Plan BThe talent pool isn’t very deep at all.

Cybersecurity competency

Cybersecurity is a type of continuous improvement. This is true of all security planning, actually.

Cybersecurity competency demands social, interpersonal skills. A good cubersecurity expert attracts organisations, and the people who hold them dear; promotion simply doesn’t work:

Everyone already knows security is important:

  • No one leaves home with their doors wide open.
  • No one leaves the car in the parking lot without locking the doors.

What is there to promote?

The Talent Pool Is Shallow

The best cybersecurity expert is an educator. She (he) probably speaks at least two languages. This is important, for digital crime is transnational.

The world population is perhaps 7.5 billion. Fewer than 500 million people live in the Anglosphere (Australia, Canada, New Zealand, the United Kingdom, and the United States) — scarcely 7% of the world population.  The chances are superb that digital criminals speak a first language other than English.

Questions to Ask

  • Describe your experience with other, similar organisations. (It’s reasonable to assume they’ll have some or much enterprise experience but little or no SME experience.)
  • What is the single, most simple solution for our cybersecurity? (There isn’t one. If they suggest otherwise, move on.)
  • Have you a plan to keep everyone in the organisation well-informed and secure? (There is no way to plan this. None. Planning is crucial; a plan is useless.)

The Three P’s

Policy. Even the smallest organisation is now subject to a compliance framework. The distinction between compliance and law enforcement is basic, and your cybersecurity consultant needs to be aware of it. Cybersecurity expertise ideally includes policy analysis.

Procedures. How do you implement your compliance framework? Drafting policy is one thing. Implementing it is something else.

Planning. Cybersecurity is one type of security, and security is a type of continuous improvement. Threats change routinely. Plans don’t because plans can’t, so avoid plans and invest in planning.

One more rant

On Monday, June 25: Swimming In The Talent Pool. (This link opens a new tab in your browser.)