Leading the Future of Cyber Security Talent

Sebastian Madden
Chief Corporate Development Officer

Visit: www.pgitl.com
 Sebastian Madden– Chief Corporate Development Officer

• 20 Years experience in cyber policy and operations in Government and

private sector

• Former UK senior civil servant, Chief of Staff to National Security Adviser

• Established UK central crisis management mechanism

• Designed UK Centre for Protection of National Infrastructure

• Leads PGI’s projects to build cyber security capacity

• Middle East government strategy and national cyber security centre design

• Jordanian Government Cyber Security Academy

• Training programmes for government and central banks

Arabic: http://ar.pgitl.com/ Visit: www.pgitl.com

PGI Cyber Services

• Strategies, policies and organisational design

• Implement and Audit Frameworks and Standards

• ISO27001, Cyber Essentials, GDPR

• CREST-Registered Penetration Testing

• CREST-Registered Incident Responder

• Forensics Laboratory Services

• Security Operations Centre Services

Visit: www.pgitl.com
PGI Cyber Academy – developing global cyber capacity

• Cyber Academies and National Training Programmes

• Central Banks’ Training Programmes

• UK Reskilling Programmes

• Organisational training programmes

• Cyber Security Exercises and Drills

• Academic and government partnerships

• UK, Europe, SE Asia and Middle East

Visit: www.pgitl.com
Why do we need to develop more talent?

Visit: www.pgitl.com
A successful cyber strategy requires staff
• Increasing complexity of IT infrastructure requires
more IT security staff
(Kaspersky, IT security Risks Special Report, 2016)

• A typical large company devotes 15% of its IT staff to

cyber security
(Kaspersky, IT security Risks Special Report, 2016)

• Maintaining basic cyber security awareness in a

company’s staff requires 1.4 to 2.6 full time staff
(SANS Security Awareness Report, 2017)

Visit: www.pgitl.com
 Lack of skilled staff has real impacts
• 63% of companies reporting shortage of
skilled staff
(ISC², Cybersecurity Workforce Study, 2018) Has a shortage of cybersecurity skills had a
negative effect on your organization?

• Only 35% of IT teams fully staffed We’ve had a reduced ability to create new IP
for products and services
17%

(ACN IT Salary Survey, 2017) We’ve suffered reputational damage 22%

We’ve lost proprietary data through

• 44% of cyber vacancies take more than 6

25%
cyberattacks
We are a target for hackers as they know our
33%
cybersecurity is not strong enough
We can’t maintain an adequate staff of
months to fill cybersecurity professionals
0% 5%
35%

10% 15% 20% 25% 30% 35% 40%

(ISACA State of Cyber Security 2017)
Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills

• Companies with cyber skills shortages http://www.mcafee.com/us/resources/reports/rp-hacking-skills-shortage.pdf

spend 3x more recovering from breaches

(Kaspersky, IT security Risks Special Report, 2016)

Visit: www.pgitl.com
 Meaning lots of jobs waiting for future talent

Global shortfall in skills currently

estimated at 2.93 million
professionals
(ISC², Cybersecurity Workforce Study, 2018)

Visit: www.pgitl.com
How do people develop to fill these roles?

Visit: www.pgitl.com
 How do you develop the staff for these roles?
• School
• STEM, Coding, Security Mindset

• Higher Education
• Computer Science BSc, Cyber Security MSc
• Self-directed learning
• Online resources
• Challenges
• Hackathons, cyber security challenge
• Vocational Training
• Professional Certifications
• Hands on Experience

Visit: www.pgitl.com
Note: Academic study alone is not the answer
• Only 23% of companies agree current degree
courses are preparing students for cyber
security roles
(Intel Security Report)

• Cyber security employers prefer hands on

experience and professional certifications to a
degree OR
(McAfee, Hacking the Skills Shortage, 2016)

• Even a BSc in a technical subject ranks 3rd in

selection criteria after hands on experience
and professional certifications
(Intel Security Report)

Visit: www.pgitl.com
Vocational Training and Experience
• e-Learning
• Classroom-based Training
• Laboratories
• On the job training
• Coaching and mentoring
• Exercises and drills
• Certifications

Visit: www.pgitl.com
Requires a structure

• Skills framework provides definitions

• Career streams: penetration testing,
DFIR, SOC, GRC
• Levels of expertise: trainee, apprentice,
practitioner, specialist, expert
• Required competencies (skills,
knowledge, aptitude)
• Enables workforce planning and
progression to new roles
• Training programme can be designed
around skills framework

Visit: www.pgitl.com
The cyber talent pool contains different skills
• Threat Intelligence: staff who are able to monitor and analyse threat actors’ activity,
and advise on events, trends and counter-measures.

• DevOps: staff who are able to design and develop software that is suitable for
deployment in high security environments and to support cyber security missions
and use that experience to advise others.

• Governance, Risk and Compliance (GRC): staff who are able to develop, understand
and advise on the appropriate interpretation and application of, or measure and
monitor compliance with information assurance policy.

• Incident Response: staff who are able to understand the intent and consequence of hostile activity and mount an effective
response to mitigate its impact.

• Secure Systems Engineering: staff who are able to design, build and implement infrastructure and networks in a high security
environments and use that experience to advise others.

• Security Operations: staff who are able to monitor and interpret activity on networks to detect and identify anomalous or hostile
activity.

• Threat Engineering: staff who can develop and replicate attack techniques, or analyse compromised systems or malware, and
advise on attackers’ intent and capability and system vulnerabilities to those attacks.

Visit: www.pgitl.com
 Career progression reflects experience and role
TI DO GRC IR SSE SO TE
Levels 4+
Guiding Chief Consultant

Driving Consultant

Activating Expert

Level 3 Senior Specialist

Enhancing
Specialist

The competency Level 2 Junior Specialist

framework defines the Contributing
competencies required at Practitioner
each level in each stream
Joiner

Visit: www.pgitl.com
 A career takes different paths from role to role
• As cyber professionals build their skills and
experience, they become suited for different roles Expert GRC
Security
Ops
Threat
Eng
Cyber
Intel
IR Dev Ops
Secure
Sys Eng

• GRC specialists typically work in Internal Audit,

Governance, Strategy, Standards, Risk or Senior Specialist GRC
Security Threat Cyber
IR Dev Ops
Secure
Ops Eng Intel Sys Eng
Compliance teams throughout their career
• Threat Engineers usually start in SOC or IT Security
teams. They specialise as Penetration Testers or Specialist GRC
Security
Ops
Threat
Eng
Cyber
Intel
IR Dev Ops
Secure
Sys Eng
Malware Engineers as they become more senior or
diversify into Incident Response or Cyber
Intelligence roles
• Security Operations staff usually start in SOC or IT Security Threat Cyber
Junior Specialist GRC IR Secure Service
Security teams. They either specialise in forensics Ops Eng Intel Dev Ops
Sys Eng Mgmt

or diversity into Incident Response or Cyber

Intelligence roles as they become more senior.
• DevOps and Secure Systems Engineering specialists
Security Threat
often start in IT roles, before developing security Practitioner GRC
Ops Eng Dev Ops
Secure
Sys Eng
Service
Mgmt

specialisms in Network, Communications or

Infrastructure teams. They typically move between
these and more general IT Security roles as they Joiner GRC
Security
Ops
Threat
Eng
Service
Mgmt

become more senior.

Visit: www.pgitl.com
Training should match role, level and experience
TI DO GRC IR SSE SO TE

Level 4 Expert training

EXPERIENCE

Certifications required to perform Certified Expert roles Eg CREST Certified Incident

Handler/Penetration Tester
Level 3 Specialist training

Certifications required to perform Registered Specialist roles Eg CREST Registered Incident

Handler/Penetration Tester
Level 2 Practitioner training

Certifications required to perform Practitioner roles Eg CREST Intrusion Analyst

Hand/Penetration Test
New Joiner Assessment and Induction Training Practitioner

Visit: www.pgitl.com
Putting it all together
• Continual assessment against skills framework

• Remedial training to fix gaps

• Bootcamps rapidly develop basic skills and identify talent

• Allocation to career stream based on aptitude

• Tailored training plans

• Practical training: 25% theory, 25% demo, 50% practice

Over career:
• Accelerated hands-on experience: laboratory-based coaching 10% formal training
20-30% learning from others
• On the job training and mentoring 60-70% experience and practice
Visit: www.pgitl.com
The first three years: an example

Visit: www.pgitl.com
 Thank you
sebastian.madden@pgitl.com

Visit: www.pgitl.com