Written by Greg Meckbach at Canadian Underwriter, April 29th, 2019
A priest or minister could help your client manage cyber risk, and it’s not by praying that cyber criminals will leave your client alone.
“My latest three hires have been a theologian, a political scientist and somebody who has their degree in social justice,” said Rob Labbé, director of information security for Vancouver-based mining firm Teck Resources Ltd. “Rather than staffing my team with core computer security and computer science folks, which are hard to find right now – instead I am actually looking to liberal arts majors.”
Labbé was one speaker at the International Cyber Risk Conference, held April 15-16 at the Metro Toronto Convention Centre. Finding talent in cyber risk management was one topic of discussion.
“There are more roles for security than there are people right now,” said Vivek Khindria, vice president of cyber security and technology risk for Toronto-based supermarket chain Loblaw Company Ltd., during ICRMC.
Cyber criminals are individuals with reasons for attacking your client’s assets, explained Labbé.
“There is somebody on the other side of that malware attack,” said Labbe. “They are probably not just bored on a Friday night. There is, generally speaking, a reason they are going after us and they have their own goals and objectives.”
This led to Teck’s decision to hire a theologian to help manage security risk.
“When we look at those groups that are targetting mining, they actually behave a lot closer to religions than corporations,” Labbé said. “And so a theologian innately understands religion: how they are recruiting, how they are messaging, what they are likely to go after and why.”
Labbé suggested he looks for prospective cyber security staff who are both liberal arts majors and are also interested in gaming.
“It’s a nice big pool,” he said. “There are not a lot of people fishing in it, which makes it a real good one for finding talent right now and it is working out real well.”
Training staff to manage cyber security is not just about teaching cyber and security skills, Nick Steele, deputy chief security officer of Dell Technologies Inc., said during ICRMC.
“It’s about learning business skills and being able to communicate,” Steele said. “I think what’s interesting is if you look at our generation, we all came probably from somewhere else [other than cyber-security].” In previous generations, cyber-security did not even exist as a separate occupational field, he observed.
“We have all sort of fallen into it, but we need to make sure the new generations – who are now doing dedicated cyber courses and security courses and risk management – also understand the language of business. Because if they don’t, they are going to struggle to communicate and bridge that gap between us and that business.”
If you put 50 chief security officers in the same room, chances are they will have different backgrounds, suggested Khindria.
“I have had the pleasure of coaching several hundred people through that journey, and I can say that the best security people are business-minded people. The most crucial thing is being able to communicate to the business.”
ICRMC was produced by MSA Research.