Deciphering The National Cyber Workforce and Education Strategy – Dr. José-Marie Griffiths – BSW #315
Full Audio
View Show IndexSegments
1. Deciphering The National Cyber Workforce and Education Strategy – Dr. José-Marie Griffiths – BSW #315
On July 31st, 2023, the Biden administration released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative. The National Cyber Workforce and Education Strategy focuses on four major pillars: equipping every American with cyber skills, transforming cyber education, expanding and enhancing the national cyber workforce and strengthening the federal cyber workforce. The strategy relies heavily on non-governmental and private sector entities to provide funding, internship and apprenticeship programs to increase the number of workers with cybersecurity skills.
One of those entities referenced in the strategy is Dakota State University. Dr. José-Marie Griffiths joins us to discuss education's role in the strategy, but offers other insights, including:
- immigration policies and how it limits the current cyber workforce,
- diversity, equity, and inclusion initiatives and the reduction of women in the cyber workforce, and
- what can the cyber community do to help.
Segment Resources: https://www.dsucyber27.com/ https://dsu.edu/programs/artificial-intelligence-bs.html https://dsu.edu/programs/computer-science-artificial-intelligence.html
Announcements
Security Weekly listeners: Now is your chance to join the infosec community as they come together at InfoSec World 2023, September 23 – 28, 2023 at Disney's Coronado Spring Resort in Lake Buena Vista, FL. Hear keynotes from Scott Shapiro, Founding Director at Yale CyberSecurity Lab’s and Rachel Wilson, Managing Director and Head of Cybersecurity at Morgan Stanley.
As a Security Weekly community member, you’re able to receive 20% off your InfoSec World 2023 tickets using code ISW23-SECWEEK20! Register today: securityweekly.com/infosecworld2023
Guest
Dr. José-Marie Griffiths is president of Dakota State University in Madison, South Dakota. President Griffiths has spent her career in research, teaching, public service, corporate leadership, economic development, and higher education administration. She has served in presidential appointments to the National Science Board, the U.S. President’s Information Technology Advisory Committee, and the U.S. National Commission on Libraries and Information Science. She has recently been appointed a member of the National Security Commission on Artificial Intelligence, part of the John S. McCain National Defense Authorization Act for 2019 and is chairman of the Workforce Subcommittee for the commission. She has led projects for over 28 U.S. federal agencies such as the National Science Foundation, NASA, the Department of Energy, and various intelligence and military agencies, over 20 major corporations such as AT&T Bell Laboratories and IBM, in over 35 countries, and worked with seven major international organizations, including NATO and the United Nations. She has received over 20 significant awards in science, technology, teaching and the advancement of women in these fields.
Hosts
2. CISOs Need Backing, How to Engage the C-suite and Board, and It’s OK to Fail – BSW #315
In the leadership and communications section, How CISOs can engage the C-suite and Board to manage and address cyber risk, CISOs Need Backing to Take Charge of Security, It’s OK to Fail, but You Have to Do It Right, and more!
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Hosts
- 1. How CISOs can engage the C-suite and Board to manage and address cyber risk
The modern Chief Information Security Officer (CISO) has a difficult job. Amidst the myriad of malicious cyber threats attempting to infiltrate their organization, CISOs must also effectively navigate other murky waters: Engaging their C-suite and governing counterparts on matters of cybersecurity. It’s a tall task for which decades of technical training and programmatic cyber expertise alone are insufficient preparation.
Effectively engaging the C-suite is based upon simplifying the connection between cyber risk and business risk. This requires deciphering the impact of a cyberattack in a way that doesn’t portray a doomsday narrative, but still clearly outlines the severe ramifications it could pose on fundamental business goals.
- 2. How to communicate data risk to the business
The role of data security within the enterprise has been undergoing significant change. Particularly as competitive pressures around AI and advanced analytics initiatives mount, business leaders are often leveraging data without understanding or evaluating the associated risks.
Security and risk leaders can follow these best practices for effective data risk communication.
Step 1: Bring the listener in Step 2: Earn the right to be heard Step 3: Tell the risk story
- 3. CISOs Need Backing to Take Charge of Security
Unless the CEO and other C-suite executives defer to the CISO's decisions on cybersecurity, is the CISO really running things?
- 4. How a Federal Ban on Ransomware Payments Could Help CISOs
The White House is considering a ban on ransomware payments, which could change the chief information and security officer (CISO) job. The ban would would elevate the cybersecurity conversation to the CEO, the CFO, and the board, and potentially end the practice of scapegoating CISOs when a breach happens. This is a significant shift: after Uber’s former chief security officer was convicted for his role in covering up a 2016 cyberattack, CISOs had more reason to worry of the personal liability that came with the job. Here’s how companies should prepare for this new landscape right now: prepare for the worst, make senior leadership own the cybersecurity conversation, and test their security posture and regularly audit internal processes and employee security training to pinpoint gaps in cyber readiness.
- 5. White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage
Those looking for quick solutions to the nation's deepening cyber skills crisis are unlikely to find them in the new National Cyber Workforce and Education Strategy document that the White House released this week.
But there are plenty of elements in the strategy that, if implemented as intended, could go a long way in addressing the skills scarcity over the long term, while also preparing future workers for cybersecurity careers, industry experts say.
- 6. It’s OK to Fail, but You Have to Do It Right
Harvard Business School professor Amy Edmondson is probably best known for her work on psychological safety in the workplace. She has authored a number of books, including the forthcoming Right Kind of Wrong: The Science of Failing Well, and she spoke with HBR editor in chief Adi Ignatius about the right–and wrong–ways to fail. Experimentation and risk-taking are crucial for an organization’s success, but failing twice in the same way is probably a mistake.
- 7. The Art of Effective Communication: Building Stronger Connections
Effective communication is an art that requires practice, patience, and a genuine desire to connect with others. By embracing active listening, empathy, and clarity, we can create stronger relationships and build a more harmonious world. Engage in meaningful conversations, communicate with compassion, and appreciate the power of effective communication in enriching your personal and professional life.