Started from the bottom, now we’re CISOs

The talent paradox

The talent shortage might be the most-discussed topic in all of cybersecurity. What's talked about less are the stories of the people who do everything they can to fill some of those open jobs — and give up when no one will hire them.

Nicholas McLaren was almost one of them.

• The Georgia State grad thought his degree in information security would lead to a job in the field. But every employer he connected with was looking for years of experience. Until he met AJ Yawn.
• The founder of compliance software startup ByteChek agreed to mentor McLaren, which eventually led to a position. McLaren has since moved on and is now a senior cloud security engineer at a major U.S. bank, Truist.
• McLaren is now a "monster" on cloud security, Yawn said. And "there are so many people out there that are just like that — that have the baseline skills, that are willing and ready, but just are not getting the opportunity."

The lack of entry-level jobs is not only perpetuating the cybersecurity talent shortage, but it's also bad for diversity.

• For instance, NextGen Cyber Talent offers cybersecurity training programs that aim to build out the pipeline of diverse candidates into the field.
• But of the 250 people that went through the program last year, just 20 were placed into jobs or internships, due to the widespread requirements for real-world experience.
• In other words, cybersecurity doesn't have a talent gap — it has a talent paradox. "The talent gap lives entirely in the minds of hiring managers in cybersecurity," said Naomi Buckwalter, a longtime cybersecurity professional who now leads the Cybersecurity Gatebreakers Foundation, focused on trying to change the industry’s hiring practices.

But some companies are showing that entry-level security roles are possible.

• This can take a number of forms, executives told me. It can mean finding an entry-level position for a promising candidate and then providing training. Or it can mean bringing candidates on as an apprentice or intern — with the goal of moving them into a full-time role.
• Another option is to bring in talented workers from other parts of the organization to join the cybersecurity team, as Walmart has been doing for years, said Deputy CISO Rob Duhart Jr.
• Duhart puts it this way: "To solve this problem in your organization, you have to start taking these risks — and you'll find that they really aren't risks at all."

Read the full story here.

— Kyle Alspach (email | twitter)

SPONSORED CONTENT FROM SAP

The competitive edge of digital solutions: For the last 50 years, SAP has worked closely with our customers to solve some of the world’s most intricate problems. We have also seen, and have been a part of, rapid accelerations in technology in response. Across industries, certain paths have emerged to help businesses manage the unexpected challenges over the last few years.

Read more from SAP

The unicorns are fine

A month-and-a-half ago, the cybersecurity industry shuddered as news spread about major layoffs at mega-unicorn Lacework. And it would turn out to be just the first in a series of cutbacks by security vendors (thanks, economy). But here's a reality check: It hasn't been that long of a series.

I counted a total of seven cybersecurity companies that have laid off employees since late May. But there are at least 3,000 security vendors right now, per CyberDB. Which means that less than 1% of cybersecurity companies have disclosed layoffs. (Actually, way less — 0.2%). Among unicorns, the figure is higher — about 7%, or four out of 60 — but still doesn't seem that crazy to me.

Today, I tried to get a VC that I've known for years, Deepak Jeevankumar of Dell Technologies Capital, to agree with me that, actually, the more interesting story is how few security companies have done layoffs. And he did agree — sort of. "I don't think it's a trend yet," he told me. "But the question is, will it become a trend?"

Well, it might. While spending on cybersecurity is expected to be more resilient than most other types in the enterprise, plenty of smart prognosticators are expecting a big wave of industry consolidation ahead. And cutting back on staff, especially in areas like sales, is often seen as a good idea before shopping yourself for an acquisition. (A good idea from a management perspective, at least.)

Still, most cybersecurity unicorns seem pretty confident in their prospects. At least for now. According to Jeevankumar, looking ahead, "anybody who became a unicorn too fast is probably at the highest risk."

— Kyle Alspach (email | twitter)

Enterprise moves

Over the past week VMWare and Stack Overflow added technical C-suite roles, Amplitude snagged an executive from UiPath and more.

Chip Childers joined VMware as chief open source officer. Childers was formerly executive director of the Cloud Foundry Foundation.

Jody Bailey is the new CTO at Stack Overflow. Bailey was previously director of product development at AWS and CTO of Pluralsight.

Thomas Hansen joined Amplitude as its first president. Hansen most recently took UiPath through its IPO as chief revenue officer, and also worked at VMWare, Dropbox and Microsoft.

Tom Keane left his role as corporate vice president at Microsoft. Keane was at Microsoft for over two decades working on Office 365 and Azure. His departure comes shortly after allegations of verbal abuse.

— Aisha Counts (email | twitter)

Around the enterprise

Ukraine President Volodymyr Zelenskyy awarded AWS and Microsoft with the country’s peace prize for their work preserving key parts of its digital infrastructure.

SPONSORED CONTENT FROM SAP

The competitive edge of digital solutions: When companies invest in maintaining their “green ledger” with the same commitment they have to their financial ledgers, they will be able to connect their environmental, social, and financial data holistically so they can steer their business towards sustainability. At the end of the day, what gets measured, gets managed.

Read more from SAP