Solution Spotlight on the 2024 NICE Conference Keynote: A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career.
Liz Stokes: [Music] Hello, everyone, and welcome to this special edition N2K Cyberwire Podcast. In this featured solution spotlight episode, N2K President Simone Petrella is talking to Deneen DiFiore about her upcoming keynote, her history with NICE, the importance of prioritizing cyber talent, and how stakeholders can more effectively address the cybersecurity skills gap.
Simone Petrella: So, Deneen, so excited to have you here today, and incredibly excited to hear that you'll be keynoting the NICE conference in June in Dallas.
Deneen DiFiore: Yeah, thanks for having me. I'm very excited about talking to you today and also about the conference. It should be a wonderful event.
Simone Petrella: Now, to kick things off, I did a little bit of digging, and I see that you are not a newbie to the NICE conference. You have definitely been part of it in the past. But what first brought you into NICE's orbit, and why do you think it's important for the industry to prioritize cyber talent and workforce?
Deneen DiFiore: Yes. So I first, you know, became aware and involved in the NICE efforts a few years back, and that's really because, you know, we have a significant problem with attracting and retaining and, you know, just kind of developing our cybersecurity workforce in pace with the threats, evolution, the digital dependencies and kind of the state of organizations and businesses today. So I was really looking for a way to help shape kind of the initiatives and influence and provide a framework, right, for myself and organizations to be able to help with that issue.
Simone Petrella: Yeah. And I think for context, would you be willing to share a little bit about your own personal journey into cybersecurity, and how has that kind of shaped your viewpoints as you look at the future of talent here?
Deneen DiFiore: Sure. So I am not a, I'll say, a computer science or cybersecurity educated by a school or school. I actually have a biology degree. So I got into technology and cybersecurity because of my experiences and kind of being there probably at the right time, right place at the right time. I mean, not discounting all the hard work that I put in. But, you know, I had the opportunity to be in the -- when cybersecurity was kind of evolving and becoming its own expertise and domain to kind of grow up in that way and shape my skill sets and approach to cybersecurity. So, you know, I had the, I'll say the aptitude and desire to learn. And I, you know, at that time, back when I was doing this, there wasn't cybersecurity degrees, right? There wasn't, you know, a big framework or, you know, programs and curriculums to be able to be a cybersecurity professional. So it was really kind of making, you know, my experiences and transferable skills into something that would work for the situation and jobs and roles that I was in.
Simone Petrella: Yeah. No. I have to ask, because you brought up your background and your degree in biology, and I've been in cybersecurity for 15 years, and I'm an international relations major, so --
Deneen DiFiore: Sure. Yeah. >> Simone Petrella:-- I'm in the same boat. But, you know, what is your kind of advice or take when you talk to other peers or employers where now there's so much focus on finding people who either have a cybersecurity background or specific degree? And I often kind of wonder, like, are we losing something if we limit ourselves to now only looking at people that come from that very limited background because I've worked with some people who have biology degrees -- Yeah. >> Simone Petrella:-- and history degrees and music degrees. Right. Right. Right.
Simone Petrella: And, you know, it's kind of created this, like, amazing diversity of thought. And I sometimes worry, [laughter] like, what are we doing?
Deneen DiFiore: Right. I agree.
Simone Petrella: Are we looking for the cyber degrees?
Deneen DiFiore: Yeah. And I think, you know, I agree with you. I think we have to cast the widest net to get the best talent across, you know, many diverse backgrounds and experiences to address the skill set gap and the resource needs that we have across, you know, the cyber security industry. So, you know, someone took a chance on me and gave me that opportunity. So I definitely want to figure out a way to pay that back. Right? And make sure that those opportunities are available for folks that do have desire and potential and enthusiasm for getting into this field. I also think, you know, cybersecurity, you know, I am in the same time frame as you. You are 15, you know, about 15, 19 years, 15 years in cyber particularly. And it still is nascent compared to, you know, engineering disciplines or computer science disciplines, or, you know, even, you know, accounting or financial disciplines. Right? There's years and years and years and years of frameworks and approaches and standards that go into how you do that job. We're still figuring it out. Right? So I think allowing people with that potential and even transferable skill sets, because context matters. If you know how the organization or the business operates in whatever particular domain, you may be a procurement or third party, you know, third party procurement analyst, risk analyst, you probably could come into cyber very easily with that risk management, supplier vendor risk management hat on and learn the specific skills around cyber. And you just add that to your, you know, add to your toolkit and be able to perform well. So being able to cast that net pretty wide, leverage potential and different experiences and bring that back into cyber, I think is, you know, a recipe for success. And I know a lot of organizations are starting to do that now.
Simone Petrella: Yeah. I love that perspective, especially I would imagine in the aviation industry where it's just, you know --
Deneen DiFiore: Yeah.
Simone Petrella: -- such a different business context and, you know, would you be willing to share some of like, how are you guys thinking about those types of initiatives within United? And how do you overcome the balance or the need of, you know, you want the experience in those roles, but then if there's not enough, you kind of have to put in the time to maybe take someone who has the business context and perspective, but then teach them how to be successful in a cyber role?
Deneen DiFiore: Yeah. So we've leaned into that at United and we have an overall, an overarching strategy at the business level, right, to whether it be, you know, attracting talent and training folks to be a pilot, right, and giving them the training and skill sets and experiences they need to grow in that expertise and then come on to United. We have programs like that and we have one particularly in digital technology. It's called Innovate. And there's a cyber Innovate pathway in that program. So we're able to bring not only just entry, you know, entry level or college graduates into that program, but say a mid-career person that, you know, worked in airport operations or in tech ops engineering and has a desire to learn the cyber skills. We bring them into that program and they get rotations, you know, in different domains of cybersecurity and technology. And then they're able to also pair that experiences with training, you know, technical training and skills mastery. So we give them, you know, whether it be course training online, you know, online or in instructor led training. And then we also provide a chance to get them credentialed and certified in some, you know, in some of the different cybersecurity certifications. So they're getting that experience and they're also gaining and proving their capability and competency across, you know, several domains in cyber. And then when they're through that pathway, they're able to roll off into a, you know, full time role at United. And they not only know the domain, but they know the organization and our priorities and they're able to navigate that first job in cyber a lot better or more successfully than they would kind of coming in cold.
Simone Petrella: Yeah.
Deneen DiFiore: So we had, you know, a lot of success with that and we're going to continue to expand and leverage and grow that program and concept.
Simone Petrella: Yeah. Well, the theme of this year's conference is strengthening ecosystems and aligning stakeholders to bridge the cybersecurity workforce gap. And you've you kind of talked a little bit about what United is doing. What stakeholders are you really -- did you have to or do you have to consistently coordinate with to kind of make a program like what you're describing successful?
Deneen DiFiore: Yeah. So I mean, this is a commitment, you know, at the I'll say the highest levels of the organization across the, you know, because technology and cyber are considered critical skills to keep United, you know, competitive, innovative and, you know, in our case, secure and protected. So, you know, we have a cross-functional group that works together with HR, with government affairs, with, you know, community outreach, diversity and inclusion. Right? And the technology experts to kind of put a comprehensive approach and consider all aspects. We just don't really look at it at a, like, just as a talent pipeline. Right? I mean, that's a benefit of what we're trying to do. But it's really a testament and our commitment to fostering that skills development, [music] bridging skills gap in an increasingly competitive market, right? Job market and cybersecurity. There's like zero unemployment with traditional talent and non-traditional talent. So we're really committed to that. [ Music ]
Simone Petrella: We'll be right back. [ Music ] I talked to folks from a lot of different organizations, and I feel like the answer always is a very wide spectrum of, you know, this is top down, we have all this great buy in. You know, what advice do you have for those who feel really strongly about the issue, but maybe have not been able to form a dedicated and committed group within the organization that's kind of focused on that? Like, how do you kind of tell your, you know, like CISO peers, like, this is important and you kind of have to advocate for it and maybe get some other people bought in?
Deneen DiFiore: Yeah. And I think, you know, there are different programs, whether it be, you know, something like Year Up or a program like that in individual communities that, you know, organizations that don't have a, you know, a talent pipeline, you know, initiative or a strategic skills, you know, development program at a company level, if it's just their department or they're trying to figure out a, you know, how to solve their particular problem in their organizations. I would say definitely reach out to the community. There's apprentice, you know, apprenticeship programs that are being sponsored by, you know, even some of the government organizations as well to leverage that. And you can start small, you know, see if that's successful. And then, you know, once you get that that kind of going, then you'll be able to demonstrate that success and probably gain buy in, right, to do something a little bit more scalable in your organization. And I would also say, too, is if you're an organization and maybe you don't, you know, you're trying to recruit a handful of or fill gaps with a handful of cyber roles, look for, I'll say, opportunities with your peers, because, you know, it could be partnering with the engineering organization or with the IT organization or with whatever field service, whatever it is in your context that might have the same type of needs. But you can get pull from the same type of resource pool, right, to accomplish and what you're all trying to do there.
Simone Petrella: Yeah. With the, you know, the dynamic with NICE, and one of the things I think so interesting about NICE is, and the NICE conference is that it brings together government, academia, and industry to solve this problem. And to kind of keep going with that theme around stakeholders. And if we broaden that, you know, how do you think we as a profession can be most successful when we talk about, like, engaging all three of those large stakeholder groups to really kind of tackle this issue across the board?
Deneen DiFiore: Yeah, I think, you know, the collaboration across those stakeholder groups is key. So really figuring out how collectively we can solve that problem and getting engaged. You know, we didn't, you know, even to meet our needs at United, like I mentioned, we worked with our government affairs folks to reach out to, you know, the folks at NICE to see what we, you know, how we could partner or what options we had to, you know, accelerate some of the outcomes that we were trying to get. So I really do think, you know, that collaboration across that, across the stakeholder groups is great. We continue to develop relationships with different universities and schools, even at high schools and, you know, different apprenticeship programs and look for opportunities across the board to that organizations are, you know, trying to accomplish the outcomes. And we try to work collectively together.
Simone Petrella: Yeah. One of the things that I know, you know, I've had a lot of conversations around with folks is when we talk about the talent and some of the workforce gaps that exist, that it's really more of an experience gap as opposed to a kind of a talent gap, meaning we have this greater need at like the mid and more experienced levels than we do for entry level talent, which creates a little bit of a dichotomy because we have all these graduates who want entry level jobs, but they can't get them. And at the same time, we can't -- you can't kind of make room for them unless you get people to progress up. So how do you kind of view that conundrum?
Deneen DiFiore: Yeah. So I think it's important to make a conscious decision as the leader of an organization. As you look at your organizational strategy to kind of reserve whatever amount of head count you can, right, if it's even if it's just a handful to continuously develop that pipeline. Right? So you how -- you have to reserve space for those entry level jobs and understand that, you know, if it's a person coming right out of college, if it's a person coming out of, you know, an apprenticeship program or if it's a person mid-career that's coming into a completely new domain, that you have to have a support structure that can make them successful and give them the skills, right, and experiences you need to be in that next role. So we really think about, you know, those entry level roles as not that you have to have two years of experience or whatever, like, we're going to set you up to get that and then you get your -- I mean, your technically your first job, right? Your, yeah, because otherwise that barrier to entry and that is a problem. You see that all the time. You see commentary on social media or LinkedIn about --
Simone Petrella: Yeah.
Deneen DiFiore: -- you know, I have a cybersecurity degree, I've done these internships, or I've done -- I've got these certifications on my own and, you know, no one's willing to take a chance on me. So creating that space intentionally as a leader, even if it's one or two people, that's, you know, one or two positions, if that's all you can spare is really, really important. And that's going to help that kind of mindset and approach to organizational development is something I think that needs to be the norm going forward.
Simone Petrella: Yeah. And that's a really great point. What you're effectively saying is growing a pipeline isn't just growing the pipeline to enter the position. It's you have to keep the whole pipeline flowing all the time. You know, it's not just this, like, I think a lot of times we think about it as just this singular thing that they, like, get in the door and they're done, but it has to keep moving throughout, like, the development of all those roles and positions.
Deneen DiFiore: That's right. Yeah.
Simone Petrella: Deneen, is there anything else that you wanted to maybe tease or highlight as far as what you'll be talking about at the conference here in the first week of June in Dallas, Texas?
Deneen DiFiore: You know, not to give the whole talk away, but I definitely will be giving, you know, the story of our approach and journey and sharing some pretty unique and exciting success stories that we have had with our approach to, you know, the Innovate, the Cyber Pathway Innovate Program and developing our organization in a very unique time and industry. So it should be really cool for those of you who like cybersecurity and maybe even those of you who are aviation geeks, as they call themselves. [Laughter]
Simone Petrella: Yeah. Well, no, incredible. And I'm sure that our audience, we have a sister podcast that actually deals with all things space and aviation, so mostly outer space. But I have a feeling that audience in particular will be very interested to hear how the intersection of [music] security and aviation kind of comes to light. I'm really looking forward to your talk in June.
Deneen DiFiore: Great, great. I'm looking forward to being there and participating as well. [ Music ]
Liz Stokes: That's our special edition N2K Cyberwire Program. Thank you all for joining. And thanks to our special guest, Deneen DiFiore for sharing their experience and insights. Remember, N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com. Our mixer is Trey Hester with original music by Elliot Pelzman. Our executive producers are Jennifer Eiben and Brandon Karp. Our executive editor is Peter Kilpe, and I'm Liz Stokes. Thanks for listening. We'll see you back here soon. [ Music ]
