Cybersecurity Jobs, Career Paths and Diversity Hiring Get a Closer Look at BlackHat 2021

Depending on who you talk to, there are 50,000 to 60,000 open jobs available for cybersecurity professionals in the United States – add risk management professionals, and the number climbs much higher. The rub is how to match the perfect candidates to the perfect job because it’s as easy as it sounds.

Corporate recruiters and human resources professionals still struggle with issues of making the right hires and encouraging diversity candidates to apply.

Women in Security and Privacy (WISP) will address this issue in an August 4 virtual session at BlackHat with an all-star panel of cybersecurity professionals including Dr. Chenxi Wang, the Founder and General Partner of Rain Capital, an early-stage venture fund focused on Cybersecurity and Aleada Consulting Advisor; Lauren Zabierek, the Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center; Rich Noguera, the Chief Information Security Officer at AppDynamics; and, Deepti Hemwani, Head of Product at Dasera. The session is moderated by Elena Elkina of Aleada Consulting, a San Francisco-based Privacy consultancy and a co-founder of WISP.

“It is common to see a massive under-representation of women, people of color, and those with visible and hidden disabilities in the infosec and privacy field,” said Elkina. “We know diversity is a topic of discussion when recruiting and hiring infosec and privacy professionals, but there is often little guidance available to those recruiting for these positions. We want to talk about ways to overcome obstacles and this panel has strong ideas on strategies to recruit for diversity.”

For cybersecurity pros struggling to find the next great opportunity and organizations seeking to make the next great cybersecurity hire, there’s a new platform that helps everyone. CyberSN, a leading cybersecurity career and staffing firm, has launched the CyberSN Marketplace, a dedicated resource that provides cybersecurity professionals no-cost access to jobs, career resources, salary information and job matching needed to successfully accelerate and manage their career success.

The Marketplace complements CyberSN’s well established Agency staffing services, which are also accessible to hiring firms at CyberSN.com and offers access to every available cybersecurity job posted.

The Marketplace builds on the CyberSN Job Taxonomy, a model that organizes open jobs based on tasks and projects into 10 categories and 45 functional roles via a confidential public profile so they can be found by employers without sharing their identity on a public platform. The CyberSN platform then matches professionals to these jobs based on their confidential profile, and allows them to connect at their choice with jobs that match. Professional members can also take advantage of CyberSN’s career planning and pathing tools, salary and industry data and training and educational resources.

“The cybersecurity job search process is alarmingly broken. Generic job sites don’t work in this highly specialized and growing field. And cyber professionals often don’t join public networks due to confidentiality and security concerns,” said Deidre Diamond, Founder and CEO, CyberSN. “Most job descriptions stink, professionals can’t find jobs that fit their needs and experience and the results speak for themselves. Data shows that 41 percent of cyber professionals want to leave their current employer, but it takes CISOs an average of eight months to find a new position, and at least four months for a security engineer. Our platform fixes this, and getting professionals into jobs that fit isn’t just good for them and their employers, it’s good for the industry.”

“CyberSN’s team understands this constantly changing industry and discipline,” said Bill Pelletier, an Information and Product Security Leader in Boston, MA just placed by CyberSN. “They understand the language, and they care for job candidates as individuals and not just a means to an end. This means that when you’re scheduled for an interview, you’re not talking to just any random company, but one whose needs closely match your abilities and goals. The result is targeted, realistic, and a perfect fit of function, position and -- very important in my personal case -- mission. I cannot say enough positive things about CyberSN and their extended team."

CyberSN invites every cybersecurity professionals to create a confidential profile and browse the jobs that match at the CyberSN Marketplace at https://www.cybersn.com.

For organization seeking that needle in a haystack, Haystack Solutions offers a means of predicting a successful hire with new precision. For example, the US Department of Defense was able to identify elite cyber talent with 95 percent accuracy using the core of Haystack Solutions’ Cyber Aptitude and Talent Assessment (CATA), the first commercially available solution scientifically designed to identify the natural cognitive abilities of individuals entering or upskilling in cybersecurity.

“As the 10th Fleet Commander, I was compelled by the need for identifying and retaining our best talent,” said Vice Admiral Jan Tighe. “I wanted an Armed Services Vocational Aptitude Battery (ASVAB) standard assessment for Cyber. I thought if we can create an aptitude determiner to best align our computer network operations workforce with their optimal work roles, we would boost retention by putting team members in challenging, satisfying roles best suited to their interests and aptitude. The University of Maryland was investigating a similar approach, and we capitalized on some work.”

“A tool like CATA would have saved our team countless hours by driving up retention, reducing retraining costs, and increasing mission effectiveness,” Tighe added.

In research conducted by the University of Maryland, performance-under-pressure testing of hundreds of DoD participants from SOCOM, U.S. Navy, West Point, and USAF, identified aptitudes in key areas associated with cybersecurity excellence such as critical thinking, exhaustiveness of approach and practices, initiating behaviors, real-time effectiveness, and responding behaviors. All tests minimized language bias and allowed participants to be competitive regardless of native language, English-speaking proficiency, or prior experience with IT and cybersecurity principles. Among the DoD partners, CATA testing accurately:

- Classified 97% of all Elite (90% course average or better) performers on a USAF ITF course

- Distinguished with 84% accuracy between high-skill and untrained USAF cyber personnel

- Identified six main clusters of test participants that correlated with a variety of course performance metrics across DoD participants (e.g. SOCOM, U.S. Navy, West Point, and USAF).

  • High performers in four key disciplines – who became the most successful in cyber courses
  • Critical thinkers who scored well in CATA tests such as “Need for Cognition,” “Matrix Reasoning,” and “Dynamic Systems Control.” These candidates were also top performers.
  • Many of the test subjects were determined to be creative thinkers who scored low on many tasks but who performed well in crucial areas such as “Need for Cognition,” “Need for Cognitive Closure,” and “Pattern Vigilance,” and so were well suited for and chosen for cybersecurity roles for which they had not previously applied.

- Developed a composite score - one number that was representative of a candidate's total aptitude

Security Mindsets Principal Charles J. Kolodgy said: “Finding the right candidates and figuring out which employees to invest in additional training are tough decisions that have far ranging impact. The right decision can lead to overall improvement of your organization's security posture, while a poor decision can erode readiness. Haystack's solution opens the ‘black box’ of the cognitive capabilities that can help identify optimal candidates who don’t just have the proper certifications but who also have aptitudes required for success. In this way it is possible to weed out those with superb qualifications but whose innate skills aren’t a fit for a specific task. Getting it right is imperative, and the costs - from delayed hires and poor retention to severe consequences such as missed warning signs - are just too high to gamble with.”

CATA focuses on five key cerebral dimensions: critical thinking, deliberate action, real-time action, proactive thinking, and reactive thinking. It includes a series of tests designed to measure cognitive abilities and map natural aptitude within four domains of cybersecurity careers in the commercial sector:

  • Offensive operations: initiative and creative problem-solving skills using partial data in real time;
  • Defensive operations: detecting anomalies with scans and real time, partial data, screening out distractions;
  • Analytics and forensics: interpret and reconcile exhaustive amounts of often conflicting data; and,
  • Design/development: abilities to programatize creative problem solving and build model programs for execution.

Much of CATA’s core was co-developed by the University of Maryland, and the cognitive assessment was originally used by the National Security Agency and the predecessor of the U.S. Cyber Command, 10th Fleet.

Michael Bunting, Ph.D., the Director of Cognitive Security and Information Operations at University of Maryland’s ARLIS center, Haystack’s CTO, and technology co-inventor, said: “CATA’s core has been used by the U.S. Intelligence Community and Department of Defense (DoD) to create some of the highest performing Cyber Teams. It has been heartening to see it adapted for the commercial sector and, in early trials, to help identify previously unexplored but inherently genius-level cyber talent in schools and universities, who are now garnering some of the most prestigious CTF awards, and who had not previously considered cybersecurity careers.”

Along with mapping to cybersecurity domains, the assessment report supports the NIST/NICE job role framework showing a path to the job roles where there is a natural fit for a more personally rewarding cybersecurity career.

“Cybersecurity is an increasingly complex domain, with a lengthy and arduous learning curve,” said Doug Britton, Haystack Solutions CEO and Founder, and co-developer of CATA. “The commercial sector has long needed insight into the problem solving, visualization, and pattern recognition capabilities of cybersecurity candidates – qualities that certifications and degrees don’t necessarily reflect. Let’s face it, the cybersecurity challenges in the commercial sector are expanding and growing more complex daily. The ability to identify those with innate talents and ensure that they’re being trained for the roles for which they’re best suited can help the commercial sector bridge the talent gap more quickly and effectively. CATA meets this urgent challenge.”

Dr. Bunting agreed: “We need to identify everyone that has the cognitive fingerprint of a cyber warrior and get them in the fight.”

The training of cyber and risk talent took on new importance and momentum during the global pandemic.

In response, the Shared Assessments Program, the member-driven leader in third party risk assurance who’s Certified Third Party Risk Professional (CTPRP) certification program is recognized as a hallmark of proficiency and competency in Third Party Risk Management (TPRM), launched a fully online certification program for the prized credential. The Online On-Demand class shares the same curriculum, body of knowledge and examination as the Web-Based instructor led class, and is delivered in an interactive self-study format.

The Program lets busy working professionals extend their capabilities and achieve advanced certification at their own pace, regardless of the time zone or work-from-home challenges, and equips them to lead complex initiatives.

Luc Levensohn, Senior Manager, Cyber Security, Information Risk Management for Staples, observed the benefits his company derives from CTPRP certification: “Having that broad but well-mapped organizational framework for all of our evidence enables us to be far nimbler and more effective when we respond to unique or tailored customer requests. We can be sensitive to those information requests without launching into an all-out fire drill, which is something you always try to avoid. We’re continually able to prioritize the areas of highest risk, which strengthens our due diligence in an efficient manner. That’s why I have the people on my team take CTPRP tests as soon as they are ready.”

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3