Cy Says Blog & Podcast

Todd Johnson’s journey through the CyberUp Apprenticeship Program demonstrates the impact of perseverance, continuous learning, and the support of a community in cybersecurity. With a background in desktop support and a strong interest in technology, Todd joined the program to transform his career and secure a future in a fast-evolving industry through skills-based hiring.

The Beginning: A Shift from Entertainment to Technology

Before CyberUp, Todd had worked in desktop support and as a field technician. However, his career started in an unexpected place—stand-up comedy. For nearly 20 years, Todd traveled across the country performing. While the entertainment industry provided unique experiences, Todd realized that the instability of life on the road wasn’t compatible with the stability he sought in married life.

Transitioning from entertainment to cybersecurity was a significant change, but Todd found it a natural progression. His long-standing interest in computers made cybersecurity an attractive and secure field, one that evolves quickly and offers new challenges. “Technology evolves while you're sitting there,” Todd noted, explaining what drew him to the industry.

Three Months In: Gaining Confidence

At the three-month mark of his apprenticeship, Todd reflected on CyberUp’s training program. He found it essential in building the knowledge and skills needed to transition into cybersecurity. “It got me where I needed to be,” Todd said, highlighting how the program not only provided a certificate but also taught him the importance of being proactive in his learning. The training encouraged him to research on his own and deepen his understanding, a habit that proved crucial throughout his apprenticeship.

This phase also emphasized the importance of skills-based hiring, a practice CyberUp supports. Instead of focusing solely on degrees or past job titles, skills-based hiring allowed Todd to showcase his practical abilities, which were further developed through the apprenticeship. This approach was key to Todd’s successful transition into cybersecurity, proving that with the right skills, career advancement is achievable regardless of past professions.

Outside of work, Todd is a writer, with a book and several screenplays. His creative side adds a unique dimension to his role in cybersecurity, highlighting his ability to think creatively—an important skill in solving problems in the field.

Six Months In: Overcoming Challenges

At six months, Todd’s passion for cybersecurity continued to grow. He enjoyed learning new things, especially the acronyms and technical language of the field. “Investigating and digging into things is enjoyable,” Todd shared, comparing his work in cybersecurity to his previous experiences in entertainment.

The support Todd received from CyberUp was critical to his development. He appreciated the professional development opportunities and the encouragement from the community. Working from home, Todd found a balance between his personal life and his career, allowing him to fully engage in the learning process. Despite the challenges, Todd described his experience as a “roller coaster ride,” with ups and downs but ultimately rewarding as he continued to improve his skills.

Twelve Months In: Reflecting on Growth

By the end of his apprenticeship, Todd had experienced significant growth. One of his major successes was mastering the security language, which helped him become his own advocate in learning. Transitioning from desktop support to cybersecurity was like moving from high school to college—requiring Todd to navigate a more complex environment. He described this transition as one of the most challenging parts of his apprenticeship but also one of the most rewarding.

Todd’s professional goals extend beyond the apprenticeship. He plans to obtain more certificates to strengthen his security skills and improve his ability to address security issues. His desire to continue learning reflects his commitment to the field.

In reflecting on his journey, Todd offered advice to new apprentices: “Don’t be too hard on yourself. Everyone had a day one, so it’s okay to ask questions and seek help.” This advice underscores the importance of perseverance and the willingness to learn, qualities that have been central to Todd’s success.

The Road Ahead: Giving Back

Looking to the future, Todd is eager to participate in CyberUp’s alumni and mentorship programs, where he hopes to help others navigate the cybersecurity field. His willingness to mentor new apprentices reflects the support he received and his desire to give back.

Todd Johnson’s journey through the CyberUp Apprenticeship Program shows the impact of opportunity, community, and continuous learning. From his early days in desktop support to his current role as a cybersecurity analyst, Todd’s experience highlights the importance of skills-based hiring and staying committed to personal and professional growth. His story serves as inspiration for those looking to make a similar transition, proving that with the right support and mindset, success is within reach.

In my first blog about skills-based hiring, I referenced the notion of five generations entering the workforce and what role that plays in hiring for the foreseeable future. In today’s blog, I will break down the different generations by their attributes and describe the impact it has on how companies hire, provide professional development, and simply put, define soft skills. What you will see is nearly an 80-year difference in opinion on work ethic and values. What I hope you will take away is a clearer understanding of how your company can apply skills-based hiring to close the generational gap.

Let’s start with a quick rundown of each generation:

Baby Boomers (Born 1946-1964)

• Technology: Adapted to digital tools later in their careers. Often prefer in-person meetings and phone calls over digital communication.
• Work Habits: Highly dedicated and loyal to their employers. They often prioritize job security and stability and are used to working long hours.
• Communication Style: Prefer face-to-face communication or phone calls. They value personal interaction and direct communication.
• Values: Emphasize a strong work ethic, discipline, and respect for hierarchy and authority.

Generation X (Born 1965-1980)

• Technology: Comfortable with both analog and digital technologies. Often acts as a bridge between older and younger generations in terms of tech use.
• Work Habits: Independent and resourceful. They value work-life balance and often prefer flexibility in their work arrangements.
• Communication Style: Favor straightforward communication. They are comfortable with email and other forms of digital communication.
• Values: Pragmatic and self-reliant. They are often skeptical of authority and value personal development and autonomy.

Millennials (Born 1981-1996)

• Technology: Digital natives who grew up with the internet and mobile technology. They are highly proficient with digital tools and social media.
• Work Habits: Collaborative and team-oriented. They value meaningful work and often seek employers with strong corporate social responsibility.
• Communication Style: Prefer digital communication methods such as instant messaging and video calls. They value feedback and continuous communication.
• Values: Prioritize work-life balance, flexibility, and purpose-driven work. They often seek a sense of community and work-life integration.

Generation Z (Born 1997-2012)

• Technology: True digital natives, having grown up with smartphones, social media, and instant access to information. They are highly adept at using new technologies.
• Work Habits: Value diversity and inclusion, and are comfortable with remote work and flexible schedules. They are entrepreneurial and value opportunities for growth and learning.
• Communication Style: Prefer short, instant communication methods like texting and social media. They are accustomed to rapid information exchange.
• Values: Emphasize authenticity, diversity, and mental health. They seek meaningful and impactful work and value transparency from employers.

Generation Alpha (Born 2013-present)

• Technology: Growing up with advanced technology, including AI and IoT. They will be the most digitally immersed generation.
• Work Habits: Still developing as they are currently very young, but they are expected to prioritize technology integration, continuous learning, and adaptability.
• Communication Style: Likely to prefer immersive and interactive communication methods, leveraging augmented and virtual reality.
• Values: Anticipated to value sustainability, innovation, and global connectivity. They will likely seek work environments that align with these values.

These generational differences shape how individuals approach their careers, interact with colleagues, and prioritize in their work environments, but it also is important to consider when building out hiring programs for companies. We recently covered 7 steps to building a skills-based hiring program. In that discussion, we provided some basic best practices to evaluate hires and the skills they bring but we have to take that one step further and focus on culture development.

Here are 4 ways a company can create a supportive work environment for all 5 generations that supports skills-based hiring programs and fosters a culture of respect and inclusion: 

Facilitate Knowledge Sharing and Mentorship

• Mentorship Programs: Pair younger workers with experienced employees to foster knowledge transfer and professional growth.
• Reverse Mentoring: Encourage younger employees to share their expertise, particularly in technology, with older colleagues.
• Collaborative Projects: Create opportunities for multi-generational teams to work together on projects, leveraging diverse perspectives.

Provide Flexible Work Arrangements & Programs

• Flexible Scheduling: Offer flexible work hours and remote work options to cater to different life stages and personal needs.
• Wellness Programs: Implement health and wellness programs that address the needs of all age groups.
• Diverse Benefits Packages: Offer a range of benefits that appeal to different generations, such as childcare support, eldercare assistance, or retirement planning

Tailor Training and Development Programs

• Continuous Learning: Implement training programs that address the learning preferences and needs of different generations.
• Technology Training: Provide tech training to older employees to help them stay current with new tools and platforms.
• Professional Development: Offer career development opportunities that cater to the aspirations of employees at various stages of their careers.

Encourage Collaboration and Team Building

• Team Building Activities: Organize activities that foster team spirit and understanding among different age groups.Intergenerational 
• Employee Resource Groups (ERGs): Create ERGs that focus on bridging generational gaps and fostering mutual support.
• Celebration of Milestones: Recognize and celebrate milestones and achievements of employees from all generations.

This isn’t an inclusive list of course but with the suggestions here and in the prior blogs a talent team can lead the way for companies to embrace skills-based hiring. Of course, CyberUp’s team of apprenticeship and skills-based hiring experts are always ready to support. Please reach out to me directly or to our team if you would like to learn more. 

Tony Bryan

Reimagining Entry-Level Cybersecurity Hiring: Why Now is the Perfect Time to Embrace Skills-Based Hiring

In today's rapidly evolving job market, the need for innovative hiring practices has never been more critical, especially in the cybersecurity sector. The traditional recruitment methods, heavily reliant on degrees and formal qualifications, are increasingly being called into question. At CyberUp, right now is the perfect time for companies to reimagine their hiring strategies and fully embrace skills-based hiring for entry-level cybersecurity roles.

The Growing Demand for Cybersecurity Talent

The cybersecurity landscape is more dynamic than ever, with threats becoming more sophisticated and frequent. As organizations across all sectors bolster their cybersecurity defenses, the demand for skilled professionals continues to outpace supply. According to recent reports, over 500,000 unfilled cybersecurity positions exist in the United States alone. This talent gap presents both a challenge and an opportunity for employers.

The Limitations of Traditional Hiring Practices

Historically, entry-level positions in cybersecurity have required candidates to possess a four-year degree in computer science or a related field. However, this approach has several limitations:

1. Exclusion of Talented Individuals: Many capable individuals who have the necessary skills but lack formal degrees are often overlooked.
2. Slow Adaptation to Industry Changes: Degree programs may not always keep pace with the rapidly changing cybersecurity landscape, leaving graduates underprepared for current threats.
3. Barrier to Diversity: Traditional hiring practices can perpetuate a lack of diversity in the field by excluding candidates from non-traditional backgrounds.

The Changing Educational and Workplace Landscape

The landscape of education and the workforce is changing significantly, and these changes are reshaping the way we should approach hiring in cybersecurity:

1. Lower College Attendance Rates: College enrollment rates have been declining over the past decade. Many potential candidates are opting for alternative education pathways, such as boot camps, online courses, and self-study, which can provide them with the specific skills needed for cybersecurity roles without the time and financial investment required for a traditional degree. This trend is particularly evident among younger generations who are questioning the value of a four-year degree in an era where knowledge and skills can be acquired more flexibly and affordably.
2. Multi-Generational Workforce: The modern workplace is more age-diverse than ever before, encompassing Baby Boomers, Generation X, Millennials, and Generation Z. Each generation brings unique perspectives and skills to the table. Embracing a skills-based hiring approach allows organizations to leverage the strengths of a multi-generational workforce, ensuring that teams are well-rounded and capable of tackling the complex challenges of cybersecurity.

The Advantages of Skills-Based Hiring

Skills-based hiring focuses on a candidate's abilities and practical experience rather than their educational background. This approach offers several benefits:

1. Wider Talent Pool: By prioritizing skills, employers can tap into a broader and more diverse talent pool, including career changers, self-taught individuals, and those who have gained expertise through non-traditional pathways.
2. Improved Job Performance: Candidates selected based on their demonstrated skills are often more prepared to tackle real-world cybersecurity challenges from day one.
3. Enhanced Diversity, Equity, and Inclusion (DEI) Programs: Skills-based hiring can significantly improve DEI initiatives. By removing the emphasis on formal degrees, companies can attract candidates from a variety of backgrounds, including underrepresented groups who may not have had access to traditional education pathways. This leads to a more diverse workforce that reflects a range of experiences, cultures, and perspectives, which is crucial for fostering innovation and problem-solving in cybersecurity.
4. Better Diversity of Thought and Perspective: When teams are composed of individuals with different backgrounds and experiences, they bring a wider range of ideas and approaches to the table. This diversity of thought can drive creative solutions to complex cybersecurity issues, enhancing the overall effectiveness of the team. A varied team is better equipped to anticipate and address the myriad threats that organizations face today.
5. More Loyal Team and Workforce: Employees who are hired based on their skills and potential often feel more valued and recognized for their contributions. This can lead to higher job satisfaction and loyalty. Moreover, providing opportunities for continuous learning and growth can further enhance employee engagement and retention, creating a dedicated and motivated cybersecurity workforce.
6. Faster Hiring Process: Evaluating candidates based on their skills can streamline the hiring process, reducing time-to-hire and enabling organizations to fill critical positions more quickly.

Success Stories and Industry Trends

Many forward-thinking organizations have already begun to adopt skills-based hiring practices with great success. For example, companies like Centene, First Bank, and SSM Health have removed degree requirements for many of their tech roles, focusing instead on candidates' practical skills and experience. Even some states like Colorado have embraced the idea and eliminated degree requirements for state employment. These organizations have reported improved employee performance, higher retention rates, and increased diversity as a result. Over the next several months we will share and deep dive into examples and the impact they have had on each company. 

Conclusion

The cybersecurity field is at a critical juncture, and the traditional hiring paradigm no longer meets the industry's needs. By embracing skills-based hiring, companies can access a wider talent pool, improve job performance, and create a more inclusive workforce. Now is the perfect time to reimagine entry-level cybersecurity hiring and ensure we have the skilled professionals needed to protect our digital future.

At CyberUp, we are committed to supporting organizations in this transition and advocating for hiring practices that recognize and value skills over 4-year degrees and traditional hiring practices. Together, we can build a stronger, more resilient cybersecurity workforce.

In today's rapidly evolving job market, traditional hiring methods based on degrees and previous job titles are becoming less effective. With the rise of new technologies and changing industry demands, companies are increasingly turning to skills-based hiring to find the best talent. But what exactly is skills-based hiring, and how does it work for companies? Let's explore.

What is Skills-Based Hiring?

As a quick refresher, here is our definition of skills-based hiring. Skills-based hiring is an approach that focuses on evaluating a candidate's specific abilities, practical experience, and demonstrated performance rather than their educational background or formal qualifications. This method assesses what a candidate can do and how well they can do it, making it a more inclusive and effective way to identify top talent.

Implementing Skills-Based Hiring in Your Company

How we have hired talent for the past 30 years requires a reset. Why might you ask? That’s a discussion for another blog but for today let’s focus on the how. As you will learn, transitioning to a skills-based hiring approach requires careful planning and execution. It does not have to be a challenging task but it requires a creative approach and open-mindedness to implement successfully. 

Here's a detailed guide on 7 steps to implement skills-based hiring effectively:

1. Identify Key Skills

• Role Analysis: Begin by thoroughly analyzing each role within your organization. Engage with current employees and managers to understand the specific tasks and responsibilities of each position.
• Skill Mapping: Identify the essential technical and soft skills required for each role. This might include understanding firewalls and network security best practices, communication skills for customer-facing roles, or problem-solving abilities for management positions.
• Prioritization: Determine which skills are critical and which are desirable. This will help in creating a focused assessment process.

2. Develop Skills Assessments

• Practical Tests: Design practical tests that reflect real-world tasks related to the job. For example, a coding challenge for a developer role or a project simulation for a project manager role. Finding a cybersecurity assessment has proven difficult but companies like Crowdstrike leverage capture the flag types of challenges when hiring candidates to accurately assess skills.
• Behavioral Assessments: Include assessments that measure soft skills such as teamwork, leadership, and adaptability. These can be situational judgment tests or behavioral interviews.
• Tools and Resources: Utilize online platforms and tools that offer pre-built assessments or the ability to create custom tests. Ensure these tools provide reliable and valid measures of the required skills.

3. Revise Job Descriptions

• Skill-Focused Listings: Rewrite job descriptions to highlight the skills and competencies needed rather than focusing on degrees or specific job titles. Use clear and concise language to describe the key responsibilities and required skills.
• Inclusive Language: Use inclusive language that encourages a diverse range of candidates to apply. Avoid jargon and unnecessary requirements that might deter qualified applicants.

4. Train Hiring Managers

• Educational Workshops: Conduct workshops and training sessions to educate hiring managers on the principles of skills-based hiring. Explain the benefits and guide how to evaluate skills effectively.
• Bias Reduction: Train hiring managers to recognize and mitigate biases in the hiring process. This includes understanding the impact of unconscious biases and using structured interview techniques.
• Interview Techniques: Teach hiring managers how to conduct skills-based interviews. This includes asking open-ended questions that allow candidates to demonstrate their skills and using standardized scoring rubrics.

5. Use Technology

• Applicant Tracking Systems (ATS): Implement an ATS that supports skills-based hiring. Look for systems offering integrated skills assessments that help automate the screening process. A gold star for companies who assess for transferable skills.
• Data Analytics: Use data analytics to track and measure the effectiveness of your skills-based hiring process. Analyze metrics such as time-to-hire, quality of hire, and employee performance to make data-driven improvements.
• Virtual Assessments: Leverage virtual assessment tools to facilitate remote hiring. This can include video interviews, online skill tests, and collaborative platforms for team-based exercises.

6. Pilot Programs

• Small-Scale Implementation: Start with a pilot program in one department or for a specific role. This allows you to test the skills-based hiring approach on a smaller scale and make adjustments before a company-wide rollout.
• Feedback Loop: Collect feedback from both candidates and hiring managers involved in the pilot program. Use this feedback to refine your assessment tools, interview processes, and overall approach.

7. Evaluate and Iterate

• Performance Metrics: Continuously monitor the effectiveness of your skills-based hiring approach. Track key performance indicators (KPIs) such as employee retention, job performance, and satisfaction levels.
• Regular Reviews: Conduct regular reviews of your hiring process and make necessary adjustments based on the data collected. Stay updated with industry trends and best practices to ensure your approach remains relevant and effective.
• Employee Development: Use the insights gained from the hiring process to inform employee development and training programs. This helps in aligning current employees’ skills with evolving job requirements.

Conclusion

Skills-based hiring is a powerful approach that can help companies find the best talent in an increasingly competitive job market. By prioritizing practical skills over traditional credentials, companies can build diverse, innovative, and high-performing teams. As the future of work continues to evolve, skills-based hiring will play a crucial role in shaping the workforce of tomorrow.

Implementing this approach requires a strategic shift in how companies evaluate and select candidates, but the benefits are well worth the effort. Embrace skills-based hiring and unlock the full potential of your talent pool. 

Over the past several years, there has been considerable discussion around the cybersecurity talent pipeline and hiring practices. We are now at a pivotal moment where five generations of workers are concurrently in the workforce, college enrollment is declining, and non-traditional skill paths are gaining momentum. The time is ripe for companies to reimagine how they recruit and hire talent. At CyberUp, we recognize that skills-based hiring is the model needed for the future.

In the coming weeks, we will define and illustrate the skills-based hiring model to establish a baseline set of expectations. Our goal is to inspire hiring managers and talent teams to embrace this practice because staying ahead of threats requires an agile, knowledgeable, and innovative workforce. Traditional hiring practices prioritize degrees/certifications and must evolve to recognize candidates with practical experience and the skills necessary to excel. Enter skills-based hiring—a transformative approach that prioritizes a candidate's abilities over formal credentials. Let’s explore what skills-based hiring means and why it's a game changer for cybersecurity.

Defining Skills-Based Hiring

Skills-based hiring is an approach that focuses on evaluating a candidate's specific abilities, practical experience, and demonstrated performance rather than their educational background or formal qualifications. This method assesses what a candidate can do and how well they can do it, making it a more inclusive and effective way to identify top talent.

We have been talking about the model for quite some time. Check out CyberUp’s early take on the concept.

The Building Blocks of Skills-Based Hiring

1. Practical Assessments

Practical assessments are at the heart of skills-based hiring. These evaluations mimic real-world tasks and scenarios candidates will encounter in their roles. For cybersecurity positions, this could include challenges like identifying vulnerabilities in a system, performing penetration tests, or developing secure code. These tasks provide employers with a clear and concrete understanding of a candidate's technical prowess and problem-solving abilities, offering insights that go beyond a resume.

2. Portfolio Review

A portfolio showcases a candidate’s hands-on work and projects, offering tangible evidence of their skills. In cybersecurity, this might include contributions to open-source projects, code samples, security research publications, or documented bug reports. Reviewing a portfolio allows employers to see the depth and breadth of a candidate’s experience, their ability to complete projects, and their commitment to the field. This element also highlights continuous learning and innovation, which are crucial traits for cybersecurity professionals.

3. Relevant Experience

Skills-based hiring places a strong emphasis on relevant experience, including internships, freelance work, volunteer projects, and self-initiated endeavors. This experience is often more indicative of a candidate’s ability to perform in a real-world setting than traditional qualifications. For instance, a candidate who has actively participated in cybersecurity competitions or hackathons demonstrates both their passion and practical skills. By valuing these experiences, employers can identify candidates who have proven their abilities outside conventional pathways.

4. Continuous Learning and Development

The cybersecurity landscape is constantly changing, with new threats and technologies emerging regularly. Skills-based hiring recognizes the importance of continuous learning and professional development. Candidates who stay updated with the latest trends, tools, and techniques—whether through online courses, certifications, workshops, or self-study—are highly valued. This element underscores a candidate's proactive approach to their career and their ability to adapt to new challenges, which is essential in the fast-paced world of cybersecurity.

5. Soft Skills Evaluation

While technical skills are critical, soft skills such as communication, teamwork, and critical thinking are equally important in cybersecurity roles. Skills-based hiring includes the evaluation of these attributes through behavioral interviews, situational judgment tests, and collaborative tasks. For example, a candidate might be asked to explain complex security concepts to a non-technical audience or work with a team to devise a security strategy. These assessments help determine if the candidate can effectively contribute to and thrive within a team environment.

6. Role-Specific Simulations

Role-specific simulations provide a realistic preview of the day-to-day responsibilities candidates will face. These simulations involve responding to a simulated security breach, analyzing security logs for potential threats, or developing a risk management plan. By engaging candidates in these scenarios, employers can assess not only their technical skills but also their decision-making process, stress management, and ability to prioritize tasks under pressure.

Conclusion

Skills-based hiring redefines how cybersecurity professionals are recruited, emphasizing what candidates can do rather than where they’ve been. This approach ensures that the best-suited candidates are identified by incorporating practical assessments, portfolio reviews, relevant experience, continuous learning, soft skills evaluation, and role-specific simulations. As the cybersecurity landscape evolves, skills-based hiring will play a crucial role in building a robust, capable, and forward-thinking workforce. Embrace the change and watch your team—and your organization—thrive.

Reach out today and see how CyberUp's team of apprenticeship experts can help you!