Leading the Way – Talent Development as a Business Enabler

Finding and retaining top talent in cybersecurity is a consistent challenge for CISOs across Evanta communities. In fact, in our latest Community Pulse Survey on Talent Strategy, 96% of CISOs reported that recruiting was either “very challenging” (43%) or “somewhat challenging” (53%) right now – a higher percentage of executives citing “very challenging” than any other C-suite role in the Evanta community survey.

At the recent Chicago CISO Executive Summit, Vice President and CISO of State Farm Jesse Magenheimer led a breakout session, along with Aman Raheja, CISO, IT Risk & IT Vendor Management at Humana, on how security executives can tie talent strategy and development within the security function to business outcomes. They also shared practical ways to implement continuous learning and development on security teams.

Here, Jesse, who is also a Governing Body Member of the Chicago CISO Community, shares some key takeaways from the highly-rated session.
 

Why is it important for CISOs to focus on talent development?

This is about investing in the future. For talent already in your organization, it demonstrates a commitment to helping ensure associates have options to further grow and enhance their knowledge and capabilities. For your talent pipeline—those not currently in your organization—it’s about having confidence that skills and competencies that will be needed in the future are available.

We know there’s a global shortage of talent in the cybersecurity discipline. Our charge is to meet the needs of today while ensuring our organizations are positioned to continue meeting them in the future. Having strong talent is such a critical aspect that we have to get right in order to do that.
 

Cybersecurity teams are a key enabler of trust.”

How do you tie talent strategy and development within the security function to business outcomes?

Ensuring line of sight through talent measures or goals can help your organization as it strives for modern, flexible IT capabilities as a key enabler for business imperatives. In the vein of modern, flexible IT capabilities, perhaps that translates to some form of cloud migrations. Do you have training targets, certification goals, and proficiency measures set that help gauge progress and results?

Regardless of your organization’s industry, conducting business is typically predicated on trust. Cybersecurity teams are a key enabler of trust—protecting the information that customers and clients trust companies with every day. Teams must protect the confidentiality, integrity, and availability of systems and data today and into the future, while also having an enablement mindset. Often, you can gauge how well your talent strategies prioritize robust cybersecurity competence and practices, while fostering enablement, with responsible forward movement on key business initiatives.
 

When you discussed how to create a culture for continuous development in your session, what were some examples of how to do this?

• Intentional time for teams to pursue learning endeavors (if you’re working in an Agile Delivery format, Planning and Innovation sprints are ideal for this).
• Providing adequate funding to support development, whether that’s for courses, conferences, self-study materials, online simulations, service on industry working groups, etc.
• Setting a tone at the top of your security organization about the expectation that personal and professional development is a key component of the work we all do. Modeling it is important.
• Actively contributing to programs that support future talent and help you build relationships early: STEM programs, women in technology, internships and cooperative work relationships, teaching in classrooms, helping universities develop curricula, and so on.
• Developing rotational programs that enable people to see different parts of your security organization to help those who are interested in entering the field get exposure to such opportunities.

What do you think or hope were the biggest 2 or 3 takeaways for CISOs from your session?

• You must be intentional. Defending your organization from attackers, complying with laws and regulations, and securely enabling your business are among the many critical components of a CISO’s role.
• Be creative and collaborative. Each organization has different realities and constraints, but talent development is a need across the cybersecurity industry. To the extent possible, take time to share what’s working with others and seek information about how peers are approaching talent challenges and opportunities as well.
   

To learn more from your cybersecurity peers and participate in discussions on topics like talent strategies and more, find your local Evanta CISO Community and join today. If you are already a member of an Evanta CISO community, check out MyEvanta to view upcoming opportunities to collaborate in-person and virtually with your CISO peers.