Firemen vs. Safety Matches: How the current skills pipeline is wrong

Most of the discussion about solving the skills shortage and staffing pipeline in cyber/information/data/computer security has focused solely on training people to be the “next cyber professional.” However, this methodology is woefully misplaced and can be equated to just how first responders, such as EMTs, firemen, police, and others are acquired, developed, and deployed in their operating environment. You can’t get everybody to choose to be on the front lines, nor have them run into a burning building without exhausting your supply of ready volunteers, and burning out those who are already dealing with a high stress, intense, and critical role that is already woefully understaffed.

As a senior technology executive who has risen from a start in engineering and front-line security incident handling and analysis passing through multiple industry sectors and organizations, I believe that the strategy currently being promoted in the highest levels of the public sector, but also peddled by many in the private sector and academia, could be adjusted to produce a better overall outcome. In my presentation I propose leveraging and exploiting the diverse source of skills we already have in place and in development to ensure we can use them as a force multiplier for those in the security field, and in turn, create more secure systems and technology.

Amélie Koran (@webjedi) has performed the role of n00b to executive in 20 “short” years but has enjoyed every minute of learning and sharing ideas along her rather circuitous track. As a Deputy CIO within the Federal government, she’s helped develop national cybersecurity policy, perform workforce planning and development, but also respond and handle major security incidents at major NGOs, Fortune 125, and other organizations. She can be found regularly volunteering at local DC area security conferences and groups, trying to mentor others, and give back to the community that has given so much to her. She misses the daily hunt tracking of a SOC but also likes not having to ever really be on-call any more and getting regular sleep.