Cybersecurity: the current state isn’t great. Underappreciated, understaffed, underfunded — the usual issues we all know so well.
How can we address the prevalent trials in the industry and make positive changes moving forward?
Our guest, Joshua Brown, CISO at H&R Block, has been in IT for 25 years.
It’s safe to say he knows his way around the landscape of cybersecurity. Joshua shared his view on how to adapt to change, train the next cybersecurity leaders, and revitalize processes.
Join us as we discuss:
Ready to go down the rabbit hole with this episode’s expert guest? Let’s dive in.
Philosophy and challenges
Joshua is not your average IT guru. Armed with a Masters in Philosophy and Ethics from Georgetown, he was pursuing his Ph.D. when he heard the siren call of technology.
He’s a savvy author with a gift for making dense cybersecurity topics sparkle. An entertaining conference speaker and music lover, he’s dedicated to inclusivity in the tech world.
His non-traditional academic background offers some unique advantages. Many industry bigwigs come at IT from different directions, not necessarily with a degree in computer science. With the massive staffing shortages currently facing us, all expertise is valuable.
Especially when the good guys are getting their butts kicked.
The missing link
While there’s a forest of cybersecurity tech, we’re missing the rangers to drive these initiatives. Joshua drops the bombshell that there are over 800K open positions currently. We just don’t have enough people to fill these vital defensive positions.
“They only have to be right once,” he adds, “we have to be right all the time.”
The good guys also have limited budgets as well as limited power, and some of our adversaries are practical supervillains with every advantage.
Joshua has a positive view of the future, however. He believes the wheels are in motion for a surge of cybersecurity wunderkinder.
To keep nurturing this growth, he warns, this industry as a whole has to modernize recruiting, mentorship, and eradicate the tendencies toward gatekeeping and classism. The proliferation of online education lets the agile-minded learn what they need to be effective cyber warriors — without onerous student loans and antiquated degree programs.
When Joshua is hiring (and he currently is), he looks for two main characteristics:
And obviously, you need a sense of humor to work in this field. Cyber nerds might not want to interact with people, but they definitely have to care deeply about their online safety.
Processes and leadership
Information Security has an interesting history. Joshua believes that the hierarchy of your organization’s tech team can have a big effect on your overarching operating strategy, and eventually, your success.
Smart companies have learned that “information security is not a technology problem, it’s a business problem.” If you’re not giving your security leaders a seat at the table, you’re lacking vital insights.
How can you reach alignment and mitigate the risks?
Of course, data is king and numbers are awesome.
But if you’re not using the metrics that matter to measure outcomes, then you’re doing a disservice to the business. Outcomes are what help you make better decisions for the future.
Analyzing what kind of outcomes you’re seeing and why lets you budget with far more accuracy and effectiveness. An actionable grasp of your data also helps you attract and retain top talent.
A shift in the balance of power
Joshua prefers to think of the Great Resignation in a more positive light — the Great Upgrade.
Employees are finally getting more power over their futures, more compensation, more flexibility, and more fulfillment. It’s a good thing for everyone.
His company is focused on sourcing budding cyber pros, but they don’t have to be young. It’s often diverse and experienced workers in their 2nd or 3rd careers like ex-military or former healthcare professionals that are most effective. He’s looking for potential, intellect, hunger.
“When you’re building a team,” Joshua advises, “you want diversity of thought to help solve tough problems.”
At H&R, there’s a new program called Accelerate which offers crucial education, mentorship, and pathways for associates to become full engineers.
The fresh energy and ideas of the participants are kickstarting innovation and building people-powered initiatives for the upcoming cybersecurity battles.
Still itching for more IT strategy and tactics? You can find this interview and many more by subscribing to Groovers Talk Tech on Apple Podcasts, Spotify, Google or here.
Listening on a desktop & can’t see the links? Just search for Groovers Talk Tech in your favorite podcast player.
Questions? firstname.lastname@example.org or chat below.