Discover more from Cybersecurity Leadership Development Coaching | CPF Coaching
Cybersecurity Talent CI/CD Pipeline
There seems to be an ever-climbing number of open roles, with employers stating a considerable gap between the talent they need and the talent they want. Unfortunately, this talent gap is almost self-imposed. The only way to solve this problem is to create a talent pipeline with continuous integration and development (CI/CD) supported and enabled by employers. This talent CI/CD pipeline allows employers and candidates to find ways to meet them where they are and together.
Below is an example of a CI/CD pipeline used in software development, which makes it a canny analogy for this process. The CI/CD model is a continuous process of developing and releasing code, from plan to monitoring.
Another way to dissect this approach is to look at the different chambers below as part of the pipeline. We will use a similar chambered method to discuss the diverse talent pools and their integration into the workforce.
This talent CI/CD includes three major components that allow employers and candidates to integrate at different stages. The major categories include
The current workforce
The incoming workforce
The future workforce
The available resources are free to move about the different tiers of the model.
The Current Workforce
Employers should look at existing associates in another role supporting cybersecurity for those in the current workforce category. Those who might be in positions in alternative job verticals with a significant amount of transferable skills, those who might be interested in cybersecurity with transferable skills, and those who might not be aware of what cybersecurity is but might be interested in a challenging role. The key here is potentially to take advantage of associates already in the organization and aligned with the organizational mission. Internal hires reduce the recruiting costs compared to other potential corporate roles with lower recruiting costs. Additionally, while these transfers will require additional training, ramp-up time, and some organizational inefficiencies, they typically build increased loyalty and retention, adding to dramatic cost savings in the long run. An internal hire or transfer will come with a performance history, so there are fewer surprises regarding how they may perform when challenged. For this phase of the talent CI/CD pipeline, the organization needs to have specialized training for associates to funnel talent from one area to another successfully. The ability to dedicate time on the clock towards learning these new skills and potentially work on projects like job sharing or special interests.
Consider the skills and competencies needed for the roles when recruiting resources already in the workforce. Often, job descriptions look like they are a wishlist of skills, competencies, and experiences. While most hiring managers know that they are willing to take on candidates with 50–70% of the requirements, they approve this extremely long list to be posted. One way to temper these long lists is to separate the required from the highly preferred. However, even the fact that the job description has a long list has the potential to disway some applicants from applying. Some candidates would not apply unless they meet the majority or all listed items. The downside is that most candidates who complete most of the requirements will not likely have enough room to grow in the role and will either become bored and stagnate or leave for another part quickly.
Another consideration is where/when your organization is recruiting. To get a diverse pool of candidates, you want to ensure that your organization is not just recruiting people from the same schools, conferences, or job sites. Have them look into different communities of talent. Recruiting from the same talent pools will limit the diversity of talent you are getting and potentially limit or display an artificial talent shortage. Additionally, if your competitors are only recruiting from that pool, it will strain the supply and drive up rates due to the competition. As you all pull from the same limited talent pool, poaching or recruiting from competitors will also affect artificial shortages and increased rates.
As COVID has demonstrated, the workforce can function effectively in a remote-only environment. Allowing companies to open up the radiuses for recruiting (if considering a hybrid future) or recruiting from new regions of the county, providing more diverse candidates, and even potentially reducing recruiting costs (if your organization uses cost of living rates). When operating in a fully remote environment, having a great organizational culture allows remote stakeholders to feel like they are part of the organization, even if they are not in the office.
For organizations looking to integrate the talent from the current workforce directly into different stages of the organizational ladder, there is now a potential for a sub-optimal mix of the acquisition cost of the resources and their alignment of skills to what the organization needs.
The potential solution for this, which requires more structure and investment from leadership, is to develop an internal growth pipeline. In this way, all talent must progress through the necessary stage of the internal pipeline for progression. If this is done, even while adopting senior talent, they should all go through from the junior level, completing the requirements and progressing. Having senior talent complete this progression will also allow them to identify gaps and opportunities for optimization at the lower levels.
The Incoming Workforce
As we move on to the incoming workforce, we face a new dilemma: they currently do not have work experience per se and might not have the skills and competencies employers seek. This group will have degrees from universities, high schools, or even the military. While they might have some theoretical or foundational field knowledge, they usually still have much to learn.
Some current approaches to integrating these resources into the workforce include part-time roles allowing them to continue school and work, full-time roles, internships with an educational requirement and providing academic credit and some fields. In these apprenticeships, the incoming workforce must work for a specified amount of hours and continuous education before achieving a career tier.
Some of the challenges with internships are how they might be deployed. If the internships are appropriately designed, they tend to get a reputation and become highly sought after. Some employers take advantage of this group by underpaying or not paying them and even using them for menial tasks unrelated to their role or educational value. Unpaid internships favor the privileged as the underprivileged might be unable to do an unpaid position as they are relied upon to support their families. Paid internships can provide even the playing field and should be the norm. Local businesses could potentially increase their ability to take on interns by developing a tiered growth approach. Creating an internship program means working with education institutions on how their workforce and services can use the skills and competencies of students and how their degree programs can gain value from the internship.
One of the approaches to help negate this comes from other trade industries where they have developed pipelining in the form of apprenticeships. In apprenticeships, resources are hired on at a genuinely entry-level role, paired with more experienced resources that provide them with on-the-job training. This on-the-job training requires new resources to achieve the prescribed amount of continuous education. Having specified amounts of on-the-job training and continuous education sets expectations for what is needed to get to the next level within that field. Examples of fields that use the apprenticeship model: Electrical, Nursing, Teaching, and many more trade-focused roles.
“Apprenticeship may feel counterintuitive in the face of intense workplace time pressures, but — with some modernizing — it can efficiently unlock the rapid capability building that today’s knowledge-based workforce requires.” ~ By Lisa Christensen, Jake Gittleson, Matt Smith, and Heather Stefanski (Mckinsey & Co)
Through this approach, the field’s (cybersecurity) needs are more closely met because employers are partaking in developing the talent pipeline. The integrated approach differs from using resources from the current workforce because the resources are being injected at different levels of the organizational structure with less optimal alignment of resources and higher acquisition costs.
While this might seem to be only targeted at the private sector, the public sector, specifically the military, already uses such an approach. In the US, the federal government operates a method comparable to this through specific requirements to progress through the ranks. Unfortunately, the bureaucracy around this has reduced the rate of progress for candidates. While this appeals to some, others prefer to have more steady growth.
The Future Workforce
Creating a pipeline of resources from the future workforce starts with ensuring that there are examples of them in the community and the community sees value in the profession providing for them. Everyone has heard of doctors, lawyers, and police officers because they are visible examples of them in the community, providing for and supporting the community. Without these visual examples, sometimes getting family support for these other professions becomes challenging. For example, families from a farming background might not be as familiar with computers, as resources like that might not have been available for them growing up. Having resources like that becomes a requirement in driving awareness of their value and how they can help provide for the community.
Next, ensuring that these generations of resources are aware of the personal and family safety issues with technology and the internet. While it can be used as a resource for providing and supporting the community, it does come with some safety and awareness concerns that everyone needs to be aware of. Ensuring that they can see both the dangers and what they can do to protect themselves will help them see the potential careers in the industry to protect and defend the infrastructure that supports our infrastructure.
Basic digital literacy and competency should be a requirement for all, similar to basic mathematical and financial literacy. The educational system should have technology and security tracks identical to math and science tracks. Dedicated educational channels would help prepare future generations to use technology in their job roles. Early awareness of career opportunities allows future generations to consider them as potential future roles.
Due to the long tail of integration of this generation, it will take the efforts of the community to help shape the cirrocumuli and requirements of the foundational knowledge that these future students need, as well as the development of the integration into its talent pipeline. It will require a combination of the private and public sectors to shape the future of these students.
Time to deploy this Change
The solution to this monumental problem, as it truly is on a national or even global scale, requires all participation to help with its development. We need the community to see the need to invest in the continuous education and development of resources through the talent pipeline lifecycle. Cybersecurity is a fundamental requirement in our society, which is so heavily reliant on technology to function that even the roles that are not cybersecurity-focused, like nurses, lawyers, doctors, policemen, plumbers, farmers, etc., will all still be interacting with technology at home or work and should have a basic fundamental knowledge of cybersecurity safety.
For more information or potential speaking engagements on this topic, reach out to email@example.com
originally posted: https://medium.cpf-coaching.com/cybersecurity-talent-ci-cd-pipeline-499458f3bc02