(Re) Imagining the Cyber Talent Gappublishingext.dir.texas.gov/portal/internal... · handle current...
Transcript of (Re) Imagining the Cyber Talent Gappublishingext.dir.texas.gov/portal/internal... · handle current...
Copyright © 2018 Deloitte Development LLC. All rights reserved. 1
(RE) IMAGINING THE CYBER TALENT GAPMike Wyatt, Deloitte Consulting LLP, Principal
Tara Mahoutchian, Deloitte Consulting LLP, Senior Manager
May 2018
Copyright © 2018 Deloitte Development LLC. All rights reserved. 2
AGENDA
TOPIC TIMECyber Talent Landscape • The Demand for Cybersecurity Talent• The Cybersecurity Talent Challenge• A Holistic View of Cyber Talent Management• Levers for Attracting and Retaining Critical Talent
15 minutes
The Future of Work• Three Dimensions Influence the Future of Work• Managing a Continuum of Talent Options • Security Considerations Given Changing Talent Models
10 minutes
Case Study: Talent Management in the Public Sector 10 minutes
Lessons Learned: Understanding What Works 5 minutes
Q&A 10 minutes
Copyright © 2016 Deloitte Development LLC. All rights reserved. 3
CYBER TALENT LANDSCAPE
Copyright © 2018 Deloitte Development LLC. All rights reserved. 4
THE DEMAND FOR CYBERSECURITY TALENTMacro business drivers accelerate the need for increased organizational investment in cybersecurity talent
$3.62M
Sophistication and capabilities among hackers continue to increase
Degree of vulnerability of an organization's networks either increases or, at best, does not get worse
Emerging technologies raise CISOs’ concerns, creating new potential security challenges
Patterns of employee participation and behavior are changing due to emerging technologies and new information services
80%
38%
Percentage of U.S. executives who believe cybersecurity is a significant business challenge
Projected cost increase of cyber attacks over the next 10 years
average total cost of a data breach
Sources: Deep Thoughts A Cyber Security Story, What CISOs Worry About in 2018, Cost of a Data Breach Study (2017)
Copyright © 2018 Deloitte Development LLC. All rights reserved. 5
THE CYBERSECURITY TALENT CHALLENGEThough the demand for cybersecurity capabilities is rapidly increasing, the supply of cybersecurity talent fails to meet employers’ needs
95% of cybersecurity incidents involve human error
cite inadequate in-house expertise as the top reason they’re
likely to have a data breach
65% of CISOs
Sources: Deep Thoughts A Cyber Security Story, What CISOs Worry About in 2018, Cost of a Data Breach Study (2017), SANS Institute Enterprise Survival Guide for Ransomware Attacks, Phishme, IBM Security Services, Cybersecurity Intelligence Index, 2014, 2017 (ISC)2 Global Information Workforce Study; 2Cyberseek.org Cybersecurity Heatmap of Supply/Demand, as of July 22, 2017
7 in 10 CISOs cite lack of competent in-house staff as their number one
security-related concern
cybersecurity jobs in the US remain unfilled as of July 2017
349,000
Projected global shortfall in the cybersecurity workforce, a 20% increase over the 2015 forecast$1.8 million
Copyright © 2018 Deloitte Development LLC. All rights reserved. 6
A HOLISTIC VIEW OF CYBER TALENT MANAGEMENTA holistic talent strategy is necessary for organizations to succeed in the constantly evolving field of cyber technology
CYBER LEARNING & DEVELOPMENT
CYBER ORGANIZATION DESIGN
EMPLOYEE PERSPECTIVE
CYBER BEHAVIOR & CULTURE CHANGE
ORGANIZATIONAL CHANGE MANAGEMENT
CYBER WORKFORCE PLANNING
Copyright © 2018 Deloitte Development LLC. All rights reserved. 7
LEVERS FOR ATTRACTING AND RETAINING CRITICAL TALENT
CYBER BEHAVIOR & CULTURE CHANGEEstablish company culture unified by each employee’s understanding of their role in cybersecurity, and the role cyber security plays in executing business strategy
ORGANIZATIONAL CHANGE MANAGEMENTDesign change management solutions to drive adoption of cyber risk systems and processes. Partner with leadership to identify strategic vision for future state
CYBER WORKFORCE PLANNINGIdentify knowledge, skills, and abilities that are critical to establish a skilled workforce that can handle current and future cyber risks. Develop and retain highly skilled and sought-after cybersecurity personnel
CYBER LEARNING & DEVELOPMENTEnhance general and role-based training programs to equip staff to adjust to rapidly evolving cyber risks. Establish employee development programs that drive a cyber-aware culture
CYBER ORGANIZATION DESIGNDesign organizational structures to address conflicts of interest, and identify, prevent, mitigate and respond to cyber risks efficiently and effectively. Identify functional cybersecurity areas that are critical to produce a cyber-savvy organization
EMPLOYEE PERSPECTIVEUnderstand and acknowledge the significant value employees place upon performance management, learning, development and onboarding within new talent models
Meeting an organization’s unique talent needs requires a comprehensive cyber risk people management program, focused on attracting and developing informed and empowered employees
Copyright © 2016 Deloitte Development LLC. All rights reserved. 8
THE FUTURE OF WORK
Copyright © 2018 Deloitte Development LLC. All rights reserved. 9
THREE DIMENSIONS INFLUENCE THE FUTURE OF WORKMacro business drivers and emerging talent needs are expanding and extending the nature of work. The nature of talent, automation and physical proximity in the workplace is dramatically changing
AUTOMATION
TALENT
PHYSICAL PROXIMITY
Understanding “what" work can be done by smart machines
and robots. Over the next 10 years, automation and artificial
intelligence technologies will continue to increase.
Identifying “who” can do the work. In the coming years, technological enhancements will enable new models of interaction between companies, employees and customers.
Assessing “where” work is completed. This involves rethinking technology, talent and the nature of the workplace.
Current work options
Future work options
LEGEND
Copyright © 2018 Deloitte Development LLC. All rights reserved. 10
MANAGING A CONTINUUM OF TALENT OPTIONSTo meet business needs and increasing employee expectations, organizations are embracing new approaches to talent management. As talent models shift, organizations will need to adapt their cybersecurity practices
FULL / PART TIME EMPLOYEES
JOINT VENTURES FREELANCERS
GIG WORKERSCONTRACTORS
CROWDS
O R G A N I Z A T I O N - L E D
T R A D I T I O N A L T A L E N T M O D E L S O P E N T A L E N T M O D E L S
E M P L O Y E E - L E D
Copyright © 2018 Deloitte Development LLC. All rights reserved. 11
SECURITY CONSIDERATIONS GIVEN CHANGING TALENT MODELS Talent models in the future of work create unique challenges from a cybersecurity perspective. Organizations must evaluate security practices from three perspectives: employees, their business and the public sector itself
IMPLICATIONS FOR THE PUBLIC SECTOR
• Reassess legal and regulatory policies
for cybersecurity
• Identify broad-scale points of entry
potential threats and malicious actors
• Emphasize need to support formalized
cyber education and awareness
IMPLICATIONS FOR THE BUSINESS
• Appeal to the need for strong cyber
capabilities at the individual level and
according to worker type
• Engage in scenario planning to mitigate
risk given geographic disbursement of
employees
• Integrate cybersecurity education and
training at all points of talent lifecycle
IMPLICATIONS FOR EMPLOYEES
• Personal, intrinsic commitment to
cybersecurity
• Minimal effort required to exhibit safe
cyber behaviors
• Knowledge of individual actions needed
to manage cyber incidents
Copyright © 2016 Deloitte Development LLC. All rights reserved. 12
CASE STUDY & LESSONS LEARNED
Copyright © 2018 Deloitte Development LLC. All rights reserved. 13
CASE STUDY: TALENT MANAGEMENT IN THE PUBLIC SECTOR The objective of this initiative was to help the State of South Carolina build and deploy a Professional Development Program to develop a cybersecure and privacy-savvy workforce. The goal was to help State agencies better manage the State’s information assets and citizen data to reduce risk
Developed roles and responsibilities based on data classifications
Built a competency model for
security roles
Developed Security
Training Plan Framework
Developed Interview Questions
Created Security Career
Path Toolkit
Revised IT Classifications, developed and
executed Security Implementation
Plan
Professional Development
Program
ApproachBusiness Drivers
Outcomes
Security threats continued to grow in number and sophistication
Increased dependence on a competent workforce to combat potential threats
Increased need for non-full time employees and staff at all levels to
understand their role in protecting information assets
Lack of human capital programs to support the workforce
Initiatives and governance managed individually by State agencies
Strengthened overall security posture for the State by addressing the
professional development of its personnel
Established defined roles and responsibilities for personnel
Deployed role-based training (RBT) commensurate with the roles for
individuals with significant security responsibilities
Identified career growth options for workforce professionals within the State
Copyright © 2018 Deloitte Development LLC. All rights reserved. 14
LESSONS LEARNED: UNDERSTANDING WHAT WORKSFour key areas should be considered in order for a cybersecurity talent project to be successful
Establish Firm Processes and
Guidelines
Engage with leadership and key influencers early and often, even if not all of the answers are yet known, to secure buy-in and understanding. Emphasize the importance of commitment to cybersecurity throughout the organization, not just within the IT function
Align Leadership
Select the learning and awareness methods best suited to communicate expected capabilities and drive behavior change as appropriate. Identify desired engagement methods based on the unique characteristics of the organization and industry, as appropriate
Identify Engagement
Methods
Set clear guidelines for how talent will be managed, and how training and awareness will be provided. Emphasize the need to maintain strong cybersecurity processes and practices at all stages of the talent lifecycle
Determine Expected Capabilities and
Behaviors
Determine the positions, roles and responsibilities for key personas and individuals throughout the organization. Assess potential gaps in the knowledge of key personas in these respective areas
Copyright © 2016 Deloitte Development LLC. All rights reserved. 15
Q & A
Copyright © 2018 Deloitte Development LLC. All rights reserved. 16
THANK YOU.
Mike WyattDeloitte & Touche LLP, Principal
Tara MahoutchianDeloitte Consulting LLP, Senior Manager
Contact Us