In the aftermath of The Great Resignation, the talent aperture has been steadily closing. What once was a talent pool has become a talent war and, in many ways, has become a battle of attrition. The consequences are equally numerous and costly, particularly when it comes to an organization’s security – most notably cybersecurity. But there are ways to fight the battle and win the war, and that fight begins within. And, as we learned on an innovation exchange from Jay Wiley, Deputy CISO from M&T Bank, at GDS Group’s recent security North America summit, the steps to make this happen are attainable but require investment and a leap of faith. The following is what we learned from Mr. Wiley’s innovation exchange.
In brief:
- The talent aperture in the security industry is shrinking, leading to a talent war and a battle of attrition, particularly in cybersecurity.
- Internal training and development programs are crucial to empower and grow exceptional security professionals within organizations.
- Successful training programs should focus on leadership development, technical skills training, and building a sense of community and purpose among employees. It is important to invest in training despite concerns about trainees leaving for other opportunities.
Table of contents:
| In brief | 1 |
| You’ve got talent (problems) | 2 |
| Win from within: training and development programs | 3 |
| Let’s hear from our audience | 4 |
| Conclusion: where to begin in order to win | 5 |
You’ve got talent (problems)
Cybersecurity statistics indicate that there are 2,200 cyber-attacks per day, an average of one attack every 39 seconds. To battle this ongoing onslaught, organizations need their security staff to be empowered, skilled, and fully prepared to counter these attacks as quickly as possible. This means orgs need to gain a deeper understanding of the key traits and competencies that define exceptional security professionals and, more importantly during this talent crisis, how to foster their growth, all within a price point they can afford. The reason, as Jay succinctly points out, is that “traditional approaches are no longer working,” adding, “20 years ago you could call a recruiting firm with your wants and needs and then they’d come back to you with a list of prime candidates to fill your slots. In the wake of COVID and the talent crisis, that’s no longer the case.”
The solution lies in a proper internal training and development program…but that brings up a whole new set of problems. First of all, to do so requires an investment that some companies are reticent to dish out. Furthermore, there’s the fear of a trainee taking their new skillset and learnings elsewhere. As Jay pointed out, these are things organizations are “just going to have to get over and take the chance, regardless.”
Jay Wiley describes the problems with not only talent but training and development.
Win from within: training and development programs
From Jay’s experience at M&T Bank, he broke down how four of their successful training and development programs work on a variety of levels. In the case of M&T’s leadership development program, Jay explained, “We create a cohort of 30-40 people and put them through a year-long training course where we expose individuals to common tasks, concepts, and leadership themes that sort of builds a rapport across the enterprise so that, as that cohort advances in seniority up the chain, we know that in 10 years that cohort will be the ones helping run the company with a long history of working together and getting things done.” This also builds a sense of community and purpose and tends to make these employees who have a rich understanding of the business want to stay with the company. Jay also added the importance of getting these training programs underway at the internship level.
As for technical skills training, Jay shared that M&T has “distinct programs in upskilling and reskilling because, as things are going to the cloud more and more, you’re going to need talent who has those skills,” adding that the same goes 10-fold for cybersecurity. But this takes commitment to take the talent, train the talent, and then hire them on a full-time basis because, as Jay notes,
“Your dedication will engender loyalty because you’ve given them an opportunity to learn a new skill”
Jay Wiley, Deputy CISO, M&T Bank
All while building inter-office relationships – something you cannot replicate by hiring someone new altogether.
Jay Wiley explains the facets of M&T Bank’s successful development programs.
Let’s hear from our audience
“Don’t be afraid to train people out of fear they might leave because what if you don’t train them and they decide to stay…”
Jay Wiley, Deputy CISO, M&T Bank
Q) Audience Member: “How do you find the balance of keeping the job fresh for those in the development program while bringing in fresh talent to ultimately replace those who move on?”
A) Jay Wiley: So, I think there are two aspects to how we tackle it: One is with a robust job architecture that gives them a clear path within their particular family or cohort but we also highlight other families/cohorts where they could transition over to. This gives them the chance to see which pathways are available and best suit them so they can follow that training path accordingly. Second, in terms of onboarding fresh talent, we take the aforementioned job architecture and apply it to the HR side so that new employees will have the programs laid out for them.
Q) Audience Member: “How do you keep it exciting for current or new staff when the job they want is more focused on older technologies and doesn’t include the next shiny new thing like ChatGPT?”
A) Jay Wiley: We have a built-in nature to our architecture which, for new staffers, we present as a role in which they’d spend some time and have the opportunity to matriculate into another job. For instance, we’ve actually hired 3 administrative assistants who had various backgrounds in HR and risk and now, boom, they’re now over into the cybersecurity analysts or risk analyst roles.
Q) Audience Member: “How do you get upper management buy-in and change their overall mindset on training and development, all while not leaving yourself open to a breach?”
A) Jay Wiley: You need to present and open a broader conversation around the total cost of ownership. This includes total cost of ownership on software, on hardware, on personnel. But that also needs to include the ROI on this ownership: increasing employee longevity with a staff who is skilled and ready for an attack. But it definitely begins and ends with approaching senior leadership with the total cost of ownership.
Security Summit host Ben Thompson and M&T Bank’s Jay Wiley take on questions from the audience.
Conclusion: where to begin in order to win
It starts from the top with buy-in from senior leadership in not just the programs but in the cultural ripple effect. From there, placing new staff in these programs while keeping doors open to other opportunities within the organization so that they stay and are well-equipped to avoid being a liability. This builds a sort of family environment while encouraging success across the board, all while keeping the enterprise safe. And this is what it takes to win against cyberattacks, to win the talent war, and to truly win from within.
Our recent North America security digital summit that Jay spoke at, ended with an impressive average content attendance of 94% and a meeting completion rate of 117% against target.
Partnering with GDS Group can help you get in front of the right people at the right time.
Don’t miss out on the opportunity to attend one of our unforgettable event experiences that promise to leave you feeling inspired and empowered.
Check our calendar now and join us. We can’t wait to see you there!
