Dismantling Gatekeeping in Cybersecurity: Embracing Diverse Talents

The episode discusses the need to move beyond gatekeeping in cybersecurity, which often prioritizes coding skills over diverse talents. It highlights the importance of embracing individuals who have strategic vision, risk management expertise, and effective communication abilities, even if they lack programming experience. The host argues that cybersecurity is a complex, multidisciplinary field that requires diverse teams to solve its challenges. The episode calls on hiring managers and leaders to recognize and nurture a variety of skills within their teams, aiming to dismantle barriers and create more inclusive opportunities in cybersecurity.

00:00 The Importance of Diverse Talents in Cybersecurity

00:06 The Problem with Gatekeeping Based on Coding Skills

00:24 A Story of Overlooked Talent

01:11 The Need for Visionaries and Strategists

01:38 The Human Aspect of Cybersecurity

02:35 The Power of Effective Communication

03:40 Encouraging Diverse Skillsets in Hiring

04:06 Broadening Skills Beyond Coding

04:31 A Message to Aspiring Cybersecurity Professionals

05:00 The Future of Cybersecurity

05:40 A Call to Action for the Cybersecurity Community

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity

Speaker: 00:00:00

Maturing and cybersecurity means

understanding that we need diverse

2

: 00:00:03

talents to solve complex problems.

3

: 00:00:06

And today I want to talk about how

gatekeeping security engineering

4

: 00:00:10

rules based solely on coding ability.

5

: 00:00:12

Is holding us back.

6

: 00:00:14

It's why we're missing out on some

of the brightest minds who could be

7

: 00:00:17

designing world-class security solutions.

8

: 00:00:20

Even if they aren't ready to

write the code themselves yet.

9

: 00:00:24

So, let me start with a story.

10

: 00:00:26

So imagine a brilliant individual

who understands risk management

11

: 00:00:30

can identify vulnerabilities from

a mile away and has an incredible

12

: 00:00:34

vision for securing infrastructure.

13

: 00:00:36

They have understand how networks operate.

14

: 00:00:39

They grasp how attackers think, and

they know how to design robust layer

15

: 00:00:43

defenses, but there's one problem.

16

: 00:00:45

They haven't had the chance to

master Python or Java or whatever.

17

: 00:00:48

The programming language, a

specific job posting demands.

18

: 00:00:52

The unfortunate reality, many

companies overlook them because.

19

: 00:00:56

You know, I'll have a bullet point

about proficient coding skills.

20

: 00:01:01

Sure coding is important.

21

: 00:01:02

Writing scripts, automating

tasks, creating tools.

22

: 00:01:05

These skills can be extremely

useful in cybersecurity.

23

: 00:01:08

But they are not the

only skills that matter.

24

: 00:01:11

We need people who can

see the big picture.

25

: 00:01:14

Who can envision secure

systems from end to end.

26

: 00:01:17

We need architects, visionaries,

communicators, and strategists.

27

: 00:01:21

Without those people, our teams end

up building highly functional code.

28

: 00:01:27

Without a cohesive well-designed

strategy behind it.

29

: 00:01:30

And let me tell you why this matters.

30

: 00:01:32

When we gatekeeper based on coding, we

create barriers that prevent us from

31

: 00:01:36

building diverse and well-rounded teams.

32

: 00:01:38

Cyber security.

33

: 00:01:39

Isn't just a technical problem.

34

: 00:01:41

It's a human problem.

35

: 00:01:42

We need people who can sit down

with business stakeholders,

36

: 00:01:46

understand their needs and

translate that into secure systems.

37

: 00:01:49

We need professionals who

can work across disciplines.

38

: 00:01:53

Bringing together it

operations and compliance.

39

: 00:01:56

And yes, we need coders too, but they

aren't the only heroes in this story.

40

: 00:02:01

Think about some of the best

solutions you've seen in your career?

41

: 00:02:04

They probably didn't come from a

single person coding alone in the dark.

42

: 00:02:08

They came from collaboration

from someone saying.

43

: 00:02:12

What if we approach this differently

or how do we build a system

44

: 00:02:15

that addresses all the risks?

45

: 00:02:17

Not just the ones we

know how to code against.

46

: 00:02:20

Those questions often come from

people who think strategically.

47

: 00:02:24

People who understand security.

48

: 00:02:27

As a holistic discipline.

49

: 00:02:29

And coding skills can be learned.

50

: 00:02:31

But that kind of vision that takes

talent experience and perspective.

51

: 00:02:35

And let's not forget the power of

effective communication cybersecurity.

52

: 00:02:39

The ability to articulate security

needs a non-technical stakeholders.

53

: 00:02:44

Is just as important as

writing a flawless script.

54

: 00:02:47

Imagine someone who can walk

into the room full of executives

55

: 00:02:50

and explain in plan language.

56

: 00:02:52

Why a particular vulnerability matters and

what steps need to be taken to address it.

57

: 00:02:58

That kind of skill can make or break

the success of a security initiative.

58

: 00:03:03

It's not about how many

lines of code you write.

59

: 00:03:06

It's about how effectively

you can advocate for security.

60

: 00:03:09

In a world where not everyone

speaks the language of technology.

61

: 00:03:12

If you're listening to this

and thinking, yeah, that's me.

62

: 00:03:15

Right.

63

: 00:03:15

I know someone like that.

64

: 00:03:17

Then this episode is for you.

65

: 00:03:19

Let's stop measuring potential.

66

: 00:03:21

By how many lines of

code someone can write?

67

: 00:03:23

Let's recognize the people who can

architect solutions, who can see the gaps,

68

: 00:03:28

who can build secure designs, even if

they aren't the ones pushing the commits.

69

: 00:03:33

Let's celebrate those who can

visualize the forest and not

70

: 00:03:36

just the individual trees.

71

: 00:03:38

So, how do we change us?

72

: 00:03:40

Well, it starts with hiring managers.

73

: 00:03:42

To those of you who are hiring managers,

take a step back and ask yourself.

74

: 00:03:46

Are you building a team that's diverse

in skillset in thinking and inexperience.

75

: 00:03:51

Are you allowing candidates

to showcase their strengths?

76

: 00:03:53

Beyond coding exercises.

77

: 00:03:56

Maybe it's time to consider hiring

that candidate who impressed you

78

: 00:03:58

with their security vision, even if

they couldn't ACE the algorithm quiz.

79

: 00:04:03

And this change doesn't stop at hiring.

80

: 00:04:06

It extends into how we grow

talent within our organizations.

81

: 00:04:09

If you're in a leadership position.

82

: 00:04:11

Are you encouraging your team members to

broaden their skills beyond the keyboard?

83

: 00:04:16

Are you offering opportunities

for people to take on roles

84

: 00:04:19

that emphasize architecture,

communication, or strategic thinking?

85

: 00:04:23

We need to stop pigeonholing talent

based on where someone started.

86

: 00:04:27

And recognize where they could

go with the right guidance.

87

: 00:04:31

For those of you who are trying to

break into the field or trying to

88

: 00:04:33

move into security engineering roles.

89

: 00:04:35

I want you to hear this

not being able to code yet.

90

: 00:04:39

Doesn't mean you don't belong.

91

: 00:04:42

There are so many aspects of

cybersecurity that need your

92

: 00:04:45

insights, your ideas, and your skills.

93

: 00:04:47

Keep learning, keep growing and

don't let anyone make you feel like

94

: 00:04:50

you're less than because you haven't

written thousands of lines of Python.

95

: 00:04:55

You'll get there.

96

: 00:04:56

And even if you don't want to

code, there's still place for you.

97

: 00:05:00

Cybersecurity is evolving.

98

: 00:05:01

The threats we face are becoming

more sophisticated and the

99

: 00:05:04

stakes are getting higher.

100

: 00:05:06

To keep up.

101

: 00:05:07

We need diverse teams with diverse skills.

102

: 00:05:10

Teams made up of people who think

creatively, who can anticipate

103

: 00:05:14

the unexpected, who understand

both the technical details.

104

: 00:05:17

And the broader picture.

105

: 00:05:19

The future of cyber security depends

on is embracing all kinds of talent,

106

: 00:05:23

visionaries, architects, strategic bets.

107

: 00:05:26

Communicators coders analysts.

108

: 00:05:28

We need everyone.

109

: 00:05:30

If we're going to stay ahead

of the threats we face.

110

: 00:05:33

Let's dismantle the gatekeeping and build

teams that reflect the true diversity

111

: 00:05:37

of what it means to secure our world.

112

: 00:05:40

I want to challenge you today, whether

you're a hiring manager, a team lead, or

113

: 00:05:44

an aspiring cybersecurity professional,

or someone who's just passionate

114

: 00:05:48

about making our industry better.

115

: 00:05:50

Challenge the norms.

116

: 00:05:52

Ask yourself.

117

: 00:05:53

If you're doing enough to break down the

barriers, to create opportunities and to

118

: 00:05:57

bring in voices that aren't being heard

right now, because in cybersecurity,

119

: 00:06:01

the more perspectives we have.

120

: 00:06:03

The stronger we become.