(Re) Imagining the Cyber Talent Gappublishingext.dir.texas.gov/portal/internal... · handle current...

Copyright © 2018 Deloitte Development LLC. All rights reserved. 1

(RE) IMAGINING THE CYBER TALENT GAPMike Wyatt, Deloitte Consulting LLP, Principal

Tara Mahoutchian, Deloitte Consulting LLP, Senior Manager

May 2018


AGENDA

TOPIC TIMECyber Talent Landscape • The Demand for Cybersecurity Talent• The Cybersecurity Talent Challenge• A Holistic View of Cyber Talent Management• Levers for Attracting and Retaining Critical Talent

15 minutes

The Future of Work• Three Dimensions Influence the Future of Work• Managing a Continuum of Talent Options • Security Considerations Given Changing Talent Models

10 minutes

Case Study: Talent Management in the Public Sector 10 minutes

Lessons Learned: Understanding What Works 5 minutes

Q&A 10 minutes


CYBER TALENT LANDSCAPE


THE DEMAND FOR CYBERSECURITY TALENTMacro business drivers accelerate the need for increased organizational investment in cybersecurity talent

$3.62M

Sophistication and capabilities among hackers continue to increase

Degree of vulnerability of an organization's networks either increases or, at best, does not get worse

Emerging technologies raise CISOs’ concerns, creating new potential security challenges

Patterns of employee participation and behavior are changing due to emerging technologies and new information services

80%

38%

Percentage of U.S. executives who believe cybersecurity is a significant business challenge

Projected cost increase of cyber attacks over the next 10 years

average total cost of a data breach

Sources: Deep Thoughts A Cyber Security Story, What CISOs Worry About in 2018, Cost of a Data Breach Study (2017)


THE CYBERSECURITY TALENT CHALLENGEThough the demand for cybersecurity capabilities is rapidly increasing, the supply of cybersecurity talent fails to meet employers’ needs

95% of cybersecurity incidents involve human error

cite inadequate in-house expertise as the top reason they’re

likely to have a data breach

65% of CISOs

Sources: Deep Thoughts A Cyber Security Story, What CISOs Worry About in 2018, Cost of a Data Breach Study (2017), SANS Institute Enterprise Survival Guide for Ransomware Attacks, Phishme, IBM Security Services, Cybersecurity Intelligence Index, 2014, 2017 (ISC)2 Global Information Workforce Study; 2Cyberseek.org Cybersecurity Heatmap of Supply/Demand, as of July 22, 2017

7 in 10 CISOs cite lack of competent in-house staff as their number one

security-related concern

cybersecurity jobs in the US remain unfilled as of July 2017

349,000

Projected global shortfall in the cybersecurity workforce, a 20% increase over the 2015 forecast$1.8 million


A HOLISTIC VIEW OF CYBER TALENT MANAGEMENTA holistic talent strategy is necessary for organizations to succeed in the constantly evolving field of cyber technology

CYBER LEARNING & DEVELOPMENT

CYBER ORGANIZATION DESIGN

EMPLOYEE PERSPECTIVE

CYBER BEHAVIOR & CULTURE CHANGE

ORGANIZATIONAL CHANGE MANAGEMENT

CYBER WORKFORCE PLANNING


LEVERS FOR ATTRACTING AND RETAINING CRITICAL TALENT

CYBER BEHAVIOR & CULTURE CHANGEEstablish company culture unified by each employee’s understanding of their role in cybersecurity, and the role cyber security plays in executing business strategy

ORGANIZATIONAL CHANGE MANAGEMENTDesign change management solutions to drive adoption of cyber risk systems and processes. Partner with leadership to identify strategic vision for future state

CYBER WORKFORCE PLANNINGIdentify knowledge, skills, and abilities that are critical to establish a skilled workforce that can handle current and future cyber risks. Develop and retain highly skilled and sought-after cybersecurity personnel

CYBER LEARNING & DEVELOPMENTEnhance general and role-based training programs to equip staff to adjust to rapidly evolving cyber risks. Establish employee development programs that drive a cyber-aware culture

CYBER ORGANIZATION DESIGNDesign organizational structures to address conflicts of interest, and identify, prevent, mitigate and respond to cyber risks efficiently and effectively. Identify functional cybersecurity areas that are critical to produce a cyber-savvy organization

EMPLOYEE PERSPECTIVEUnderstand and acknowledge the significant value employees place upon performance management, learning, development and onboarding within new talent models

Meeting an organization’s unique talent needs requires a comprehensive cyber risk people management program, focused on attracting and developing informed and empowered employees


THE FUTURE OF WORK


THREE DIMENSIONS INFLUENCE THE FUTURE OF WORKMacro business drivers and emerging talent needs are expanding and extending the nature of work. The nature of talent, automation and physical proximity in the workplace is dramatically changing

AUTOMATION

TALENT

PHYSICAL PROXIMITY

Understanding “what" work can be done by smart machines

and robots. Over the next 10 years, automation and artificial

intelligence technologies will continue to increase.

Identifying “who” can do the work. In the coming years, technological enhancements will enable new models of interaction between companies, employees and customers.

Assessing “where” work is completed. This involves rethinking technology, talent and the nature of the workplace.

Current work options

Future work options

LEGEND


MANAGING A CONTINUUM OF TALENT OPTIONSTo meet business needs and increasing employee expectations, organizations are embracing new approaches to talent management. As talent models shift, organizations will need to adapt their cybersecurity practices

FULL / PART TIME EMPLOYEES

JOINT VENTURES FREELANCERS

GIG WORKERSCONTRACTORS

CROWDS

O R G A N I Z A T I O N - L E D

T R A D I T I O N A L T A L E N T M O D E L S O P E N T A L E N T M O D E L S

E M P L O Y E E - L E D


SECURITY CONSIDERATIONS GIVEN CHANGING TALENT MODELS Talent models in the future of work create unique challenges from a cybersecurity perspective. Organizations must evaluate security practices from three perspectives: employees, their business and the public sector itself

IMPLICATIONS FOR THE PUBLIC SECTOR

• Reassess legal and regulatory policies

for cybersecurity

• Identify broad-scale points of entry

potential threats and malicious actors

• Emphasize need to support formalized

cyber education and awareness

IMPLICATIONS FOR THE BUSINESS

• Appeal to the need for strong cyber

capabilities at the individual level and

according to worker type

• Engage in scenario planning to mitigate

risk given geographic disbursement of

employees

• Integrate cybersecurity education and

training at all points of talent lifecycle

IMPLICATIONS FOR EMPLOYEES

• Personal, intrinsic commitment to

cybersecurity

• Minimal effort required to exhibit safe

cyber behaviors

• Knowledge of individual actions needed

to manage cyber incidents


CASE STUDY & LESSONS LEARNED


CASE STUDY: TALENT MANAGEMENT IN THE PUBLIC SECTOR The objective of this initiative was to help the State of South Carolina build and deploy a Professional Development Program to develop a cybersecure and privacy-savvy workforce. The goal was to help State agencies better manage the State’s information assets and citizen data to reduce risk

Developed roles and responsibilities based on data classifications

Built a competency model for

security roles

Developed Security

Training Plan Framework

Developed Interview Questions

Created Security Career

Path Toolkit

Revised IT Classifications, developed and

executed Security Implementation

Plan

Professional Development

Program

ApproachBusiness Drivers

Outcomes

Security threats continued to grow in number and sophistication

Increased dependence on a competent workforce to combat potential threats

Increased need for non-full time employees and staff at all levels to

understand their role in protecting information assets

Lack of human capital programs to support the workforce

Initiatives and governance managed individually by State agencies

Strengthened overall security posture for the State by addressing the

professional development of its personnel

Established defined roles and responsibilities for personnel

Deployed role-based training (RBT) commensurate with the roles for

individuals with significant security responsibilities

Identified career growth options for workforce professionals within the State


LESSONS LEARNED: UNDERSTANDING WHAT WORKSFour key areas should be considered in order for a cybersecurity talent project to be successful

Establish Firm Processes and

Guidelines

Engage with leadership and key influencers early and often, even if not all of the answers are yet known, to secure buy-in and understanding. Emphasize the importance of commitment to cybersecurity throughout the organization, not just within the IT function

Align Leadership

Select the learning and awareness methods best suited to communicate expected capabilities and drive behavior change as appropriate. Identify desired engagement methods based on the unique characteristics of the organization and industry, as appropriate

Identify Engagement

Methods

Set clear guidelines for how talent will be managed, and how training and awareness will be provided. Emphasize the need to maintain strong cybersecurity processes and practices at all stages of the talent lifecycle

Determine Expected Capabilities and

Behaviors

Determine the positions, roles and responsibilities for key personas and individuals throughout the organization. Assess potential gaps in the knowledge of key personas in these respective areas


Q & A


THANK YOU.

Mike WyattDeloitte & Touche LLP, Principal

Tara MahoutchianDeloitte Consulting LLP, Senior Manager

Contact Us

(Re) Imagining the Cyber Talent Gappublishingext.dir.texas.gov/portal/internal... · handle current...

Documents

Transcript of (Re) Imagining the Cyber Talent Gappublishingext.dir.texas.gov/portal/internal... · handle current...