Joy Wangdi
Cybersecurity Trust Officer
LyondellBasell
Dr. Dalia Sherif
Executive Dean, Baccalaureate Programs & Partnerships
Lone Star College
FEBRUARY 2023
As Cybersecurity Trust Officer Joy Wangdi of LyondellBasell says, “The need for cyber talent is real.” Cybersecurity talent has been a hot topic in Evanta CISO communities for awhile – and with hundreds of thousands of cybersecurity workers currently needed to fill open roles, it won’t be going away soon.
At the Houston CISO community’s most recent Executive Summit, Joy Wangdi and Dr. Dalia Sherif, Executive Dean, Baccalaureate Programs & Partnerships at Lone Star College, shared a unique solution with their CISO peers. They created a partnership together to fuel a cybersecurity talent pipeline from education into the workforce. We asked them for some key takeaways from their session on solving the gap between open cybersecurity roles and the need for skilled cyber employees.
How did you get started with this partnership – what was the catalyst?
Joy Wangdi: The [need for cyber talent] has been echoed repeatedly when I have spoken with CISO leaders about their top concerns for the industry. The biggest issue identified was recruiting, followed by retaining top cybersecurity talent.
In the U.S., the cybersecurity workforce has more than 1.1 million workers according to CyberSeek. A key indicator of demand vs. supply is the ratio of currently employed cybersecurity workers to new openings. The supply-demand ratio is currently 68 workers per 100 job openings. Based on these numbers, there is still a need for nearly 530,000 more cybersecurity workers in the U.S. to close current supply gaps.
Instead of trying to win the talent war with already scarce workers, we decided to approach it a different way. At LyondellBasell, we focused on:
- Developing talent by introducing cybersecurity at middle and high school through a gamified cybersecurity experience.
- Preparing students for a professional path, through providing mentoring guides for academic institutions.
- Nurturing a sustainable talent pipeline through college and university engagement with lectures, intern opportunities, and by providing cybersecurity scholarships.
In addition, we hired fresh university graduates that were passionate about cybersecurity from local universities and provided them ongoing training and continuing education. Our partnership with Lone Star College is one example of a partnership where we are building that talent pipeline.
With students coming straight out of a college program, how do you help position them to get security roles?
Dr. Dalia Sherif: The global cybersecurity workforce is growing, but so is the employability gap with many professionals struggling to find that entry level cybersecurity analyst job they are aspiring for.
This is a very rare problem because you have two parallel gaps: a demand gap and a supply gap, in a situation where the two curves don’t seem to intersect.”
- Dr. Dalia Sherif
Dr. Dalia Sherif: Lone Star College has reached out to great employers like LyondellBasell to remove the 3-year work experience requirement on most job openings. Requiring prior cybersecurity or programming work experience for entry level positions may prevent some of the best people from entering the profession. LyondellBasell were very receptive.
From the supply end, we embarked upon building a Security Operations Center (SOC), which will be staffed by our cybersecurity students in their senior year, who will gain practical experience. We are also supporting closing the gap with a Non-IT to IT Transformation. We help non-IT professionals move into IT through a cybersecurity boot camp, providing necessary skills, building their confidence, and making them more competitive.
We are also working on integrating the degree and the certifications. If a candidate graduated from a cybersecurity program, the candidate will have enough knowledge to sit for three basic cybersecurity certifications’ exams by the end of 2023. Requiring both the degree and certification is a major hurdle -- some certificates require 2-5 years IT work experience. Integrating three certifications into our cybersecurity program will be a huge step to support students’ employability and marketability.
What adjustments did you have to make (if any) to recruiting from the program versus recruiting employees with experience?
Joy Wangdi: Rethink what was done in the past, such as hiring from established educational institutions, and think about hiring passionate, local talent. As inexperienced students have the technical skills, build a sound onboarding program and provide new hires a buddy or mentor to understand company culture.
How do you think partnerships like this help build a more diverse pipeline of talent?
Dr. Dalia Sherif: Research shows that women and students of color are underrepresented in internship cohorts, but when they are provided internship opportunities, they are more likely to receive full-time job offers. Internships, in that sense, improve access to first job opportunities post-college, and they promote diversity, equity and inclusion in the workplace.
Employers have reported that enhancing DEI at their respective organizations is a critical goal. Looking at the diversity in Lone Star College student demographics, employers know that they are recruiting a sufficiently diverse internship cohort. Ensuring a diverse group of interns will lead to diversifying newly hired employees, which will ultimately help with equitable representation within the workforce and support the company’s DEI goals.
What do you think other security leaders should know about partnering with college or university programs?
Joy Wangdi: It’s not a short relationship, but a long-term partnership. Talk to your college/university partners to align on common goals and expectations. Work with your partners and help them build and strengthen their curriculum. One of the ways that we are working with colleges and universities is by having our cybersecurity team members be part of the college and university advisory boards with the aim of influencing school curriculum to match industry demand.
Dr. Dalia Sherif: Providing more internships with selective hiring for star interns goes a long way. Statistics show that interns who become full-time employees are almost 30% more likely to still be at your company than other full-time hires. It is also free marketing for the company. Providing internships increases visibility on college campuses and increases the company’s brand recognition. If interns come back with a positive experience, word will quickly spread.
Companies can also increase productivity without incurring a huge cost through internship programs, allowing key personnel to steer clear of smaller side projects. According to a recent NACE survey, 92% of interns were able to fulfill higher-level tasks, like data analysis and problem solving. A quality intern can make huge contributions to the company’s productivity.
What do you think was the biggest takeaway from the session for security executives?
Joy Wangdi: Rethink what good looks like… Instead of only trying to hire experienced workers, rethink the current talent pipeline and be part of developing a new generation of cyber talent.
Dr. Dalia Sherif: Remove the 2-3 years’ requirement. Requiring prior cybersecurity or programming work experience for entry level positions is a major hurdle and exacerbates the current cybersecurity workforce gap. And second, requiring the degree and the certification may be a stretch. If a candidate graduated from a cybersecurity program, the candidate would have enough knowledge to perform an entry level position. Alternatively, some entry level certificates may suffice alongside on the job training.
For more opportunities to discuss cybersecurity talent and other timely topics with your CISO peers, join your local Evanta CISO community.
Content adapted from the Houston CISO Executive Summt. Special thanks to all participating companies.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
