Cybersecurity is changing rapidly. New and bigger threats are constantly emerging on an ever-expanding attack surface, and there aren’t enough people to fill vacancies.
Because of this, “not all organizations are hyper-focused on the topic of diversity and inclusion,” said MK Palmore, director of the Office of the Chief Information Security Officer at Google Cloud. The register.
“As an industry, we cling to finding people who have been there, who have done this, and we want talent to jump in and get going,” he continued. “We need to slow down a bit and broaden the lens on what represents new talent to bring onto the pitch.”
This requires investing money and human resources in training people who don’t come from a traditional infosec background, but Palmore said the payoff is worth it for several reasons.
First, there is the well-documented labor shortage of approximately three million people. The security skills gap is not going to close unless organizations hire people outside of the existing cybersecurity workforce. “We can’t keep shipping people from company to company,” he said.
Additionally, diverse people bring different perspectives and ideas on how to solve problems. The infosec community — still predominantly male (76%) and predominantly white (72%) — needs diversity to produce better results, Palmore said.
If we don’t understand the importance of diversity, we will continue to fail
“If your contribution continues to be a singular goal or a monoculture, or generally comes from the usual circles, you can expect the same results,” he added. “It’s imperative that the cybersecurity industry continues to grow and thrive, and if we don’t understand the importance of diversity, we’re going to continue to misfire instead of ensuring we can get ahead of our opponents. “
To that end, Google Cloud recently partnered with Cyversity, a nonprofit that seeks to attract more women and underrepresented minorities into infosec jobs. Palmore also sits on Cyversity’s board of directors. And with the SANS Institute and Palo Alto Networks, the organization and cloud giant announced the Cyversity SANS Diversity Academy, which will provide free education and training with the goal of placing approximately 200 women and underrepresented minorities in jobs. of cybersecurity.
Women of all ethnicities as well as Black, Latino and Native American men can apply to participate in the six-month program until November 23.
This mission is also personal to Palmore, who came to Google and in a CISO role, coming from a non-traditional background.
From FBI to Google Cloud Bureau of CISO
Palmore grew up in Washington, DC, and after high school he attended the US Naval Academy, which he had long dreamed of. After college, he served in the Marines for five years, then joined the FBI.
“I showed some interest in the FBI at a local office in San Diego, and they jumped at the chance to recruit and bring in an African-American Marine Corps officer who graduated from Annapolis,” Palmore said. .
The FBI assigned Palmore to the Los Angeles Field Office, where he “worked all the traditional cases” assigned to new agents like bank robberies and domestic terrorism. It wasn’t until he moved to the Sacramento division that he worked on his first cybersecurity case.
“It was in the mid-2000s, and the FBI was figuring out how the internet and technology was being used for terrorist communications,” he recalls. “I had a pretty average terrorism case assigned to me.”
By “medium”, he means that the technology used by the terrorists was complex, but that the case itself was not very publicized. “But because it had such a huge technological component, it ignited a fire in me,” Palmore said. “I understood that this field which had always interested me and in which I wanted to enter was accessible to me thanks to my experience as an investigator at the FBI. So it opened a whole new door for me.”
After that, he started taking all security training courses authorized by the office and working more on cybersecurity related cases in the field.
Palmore retired from the FBI in 2019 after spending more than 32 years in the US government and got a job with Palo Alto Networks in a CISO advisory role. It made the jump to Google Cloud last year.
“Go where the diverse talents are”
At Google, he spends a lot of his time chatting with CISOs from other organizations. Clearly, cloud security is a frequent topic of discussion. Diversity and inclusion — how to hire and then retain women and minorities — should get equal airtime, Palmore said.
Instead of waiting for workers to find the industry, “you have to go to where the diverse talent is and make them realize there’s an opportunity out there for them,” he said. . “When I say go where they are, I’m talking about college-level people who are women and underrepresented minorities who might never have considered a career in cybersecurity. I’m talking about people transitioning from mid -careers who are looking for a new opportunity in an industry that represents growth and is going to exist for a significant number of years. That is cybersecurity.”
Within the industry, there are enough “subfields” that don’t require coding or software development experience, he added. “Part of the challenge is that we just have to do a better job of exposing people to the opportunity and then training them.”
The Diversity Academy opens its doors
This is where the Cyversity SANS Diversity Academy comes in. Applicants must be at least 18 years old, not currently employed in a cybersecurity position (other IT jobs are acceptable), and have residency status in one of the following three regions: North America, South America or Europe, the Middle East and Africa.
Selected participants will receive a scholarship to complete at least one training course, as well as certification, at no cost. The first phase of the six-month program includes vendor training, where candidates have access to Google Cloud and Palo Alto Networks training. Candidates selected for Phase Two will complete SANS’ SEC275 Basic Training course and receive GFACT certifications. And finally, those who progress to phase three will complete more advanced SANS courses and receive GIAC certifications.
SANS offers several other similar “immersion” academy programs that provide technical training and claims that 90% of graduates land new cybersecurity jobs within six months of completing the programs.
The training organization partnered with Cyversity on a pilot program limited to California before rolling out the larger Diversity Academy, said Max Shuftan, director of mission programs and partnerships at SANS.
“What we hear when we talk to customers, it hurts them when teams aren’t diverse,” Shuftan said. “It makes their culture weaker and less strong. As a result, they have retention issues, they have recruitment issues. And with those vacancies, they’re more prone to threats and violations.” ®