Training & Certification

Training & Certification
How much should aspiring leaders invest in continuing education?

Top Answer: When your learning ability increases, so does your earning ability. Many people think that once they become an MBA or engineering graduate, they don't have to invest going forward. But if you keep investing some percentage of your income on upgrading your skills, you will be able to build a better career. 

What advice would you give aspiring CISOs who want to accelerate their career?

Top Answer: In the public sector, you can expect that your employee base will listen to whatever you say, because that's part of the DNA when you’re in government. If a security professional or executive says, “Don't click here,” then people won't because they know there are repercussions. That dynamic doesn't exist in the private sector. In that context, when you tell people, “Don't click here,” some will quickly say, “Why not?” So you have to learn how to tactfully navigate that difference.  But regardless of the context, having an overall balance between technical prowess and business acumen is critical. You need technical skill to perform strong, protective work and you need business acumen to deal with the C-suite and the board. If you don’t yet have that balance, you need to fill the gap so that you can be as close to the middle as possible. You can do both, but you have to put in that extra effort. You need to have the respect of your technical team members and if you're purely business-minded, you'll never get it. They'll know that you didn't come up through the ranks. I have no problem spending a weekend writing code if that's going to help my team. Much of the cybersecurity industry has become about buying and implementing products without a technical understanding of how they operate.

Related Tags
Leadership Under PressureLeadership Under Pressure

Leadership pressure: What are the causes and how do leaders cope, especially during a generational crisis such as the COVID-19 pandemic?

How can you fast track your career?

Top Answer: Regardless of what stage you’re in, anyone working in a corporation needs to understand that a career is not only about getting the first job. And it is not about how much time you spend. What matters most is how you convert that time into real experience. When people reach the second half of their career, they may aspire to be VP or C-Suite, and that is the most challenging part. They are often unable to achieve that success because of mistakes made in the first half of their career. In the first five or 10 years, for example, you should focus on learning, not earning. When someone has the top position, it’s because they have done something different from their colleagues. They recognize that the most important and valuable asset they have is their learning ability. You have to continuously upgrade your knowledge. If you don’t, you will not be able to succeed in this competitive market. It’s all about how you invest your time and money. Both can either be spent or invested. Time and money spent can never be recuperated, but when they are invested you will get a return. To fast track your career in a sustainable way, you should invest at least some percentage of your income on upgrading your knowledge.  The most successful people in any field view themselves as self-employed, regardless of the organization. The employee mindset is different. Even if you are not the owner of the company, if you work as though you are, your work will be more effective. So you have to lose the employee mindset, which is not easy in the early stages of your career. You also need to know exactly what you want. If you want to become the CEO of a company, that clarity has to be there. And then you have to figure out how much you are willing to pay to achieve that goal: Are you willing to create goals around that?

How are you thinking differently about developing your teams in a hybrid or remote work environment?

Top Answer: I've encouraged my teams to book training vacations. I tell them to take two days, block their calendar and just focus on development. I support them in defining what that plan looks like and I’m trying to do that at the beginning of the year so that they get those dates on the calendar at least once a quarter at a minimum, but once a month, if possible. That way they have time to focus on the things they want to improve, whether those are soft or technical skills. We make that an OKR for them because as they are improving their own skillset, that's value going back to the organization. This may be more applicable to the hyper growth space, but it's so easy to get locked into 12 hour days where you're just trying to pump out code, or an implementation. Then you have a team of burned out people who have no energy to take on the next thing. But at that point you've invested two to three years and they've got all of this tribal knowledge that they're just going to go take some place else. So I’m trying to get ahead of that by constantly letting them know that I support their development; I’m having these conversations almost to a degree that I never thought I would. 

What are the metrics you use when building out or training up staff?

Top Answer: In the startup world the metrics are whatever milestones you put in front of your board. Then it’s just a matter of whether you are hitting them collectively as an organization, because at that point the team's still small enough that you're all contributing to that in a direct way. 

Do you currently have a security awareness training program for internal employees at your organization?

Top Answer: We have had one for years but had difficulty enforcing it due to contracts. It has since been added to the bargaining agreements for most of our unions. It is now required but workers are able to conduct the training during work hours, rather than worrying about being expected to do it on their own time on top of their full time duties.

Is career development an ongoing conversation at your organization, or just an annual process?

Top Answer: It needs to be an ongoing conversation. Annual reviews are too infrequent, and it has to be way more often than that. I talk about career development with my staff during every one-on-one, so I'm always in tune with where the business needs are and how we can align that with what people are trying to achieve for themselves. I'm a strong advocate for those development goals and my team members are thankful to have me moving the needle forward without them having to ask.

What’s your approach to training up new hires?

Top Answer: I'm using a third-party vendor for training called Immersive Labs. If you want to be a tier one analyst, they’ll tell you the skillset that they think you need to have. If you want to be a tier two analyst or a SEI CERT person, you get the skillset and the training classes to go along with it. Folks can add these training classes and labs to their repertoire, so we found them to be really compelling. I’m on an insourcing journey so I also have a consulting firm to help me make sure that I'm doing it right. And hopefully I have the right staging levels to ramp them up so that I'm not double dipping on the money. I have funding for the outsourcing through sometime next year, so the hard part will be ensuring that my new insource people are ready to go by the time that funding runs out.