At CISOSHARE, we have been focused on building functional cyber security programs while also addressing the livable wage gap and tackling the cyber security resource shortage. A large part of our effort is working on identifying untapped pools of talent with appropriate aptitudes, developing their base cyber security skills, and then putting them to work in security programs that are engineered and readied to maximize the value for everyone.

This session is designed for both leaders that are interested in implementing a socially conscious security program, or anyone in security that is interested in understanding how they can participate in this type of effort. This session will teach how to design or retrofit a security effort so that it enables integration of talent from these often-forgotten pathways while simultaneously aligning to best practices and creating a functional security program.

The session will begin by exploring why aptitude-based professional development works and the data associated with our research in this area thus far. We will also present some use case data on how organizations and their security programs have successfully built this type of mindset and capability into their overall program effort and some of the impact this has had on their security posture.

Next, we will describe actionable techniques for building these capabilities into your security program. This includes items such as how to build an internal mentoring program, managing HR requirements, techniques for building a teaching and development-focused culture, understanding roles and responsibilities between those that are learning, and those that must teach, getting production from these resources, as well as accountability and execution considerations.