In the world of SAST, DAST, Secrets Scanning, SBOM and the list of tooling and technologies goes on, the most impactful tool in any organization’s arsenal is the workforce. The workforce is what wields the technologies used as part of digital transformation. The workforce is what ultimately determines the impact of any modernization and innovation efforts. Cyber Workforce Development is a topic getting attention at the highest levels of government. Just this month, the White House and National Cyber Director hosted their National Cyber Workforce and Education Summit. The event focused on building our Nation’s cyber workforce, improving skills-based pathways to cyber jobs, educating Americans so that they have the skills they need to thrive in our increasingly digital society, and improving Diversity, Equity, Inclusion, and Accessibility (DEIA) in the cyber field.
In this article, we will discuss some examples of keeping workforce development front and center in an organization’s attempt to adopt DevSecOps and drive effective security and digital modernization.
Organizations are full steam ahead on adopting technologies such as cloud, Kubernetes, Containers, and more. However, as part of that adoption, the workforce must be equipped with the requisite knowledge, skills, and abilities to make these technologies effective. While traditional degree programs have long been a mainstay in the workforce development arena, with many organizations offering tuition assistance or reimbursement programs (often in exchange for agreements to stay with the organization for some time), organizations are now increasingly turning to alternative forms of learning and development.
One area that really has taken off is the use of digital learning platforms. Companies such as PluralSight, ACloudGuru, LinuxAcademy, and Udemy have become wildly successful and popular within the digital workforce. Organizations are purchasing subscriptions for teams or even entire companies to get access to these organizations’ vast catalogs of courses and training. As an example of their success and the raving market adoption, ACloudGuru earned over $100M in their first five years of business, which led to their acquisition by PluralSight.
Organizations are also rallying around the concept of “Communities of Practice” (CoP). A CoP is typically defined as “a group of people who share a concern or a passion for something they do and learn how to do it better as they interact regularly.” This is taking place within organizations but also across entire industries.
Some of the most notable examples include the Department of Defense (DoD)’s DevSecOps Community of Practice (DSoP). This group has been meeting for nearly a couple of years at this point and includes stakeholders from across the entire DoD. Its meeting topics have included everything from API Security, System Authorizations, Software Bill of Materials (SBOM), and more, just to name a few. All of its meetings are recorded and available on their website. These recorded meetings are an awesome learning resource and an example of a community rallying together to foster widespread learning and development.
Another excellent example of not just learning and collaboration, but also transparency, is the Center for Medicare and Medicaid (CMS)’s “CISO Forum Ask Me Anything.” During these sessions, the CMS CISO, Robert Wood, often along with his deputy, make himself available to the CMS community to answer questions, hear concerns, and also raise awareness around critical cybersecurity initiatives and activities within the agency. The talks also touch on career growth, industry trends, and relevant technologies.
In an organization of several thousand federal employees and tens of thousands of contractor support staff, with over 10 regional offices and a robust distributed workforce, this level of transparency and openness is incredibly refreshing. It isn’t common for a C-Suite cybersecurity leader to be available for uncanned questions, critiques, and inquiries in an open forum at an organization of this size on a regular basis. For this reason, Robert Wood is a security leader I really respect and know many others in the ecosystem feel the same.
Security is often seen as an obscure or secretive activity, and transparency of this level breaks that misperception, which aligns with the broader push of breaking down silos in DevSecOps.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:
CISO
Aquia
Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.
Contact Chris Hughes …
Comments are closed.
Type above and press Enter to search. Press Esc to cancel.
jQuery(“.mo_btn-mo”).prop(“disabled”,false);
function mo_openid_on_consent_change(checkbox){
if (! checkbox.checked) {
jQuery(‘#mo_openid_consent_checkbox’).val(1);
jQuery(“.mo_btn-mo”).attr(“disabled”, true);
jQuery(“.login-button”).addClass(“dis”);
} else {
jQuery(‘#mo_openid_consent_checkbox’).val(0);
jQuery(“.mo_btn-mo”).attr(“disabled”, false);
jQuery(“.login-button”).removeClass(“dis”);
}
}
var perfEntries = performance.getEntriesByType(“navigation”);
if (perfEntries[0].type === “back_forward”) {
location.reload(true);
}
function HandlePopupResult(result) {
window.location = “https://accelerationeconomy.com/wp-content/plugins/dac/public/sso-helper.php”;
}
function moOpenIdLogin(app_name,is_custom_app) {
var current_url = window.location.href;
var cookie_name = “redirect_current_url”;
var d = new Date();
d.setTime(d.getTime() + (2 * 24 * 60 * 60 * 1000));
var expires = “expires=”+d.toUTCString();
document.cookie = cookie_name + “=” + current_url + “;” + expires + “;path=/”;
var base_url = ‘https://accelerationeconomy.com’;
var request_uri = ‘/cybersecurity/why-cyber-workforce-development-is-critical-for-effective-security/’;
var http = ‘https://’;
var http_host = ‘accelerationeconomy.com’;
var default_nonce = ‘0f02e54e12’;
var custom_nonce = ‘fc10e82553’;
if(is_custom_app == ‘false’){
if ( request_uri.indexOf(‘wp-login.php’) !=-1){
var redirect_url = base_url + ‘/?option=getmosociallogin&wp_nonce=’ + default_nonce + ‘&app_name=’;
}else {
var redirect_url = http + http_host + request_uri;
if(redirect_url.indexOf(‘?’) != -1){
redirect_url = redirect_url +’&option=getmosociallogin&wp_nonce=’ + default_nonce + ‘&app_name=’;
}
else
{
redirect_url = redirect_url +’?option=getmosociallogin&wp_nonce=’ + default_nonce + ‘&app_name=’;
}
}
}
else {
if ( request_uri.indexOf(‘wp-login.php’) !=-1){
var redirect_url = base_url + ‘/?option=oauthredirect&wp_nonce=’ + custom_nonce + ‘&app_name=’;
}else {
var redirect_url = http + http_host + request_uri;
if(redirect_url.indexOf(‘?’) != -1)
redirect_url = redirect_url +’&option=oauthredirect&wp_nonce=’ + custom_nonce + ‘&app_name=’;
else
redirect_url = redirect_url +’?option=oauthredirect&wp_nonce=’ + custom_nonce + ‘&app_name=’;
}
}
if( 0) {
var myWindow = window.open(redirect_url + app_name, “”, “width=700,height=620”);
}
else{
window.location.href = redirect_url + app_name;
}
}
Connect with
Login with Google Connect with
Here you will find a wealth of information created for people that are on a mission to redefine business models with cloud techinologies, AI, automation, low code / no code applications, data, security & more to compete in the Acceleration Economy!
