Fortune 100 Technology Organization
A Fortune 100 technology organization that employs 145,000 people across the world, with more than 400 in its cybersecurity department and plans to hire another 150 cyber employees, determined that people were their most significant risk, not tools and technologies. So the management team asked itself what it could do to invest in its employees and create a thoughtful workforce plan.
Today’s cybersecurity training landscape creates obstacles for employers and candidates alike. Employers with countless open positions to fill are faced with dozens of resumes filled with certifications but little tangible evidence of being qualified to perform the job. Candidates are frustrated because they’ve invested time and money in their education but often find they can’t get past an initial screening interview. The standard thinking that job prospects can be gained largely through certifications no longer applies, but the roles that so desperately need to be filled are not clearly defined.
What if there was a way to change the paradigm to solve this problem? Instead of relying on academics and training providers to divine the up and coming skills in the cybersecurity industry, what if employer demand for role definitions and job functions drove hiring requirements as well as an organization’s training curriculum?
With this premise, CyberVista partnered with this organization to try and improve the process. Understanding the underlying skills within their cybersecurity enterprise was fundamental to developing a human capital management plan for the company’s current and anticipated cyber staff.
If you are going to fundamentally rework your workforce plan, you first have to figure out the status of your company’s cybersecurity department. The organization wanted a hiring framework based on data, current roles, accurate job families, and mobility within career paths. There was a lot of internal information to process so the cybersecurity team partnered with its HR department to ensure the new model fit within the overall company culture.
The project started with an inventory of their current cybersecurity job roles, clarifying its internal hierarchy, reviewing job families and examining what makes each role different. Based on the results of this inventory, CyberVista developed a list of required skills for each job role, weighted and ranked the most critical skills, and grouped them by career level.
While the common lexicon of the National Initiative for Cybersecurity Education (NICE) and the National Cybersecurity Workforce Framework (NCWF) provided a good baseline, the client and CyberVista worked together to ensure that any market taxonomy or skills profiles needed at the company were useable. From there, they were able to create a roadmap for requirements and skills.
Using the NCWF framework, we worked together to identify, aggregate, and audit all their cybersecurity job roles and postings in order to inform job descriptions, HR management, and future staff training requirements. We accomplished this by:
- Conducting a job inventory. The organization reviewed its 400 existing jobs and identified the roles it planned to prioritize and hire for existing restructuring and future hiring initiatives. They updated job responsibilities, many of which were written a decade ago.
- Identifying skills in cyber job roles. We worked together to conduct a thorough analysis of the roles by interviewing stakeholders across various cyber business units. CyberVista used the feedback from this process to try and understand the nuances of the different roles.
- Evaluating market trends. The company was also realistic in setting the expectation that the market landscape, trends, and job hierarchy of the future were critical to the long-term success of the cyber group. It evaluated market landscape and trends that informed the next set of cyber talent solutions and provided a career investment tool for solution.
- Hosting alignment sessions with partners and its consultant. They engaged with external HR market intelligence and specialist teams to understand market salary trends and benchmarks across the industry. CyberVista also engaged with these partners to provide skill and competency input to refine the models.
An Employer-Driven Training Model: The initial analysis helped CyberVista develop a roadmap of cyber career pathways, as well as informed the creation of a training framework that not only would teach the conceptual and practical skills needed to perform the duties of a particular role, but also give aspiring or transitioning cybersecurity talent actionable direction and efficient interventions for advancement.
The initial analysis helped CyberVista develop a roadmap of cyber career pathways, as well as informed the creation of a training framework.
New Job Families and Better Reporting
In the end, the process created five additional cyber job families, allowing the organization to build compensation and hiring plans more aligned with specialized roles. They formed them by considering roles that are the most difficult to fill within their organization and its risk landscape. In addition to the functional job families, they also created a leadership role based on the business skills required in cyber management. Overall, the process impacted more than 460 team members and its market intelligence team priced 44 new jobs.
Moving forward, the organization will continue to monitor the market for trends and continue to refine the job family structure. It plans on using the detailed skill taxonomy CyberVista was able to create to provide performance based career mobility, identifying skills gaps and establishing training plans for staff to upskill or reskill between job roles. Finally, they are working to create a diverse pipeline of security professionals starting at the most junior levels who will have a clear pathway and training options for advancement within their organization.
What CyberVista Gleaned for Training Development
Working with this organization, CyberVista was able to achieve our goal of creating and deploying a flexible framework employers could use to measure, guide, and develop their cyber teams. By synthesizing the data within each job role and family, we were not only able to document the foundational, specialized and on-the-job skills required within each role, but we were also able to analyze the gaps to identify career, skill, and training pathways for cyber professionals. The even more exciting conclusion from our perspective was that now there was real-world data that we could use to build training and education to close the gaps between different skills in a targeted, modular, and efficient way.
This partnership and project informed the creation of a curriculum and training platform based on employer needs—CyberVista’s Critical Knowledge. This employer-driven assessment and training program provides organizations with a reliable and objective way to determine the strengths and weaknesses across their cybersecurity teams and outlines a path forward to address the identified gaps. Begin your workforce analysis today.