| | DECEMBER 20249CIOReviewGROWING CYBERSECURITY TALENT ON A BUDGETGrowing your SeedsAfter the hiring process, training becomes paramount. First, basic cybersecurity training should occur immediately if the candidate has no cybersecurity experience. At this stage, simple video streaming training providers can provide much value. In parallel, team training must take place. These need to be ongoing every week, tapering from 8 hours a week in the beginning down to 2 hours after a few months. If the existing team is already large, this would spread the load among team members. The candidate's workload must be valued weekly to ensure that the knowledge acquired is solidified by practice and confidence is steadily gained and stacked.Growing EnvironmentCreating an environment conducive to talent growth requires organizational readiness. First, standardized processes and comprehensive documentation streamline operations, striking a delicate balance between clarity and practicality.Second, a balance between individual and collective experience must be achieved. Each team member should be able to use all of the team's tools, but each member should be a custodian or a subject matter expert in at least one of them. This balance ensures that team members are generally uniformly effective but remain uniquely valuable. This approach fosters a culture of knowledge-sharing and accountability and empowers team members to contribute meaningfully to cybersecurity initiatives.Training the team by the team itself sounds like a taxing mission, but other team members pass on what they have experienced firsthand after the first generation of core members is established.Finally, automation can significantly shorten the time it takes for a new resource to be effective. A drop-down response list in a Security Information and Event Management SIEM system for a specific threat is much easier to remember than a list of steps to take and conditions to assess when that threat occurs.In summary, cultivating resources from seeds demands significant time, effort, and the establishment of a conducive environment. However, the long-term benefits are substantial--it fosters cohesive and resilient teams with reduced turnover. Moreover, this approach ensures a sustainable budget for CISOs and security leaders, enabling them to strategically expand cybersecurity operations and engineering where it matters most in this ever-changing landscape. Cultivating resources from seeds demands significant time, effort, and the establishment of a conducive environment. However, the long-term benefits are substantial--it fosters cohesive and resilient teams with reduced turnover
< Page 8 | Page 10 >