role expectations
are unclear and unrealistic, so would career progression and mobility mapping opportunities,
and unrealistic, so would career progression and mobility mapping opportunities, negatively affecting employees' retention by not supporting growth and not optimizing a holistic people
strategy. What can be the solution? Strategic workforce intelligence. In our last webinar,
we provided an overview of what it is and how to use it. So to review, strategic workforce intelligence is
actionable insights into your cyber team's capabilities to build effective talent strategies
and make continuous talent development decisions. We previously shared the various information
sources relevant to workforce intelligence that you can see here. The more of this data about the cyber workforce we have,
allows us to provide strategic clarity to cyber leadership for making
better decisions for enhancing the sourcing, hiring,
training, organizational structure,
and retention of the cyber workforce.
In the next slides, I will explain how we can utilize
job role descriptions as a component of strategic workforce intelligence to set better job role expectations for high-functioning and resilient teams.
How to evaluate and update job descriptions.
It is important to evaluate what is currently being done.
For business context, review internal job descriptions,
training evaluations, repeat shopper.
Compare these forms of data
as well as external job postings
to see what is happening in the industry.
That can give you a better understanding
of if and how current expectations align.
This data can also be analyzed
through the lens of the NIST NICE and DOD CWF
frameworks as great foundational guides to help have a commonly understood and standardized lexicon
in taxonomy for the ever-changing cyber workforce. Once we have this business context data, we can
reference the NIST NICE framework, which has 52 cyber work roles divided into seven categories and have identified 60 competency groupings of KSATs.
as priority, as well as identify how proficient someone in that role is expected to be across the various competencies in order to be successful in that position.
This should vary by job role seniority level.
All of this collected data can be analyzed to redefine the job role expectations to update
the job descriptions.
It should be noted that we are intentionally just focusing on the measurable knowledge, skills, and abilities group desk competencies here because we are discussing setting better cyber-job expectations.
and industry sector, including diversity, equity, and inclusion practices, on-job descriptions,
and other hiring postings and practices, which can really be a whole webinar within itself.
So for the sake of time today, we recommend working with your individual human resources departments regarding education and experience requirements for hiring diverse and underrepresented talent.
Creating job profiles.
The resulting inventory of classifying and analyzing cyber job role competency requirements and hunger fees are expectations that can be visualized, like this example, of a job
profile that is now aligned to the NICE framework.
But more importantly, it outlines the proficiency levels
determined for each specific cyber job role you need to your organization.
It is no secret that job descriptions are common across the board. Having a job profile visualization
like this one allows organizational leaders and their employees to well visualize instead of a bulleted
list of texts that are the competencies or groupings of the expected knowledge, skills,
and abilities needed to perform each cyber job role responsibilities successful and at what level
of proficiency someone is expected to be for each job role to the minority level.
Having these better set expectations clearly visualized can assist in the rewriting of the
job descriptions to ensure there is alignment between what qualification requirements are
being asked for when hiring talent and making sure that this talent would be able to meet
those expectations in their cyber job role and making that appropriate match.
Having this data regarding KSAC's expectations could also allow organizations to use this as a baseline comparison
when measuring and evaluating how the employees are actually performing in their current roles to identify any skills gaps.
This then provides insight and direction into what training and learning,
as well as hiring and career development practices and opportunities that they can focus on to benefit these employees
to help close those skills gaps for any up, cross, or reskilling opportunities.
close those skills gaps for any up, cross, or re-skilling opportunities.
You can compare one profile to another for the same job role, just at two different levels,
as we reference the targeted plan for employees who are interested in making a vertical or horizontal transition from one job role level to another. This career mapping capability is actually
something that we'll be discussing in a future webinar in more detail. So please stay tuned.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty. We could go skating.
Too icy.
We could book a vacation.
Like, somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
Here's another example of a resulting job profile. So again, you can see here how we took the NICE frameworks, 60 competency groupings, and how they categorize them under leadership, operational, professional, and technical categories.
how do we put this together?
But you can create your job profile visualizations in a different way.
But again, the most important thing to focus on
is that not only are we listing
what are the relevant knowledge, skills, and abilities
that are grouped as these competency categories,
but what it allows you to do
is to take it a step further
by quantifying at what proficiency level
an employee would need to be
in order to be successful in this role. Therefore, the proficiency level will vary depending on the
job role level and responsibilities at your organization. And we can compare that here
by taking a look at this other example, which is of the same role, a cloud security architect,
but this happens to be at the higher
level, at a lead level, versus the previous slide was a senior level. And when we compare them side
by side, you can see that at this higher level, there are going to be different responsibilities,
such as having higher expectations on the professional, operational, and leadership
competencies, which is very common
as typically when job levels progress, especially to more people-managing roles, the soft skills
like communications, conflict management, teaching others, interpersonal skills, and more
will be expected as these roles tend to be less technical and hands-on and more focused on managing a group of people.
To summarize, utilizing strategic cyber workforce intelligence
to better set cyber job role expectations
can result in creating more concise and realistic job descriptions
to attract high potential talent to be matched to these right roles.
Redefining benchmarks for required knowledge, skills, and abilities in tasks.
Coordinating data-informed training.
Establishing talent mobility plans.
Aligning a people strategy to business needs, goals, and outcomes.
A better understanding of expectations can help with rewriting job descriptions to be more accurate,
to include key words at the case acts and competencies that were determined to not only be relevant,
but requiring a certain level of proficiency.
This can help in ensuring you're hiring the right talent to have more qualified individuals being able to search
and understand the job that are posted that they're actually
applying for. This can help with return from their progression as well by employees being
able to understand the differences between the identified proficiency and experience expectations
that will vary between one job level and another. By comparing the competency proficiency requirements of two different job
profiles, the skill gaps can be identified and training can be recommended to up or cross-skill
an individual employee from their existing job role to another for a progressive or lateral move
within the organization. Having these pathways clearly marked out helps with retention as it becomes clearer to the employee how they can advance their career without having to leave the organization, as they now have a plan that can work with their managers to know where to focus learning and training to close any skills gaps.
it their company's training budgets being limited so they need to ensure ROI, or those companies who buy large catalogs of training without any guidance or data, leaves the employees overwhelmed and
potentially unmotivated to participate or engage. Using the cyber talent insights from our strategic
cyber workforce intelligence allows companies to have data to pinpoint where they need to spend their
money on training as they have identified the skills gaps within their cyber workforce by
comparing their performance to their expectations. Thank you so much for your time today. I hope that
what we went over can give you ideas on how to utilize strategic workforce intelligence
and is focused on the job description component and how you can evaluate
and how you can redefine job role expectations
to rewrite the job descriptions
that can help enhance hiring and retention practices
to optimize your cyber teams.
This webinar has been a part of the series
about strategic workforce intelligence.
So be on the lookout for our next one
and please go back to our previous one to learn more.
Thank you again and have a good day.
We want to thank you for tuning in
and joining us in celebrating Women's History Month.
We hope you have enjoyed this episode as
we recognize the incredible contributions of women in cybersecurity. Thanks again,
and happy Women's History Month.