Professional Documents
Culture Documents
Sebastian Madden
Chief Corporate Development Officer
Visit: www.pgitl.com
Sebastian Madden– Chief Corporate Development Officer
Visit: www.pgitl.com
PGI Cyber Academy – developing global cyber capacity
• UK Reskilling Programmes
Visit: www.pgitl.com
Why do we need to develop more talent?
Visit: www.pgitl.com
A successful cyber strategy requires staff
• Increasing complexity of IT infrastructure requires
more IT security staff
(Kaspersky, IT security Risks Special Report, 2016)
Visit: www.pgitl.com
Lack of skilled staff has real impacts
• 63% of companies reporting shortage of
skilled staff
(ISC², Cybersecurity Workforce Study, 2018) Has a shortage of cybersecurity skills had a
negative effect on your organization?
• Only 35% of IT teams fully staffed We’ve had a reduced ability to create new IP
for products and services
17%
Visit: www.pgitl.com
Meaning lots of jobs waiting for future talent
Visit: www.pgitl.com
How do people develop to fill these roles?
Visit: www.pgitl.com
How do you develop the staff for these roles?
• School
• STEM, Coding, Security Mindset
• Higher Education
• Computer Science BSc, Cyber Security MSc
• Self-directed learning
• Online resources
• Challenges
• Hackathons, cyber security challenge
• Vocational Training
• Professional Certifications
• Hands on Experience
Visit: www.pgitl.com
Note: Academic study alone is not the answer
• Only 23% of companies agree current degree
courses are preparing students for cyber
security roles
(Intel Security Report)
Visit: www.pgitl.com
Vocational Training and Experience
• e-Learning
• Classroom-based Training
• Laboratories
• On the job training
• Coaching and mentoring
• Exercises and drills
• Certifications
Visit: www.pgitl.com
Requires a structure
Visit: www.pgitl.com
The cyber talent pool contains different skills
• Threat Intelligence: staff who are able to monitor and analyse threat actors’ activity,
and advise on events, trends and counter-measures.
• DevOps: staff who are able to design and develop software that is suitable for
deployment in high security environments and to support cyber security missions
and use that experience to advise others.
• Governance, Risk and Compliance (GRC): staff who are able to develop, understand
and advise on the appropriate interpretation and application of, or measure and
monitor compliance with information assurance policy.
• Incident Response: staff who are able to understand the intent and consequence of hostile activity and mount an effective
response to mitigate its impact.
• Secure Systems Engineering: staff who are able to design, build and implement infrastructure and networks in a high security
environments and use that experience to advise others.
• Security Operations: staff who are able to monitor and interpret activity on networks to detect and identify anomalous or hostile
activity.
• Threat Engineering: staff who can develop and replicate attack techniques, or analyse compromised systems or malware, and
advise on attackers’ intent and capability and system vulnerabilities to those attacks.
Visit: www.pgitl.com
Career progression reflects experience and role
TI DO GRC IR SSE SO TE
Levels 4+
Guiding Chief Consultant
Driving Consultant
Activating Expert
Visit: www.pgitl.com
A career takes different paths from role to role
• As cyber professionals build their skills and
experience, they become suited for different roles Expert GRC
Security
Ops
Threat
Eng
Cyber
Intel
IR Dev Ops
Secure
Sys Eng
Visit: www.pgitl.com
Training should match role, level and experience
TI DO GRC IR SSE SO TE
Visit: www.pgitl.com
Putting it all together
• Continual assessment against skills framework
Visit: www.pgitl.com
Thank you
sebastian.madden@pgitl.com
Visit: www.pgitl.com