Needed: A succession plan for the next generation of cyber defenders

Among the most popular cyber topics on Twitter recently were posts about cyber training and the skills required to be an effective cyber leader. 

In response I received multiple emails about cyber training in the corporate environment. When you take into account the amount of critical infrastructure owned and/or operated by the U.S. defense industry, the issue of cyber training is clearly emerging as a central issue..

Hence, we need to start thinking about a mentoring program that transfers skills from today’s cyber experts to the next generation of security specialists.

Most cyber professionals have finely honed technical skills required to be effective in an increasingly harsh environment. As cyber threats grow, however, those skills are not enough!

According to a recent report, cyber threats are the No. 3 concern of CEOs and board-level executives. Supporting that finding is another report that found nearly 70 percent of C-level executives worry about their organization’s vulnerability to cyberattacks. 

Given those realities, an additional skill set is now required. Many cybersecurity leaders have more than 10 years of experience, some have advanced to senior positions such as chief security officer, chief information security officer or director of information security. While technically proficient, these individuals often fall short in other areas.  Recruiting and managing a staff, creating and managing budgets and, most of all, effective communications with non-technical managers are common and critical activities for the CISO. 

Speaking of communication skills, many information security officers could also benefit from a PowerPoint class that includes presentation skills.

Along with these skill gaps, I would also include a lack of experience in dealing with international regulatory issues related to cyber defense, an area of growing importance for global businesses. 

The private sector plays a critical role in U.S. defense as a supplier for much of the nation’s critical infrastructure. With an aging U.S. workforce and many of our senior cybersecurity professionals contemplating retirement, succession planning is a must for businesses as well as DOD and other federal agencies.  

The first step in this process should be a mentoring program to train the next generation of cybersecurity leaders. Such a program should focus on lessons learned and the evolving nature of the cyber threat. The sooner we begin this process, the better.