, 11 tweets, 3 min read
My Authors
Read all threads
it still hurts when I sit in a conference talk where government "cyber workforce" discussions occur, and they still beat the same drum that hasn't worked for years, and realize that none of them come to things like BSides, Defcon, Shmoo, and others to have a realistic discussion
they merely talk about frameworks and policies, but nothing actually actionable or results... granted, having also sat in on agency discussions where there was a lot of, what could be best described as "whining", but no after action to address those concerns...
as I said MANY times, that if you have a shortage or want to focus on development and recruitment, you need to meet where the talent goes to learn, rather than hope and pray that a fishing expedition via job postings attract who and what you think you need...
this is often the gap between a practitioner approach to talent management versus a business and management perspective on how to approach it...
then again, I can only yell into the wind at certain venues where this topic is discussed that gets you a little demoralized... and of course this is why, to put it pointedly, gave up on this subject from where I was in the public sector... maybe I can change it elsewhere
I guess when I hear Federal officials speak of cybersecurity workforce and recruitment, they speak of it as a policy and business entity, rather than a community... which I think is where it fails. A community has culture, which requires a history, communication, knowledge...
they will say ML and AI, and realize that in many cases, this is NOT the expertise of many security folks, this is the realm of mathematicians and psychologists who birthed the subject many years ago. If anybody knows a higher-ed security program that teaches AI and ML, pls. LMK
...as this wraps up, it seems they, again, are focusing on degrees and certifications when the sunset (see Google and other tech orgs) focus less if not at all on paper and focus more on demonstrable skills since traditional educational models can't keep up with pace of tech
...branching here... the perception of "hacker" or "security" conferences has not changed much over the years for leaders/managers, and I think they are working with misconceptions and bad information. So the community needs to work on that perception-setting as well.
when I do CFP reviews for conferences, I look at the educational (and entertainment) value from the presentation and what would be the takeaways given the location (DC = policy and gov vs. elsewhere) that can be applied by attendees upon leaving. That's also a mechanism.
Like the level of policy talks, if I were to say, do @CanSecWest should be low, because they are known for highly technical content. @shmoocon has moved to a greater mix over 15+ years, as has others. Know your audience and where you can impact post-con mindsets and actions
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Amélie E. Koran

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!