VP and CISO at Cisco Systems Steven Martino gives advice on how companies can build their security programs for the long-term.
Cisco recently conducted a cybersecurity survey that found "the lack of trained personnel was one of the biggest obstacles" to companies trying to create security organizations, Steve Martino, VP and CISO at Cisco Systems said.
Martino spoke with TechRepublic's Dan Patterson about effective tactics for hiring and training the right tech talent, and how to build a security-first environment into their workplace.
Companies need to recognize they can't build their own cybersecurity organizations. They must teach and empower the people they do have, Martino said. For example, Cisco created a 5-level program to train developers in security practices.
SEE: IT leader's guide to Agile development (Tech Pro Research)
"We teach them how to do their work correctly," he said.
He also stressed the importance of creating a co-teaming environment with DevSecOps. Security teams can implement and develop code that other teams can quickly use. You're teaching people how to do things securely, and you're giving them code to help them be more productive, he said.
Unfortunately, there isn't a short-term quick fix for battling the tech talent shortage while trying to move a company's security program forward. However, Martino suggests teaching IT people and training them with security programs.
In the future, when employers are building their talent strategy they should base it around:
- What kind of talent do I already have?
- What level of competency do I have?
- How do I augment that?
- How do I build it for long term?
Before hiring new tech talent, Martino says to look for people that are inquisitive, ask questions, and understand how computers and networks work.
SEE: IT leader's guide to the threat of fileless malware (Tech Pro Research)
"People that want understand the puzzle. How it works, why it works that way— those make great security people because we're always looking the problem from another perspective anyway," he said.
"You don't always need 10 year, 20 year veterans. You can bring in the young talent that is thinking differently."
- 50% of companies still in process of implementing DevOps, report says (TechRepublic)
- Prevention is a key defense, says chief of UN Global Programme on Cybercrime (TechRepublic)
- Veteran startup founders explain how to build and grow your company (TechRepublic)
- How Pivotal Software is transforming the enterprise with Valley values (TechRepublic)
- How publishing platform Ghost plans to save journalism (TechRepublic)
- Medium is huge: Why publishers are betting big on branded social content (TechRepublic)
- How Squarespace became a multimillion dollar publishing giant (TechRepublic)
- Report: 40% of employers worldwide face talent shortages, driven by IT (TechRepublic)
- Interview with a hacker: S1ege from Ghost Squad Hackers (TechRepublic)
- Five essential cybersecurity podcasts for IT professionals (TechRepublic)
- Tech's gender gap is getting worse, not better, report says (TechRepublic)
- Predictions 2017: A year of action (ZDNet)
- Think big, start early to close gender gap in science (CBS News)