July 7, 2017
Like every other movie buff, geek, or nerd on the planet I am a Star Wars fan. I think it’s a stellar series (minus the whole Jar Jar Binks thing, anything with that guy in it could be used as an alternative to waterboarding) that has spun a tale for the ages across the better part of a few decades. After this last week bouncing around on planes across the US, I had time to watch the original movie on a flight; it had been quite a while. During my time seeing Luke learn to be a Jedi, a thought occurred to me. Obi-Wan had the means to solve our cybersecurity talent shortage all along.
Let me clarify.
Obi-Wan teaches this young bad-haircut-having farm boy how to be a Jedi. He indoctrinates him in the methods and practices of the Jedi Order and provides him with a weapon and skills that enable him to perform his purpose more effectively and with an efficiency far beyond his years, and he does this all very quickly (like stupid quickly if you think about it …). Anyway, I’m nerding it up there. Regardless, Obi-Wan knew there was no Jedis available to take on this threat, and he used the one kid that wanted to be part of this thing to take down the Death Star.
That’s the same thing that is needed in our space, cyberspace. Everyone in a leadership position who I talk to about doing cybersecurity better is looking for Jedis, they are searching for the “grey beards” in the industry. The sad fact is that those folks are already gainfully employed with five job offers in the hopper that they can take or turn down at their leisure. There are no more Jedi’s to fight the Empire. So, what should we be doing? Yup, finding more “farm boys” and Padawans to help jump in the fray. But when you do find those with the mindset and the initiative to be engaged in this space, how do you justify using them? You empower them, train them, and reward them for every small triumph they may achieve. There is an entire Padawan army out there coming out of the military, law enforcement, trade schools, and universities with backgrounds in computer science or a similarly useful field. Many of them have real knowledge of how systems and infrastructures run and most of them were “born” into the cloud era. They are native cloud people (another Star Wars reference, ha). They will become Jedi quicker than we can imagine, if we can only provide them with the tools they need to move onward in their journey.
I do not accept (and neither should anyone else) that our industry can’t move an entire cadre of folks towards filling our currently vacant cyberspace job roles. To continue to suggest that we can’t find talent for these open spots says more about those of us currently in the industry’s willingness to innovate and embrace a bit of discomfort than it says about the types of talent standing in line, waiting for the chance to grasp a lightsaber.
To help solve our current problem, it is imperative that ALL leadership (not just CISO’s…and not just security wonks) needs to stop looking for Jedi Masters and start using the power of The Force within these young Padawans to change the tide in the good guys favor. We need to recognize that talent and the proclivity to solve problems is more important than what 3 day certificaiton someone took when we are seeking to fill a job vacancy in our SOC. We should use the tools that are available more effectively and leverage better platform capability and optimized real world training, so that these Padawans will “become more powerful than you can imagine.”
Ok that’s a Dark Side quote, but it’s still cool.
P.S. In the future Jeff Pollard and I will be delineating exactly what tools and techniques are best used for just this type of operation. That’s my prequel pitch…and with absolutely no Jar Jar Binks…
- cloud security
- infrastructure & operations
- IT services
- security & risk
- security operations & program governance
- talent management