16 Mar Former CNBC, WSJ Reporter On Closing The Cyber Talent Gap
Kate Fazzini pushes the security industry to be more open-minded
Melbourne, Australia – Mar. 16, 2021
Ask Kate Fazzini to pinpoint the thing that directed her to a career in cybersecurity journalism, and it would probably be the phone company in her native Ohio.
Having grown up in the time when local calls were restricted to a few neighboring towns and it got expensive to call anybody more than a few miles away, she began exploring ways to get cheaper calls and, at the tender age of nine, built her own “blue box” – a phreaking device that let her call surrounding areas without incurring long-distance charges.
It was a “really early” entrance to the world of technology that made her a “hero of my set of girlfriends who all wanted to talk on the phone,” she told Cybercrime Magazine, but it stoked an appetite for technology that led her to working with “a lot of very nerdy guys” at the Ohio State University campus technology store, and ultimately into a series of consulting gigs and a cybersecurity role with JPMorgan Chase.
Yet it was in that role, she recalls, that she realized her career evolution wasn’t finished yet.
As an English major at college, she had combined a love of writing with a love of technology — a dangerous combination when, she recalls, she and her team were watching television coverage of some high-profile breaches “and there was a lot of it that was being left out, a lot of alarmism, and a lot of things that were just incorrect.”
“I made a mental note that I wished I could be a reporter.”
Cybercrime Radio: Changing Hiring Practices And Job Requirements
Kate Fazzini on identifying future cyber fighters
When dreams come true
It wasn’t long before Fazzini’s wish came true, with the Wall Street Journal hiring her as an enterprise-focused cybersecurity reporter and CNBC ultimately engaging her to cover “more consumer-focused” security issues such as scams.
Writing explainers about topics like ransomware fed a surge in interest in 2017, when the WannaCry attack sent businesses around the world scrambling and, for many people, put cybersecurity issues on the map for the first time.
“It was just so fortunate that I had the [cybersecurity] background,” she said, “because all of a sudden, a lot of people who weren’t in the industry and didn’t know a lot about cybersecurity were very interested in ransomware.”
Her scams reporting was equally engaging: “It felt like the opportunity to really educate people about what this is, and what it means,” she recalled. “I fell in love with being able to help people feel like they’re part of the cybersecurity conversation.”
That conversation took on a new dimension when Fazzini published her 2019 book — entitled Kingdom of Lies: Unnerving Adventures in the world of Cybercrime and drawing on her years of experience documenting and working in the industry — as a way of opening readers’ eyes to the cybercriminal activities going on around them every day.
“It’s a book about cybersecurity that doesn’t really talk about cybersecurity that much at all,” she said. “It just talks about the lives of some of the people — and that really is what cybersecurity is… it’s in the background of everything.”
It was just six months later that Fazzini’s career took yet another turn, as she began spending more and more time bringing people — executives, more and more, whose attention to cybersecurity was piqued when they were sent home to work remotely — into the cybersecurity conversation in new ways.
Because of COVID, she said, “I found there was a huge marketplace for executives, and people on boards, who wanted to have a risk evaluation of their own at-home setups.”
That work led to last year’s founding of Flore Albo — named in a nod to the “white flower” shop girls who arranged department-store stock to make it more appealing — and her efforts to take a different approach to cybersecurity training.
“We don’t often talk about getting a woman’s touch into cybersecurity,” she said. “I want to make it a more open discipline, so that we don’t have executives who have to hide the fact that they don’t understand cybersecurity. They can come in and learn about their role in this really important discipline.”
Closing the cyber gap
Yet the need for better-organized cybersecurity education isn’t limited to executives.
With a yawning skills gap leaving companies desperate for skilled employees — but those employees often finding they don’t have the right training to get a job — Fazzini said the industry is continuing to suffer a “disconnect” that is marginalizing potentially great cybersecurity employees.
Aiming to help bridge that gap, Flore Albo specialists have begun offering clients internal skills assessments — which have proven invaluable in identifying staff who may be able to step into cybersecurity roles with a little bit of the right training.
“It’s a very simple process of asking employees a couple of different skills that they might have that translate really well into cybersecurity jobs,” she explained, “and it’s not ‘are you a wonderful hacker?’”
“It’s more about ‘have you managed projects successfully?’ and ‘have you worked in implementing an IT rollout?’ because that is exactly what happens in a project implementation in cybersecurity. And it’s about finding out who those employees are… and [asking] them if they’d like the opportunity to do something different.”
“It’s very much a win-win — and I can’t tell you how many administrative assistants we have turned into cybersecurity people because they just know when a call is coming in and the guy is faking trying to get the CEO on the phone.”
“It’s that paranoia about keeping somebody protected — serving as a human firewall — and wonderful skills that translate really well into cybersecurity.”
The industry was also suffering, she added, because “mechanical” job requirements often punish people for youthful “mischief” that wouldn’t affect their value to the organization.
“We should be welcoming people who are good at this field into the light and away from the darkness,” she said. “They should be working for the good guys — and if we want to have the best people, we need to be a little bit more open-minded.”
– David Braue is an award-winning technology writer based in Melbourne, Australia.
Go here to read all of David’s Cybercrime Magazine articles.