15 Sep No Career Ladders For Cybersecurity Professionals?
Candidates need to predict their future
Morristown, N.J. – Sep. 15, 2020
Those two facts have created a complex system that is confusing, has unpredictable outcomes, and is a repellent to qualified people wanting to enter and remain in the cybersecurity workforce. This perpetuates the global cybersecurity workforce gap.
We need to create a system where newcomers and existing cyber professionals can better predict their career outcomes. This will allow us to expand our talent pool and give us the highest chance of success to close the gap.
Behavior Never Lies
Over my 21 years in the cybersecurity industry, I’ve listened intently to what all people have said but paid more attention to what they did.
I’ve seen thousands of cybersecurity practitioners and many have claimed or were given a certain work role title only for me to see their actions told a different story. Their daily habits and unconscious actions during operations were the true functions of their jobs.
By listening to people’s actions for more than 2 decades, I’ve lived, discovered, and collected personality traits and trend lines about myself and fellow elite cyber warriors who have achieved cybersecurity mastery.
I took extreme notice from each of those encounters and uncovered 12 cybersecurity work role archetypes. They are timeless, universal, and an abstraction of the existing complex work role structures.
The archetypes fall into 4 categories. I created an easy and memorable acronym for each of them, which forms the Spanish word LISTO, meaning ready, smart, and clever. I also mapped LISTO to the existing frameworks such as NICE and CyberSeek.
Cybercrime TV: The Cybersecurity Labor Shortage
CISOs and thought leaders on career opportunities
LISTO can be thought of as Leadership, Intelligence, Support and Technology, and Operations. The 4 categories and corresponding 12 cybersecurity work role archetypes are:
- Leadership – Cyber Leader, Cyber Planner, Cyber Strategist
- Intelligence – Cyber Analyst Human Focused, Cyber Analyst Technology Focused, Malware Analyst
- Supporting Technology – Technologist, Infrastructure Architect, Software Developer
- Operations – Offensive Security, Defensive Security, Incident Responder
Everyone in the cybersecurity industry today, both public and private, in the world, regardless of current title, fits into one of these 4 categories and 12 work role archetypes based on their daily habits and unconscious actions during operations.
The LISTO framework satisfies the first of the two requirements that will expand our talent pool and give us the highest chance of success to close the global cybersecurity workforce gap.
The cybersecurity industry must recognize its current complex system for careers that has unpredictable outcomes, foments confusion, and repels qualified candidates from entering and staying in the cybersecurity workforce.
Adoption of LISTO with its 12 cybersecurity work role archetypes and providing personalized cybersecurity career pathways will allow us to achieve sustained, predictable cybersecurity career outcomes. In effect, a ladder for everyone in our field to climb. This will close the cybersecurity workforce gap.
LISTO now exists, adopt it. The pathways don’t yet; they will shortly.
– Jason Shockey is the Chief Information Security Officer at a publicly traded company in the greater New York City area. Prior to his CISO role, Jason was active duty in the US Marine Corps as a technology leader conducting cybersecurity operations, incident response, and cyber risk management.