Developing Successful Cybersecurity Maturity Models: A Microsoft Use Case

Jay Bhalodia, Managing Director of Security Customer Success at Microsoft Federal, shares his journey and successes in evolving cybersecurity delivery.

July 16, 2024

In a detailed interview with Jay Bhalodia, Managing Director of Security Customer Success at Microsoft Federal, the 2024 SANS | GIAC Cyber Workforce Research Report highlights significant insights into developing cybersecurity maturity models. With a background from Booz Allen Hamilton and Emagine IT, Jay shares his journey and successes in evolving cybersecurity delivery and service staff, both at Emagine IT and Microsoft.

Industry Challenges and Solutions

Jay emphasizes the pervasive workforce shortage in the cybersecurity industry, driven by structural challenges in talent acquisition versus development. Organizations can overcome this by implementing robust training programs that cultivate internal talent pools. These programs should mix in-house and outsourced sessions, focusing on aptitude assessments and certification achievements, with integral feedback mechanisms to ensure continuous improvement.

He also notes the complexity of certifications and jargon in the field, which can create artificial entry barriers. Jay advocates for a balanced strategy in hiring and training, emphasizing passion and diverse experiences over rigid qualifications. He recommends:

  1. Understanding your workforce composition and strategic talent acquisition.
  2. Employing best-of-breed training.
  3. Valuing passion and diverse experiences.
  4. Investing in training to increase staff retention.
  5. Using inclusive language in job postings.

Small Business Success at Emagine IT

During his tenure as Director of Security at Emagine IT, Jay faced the challenge of recruiting top talent without the name recognition or budget of larger firms. By leveraging staff referrals and recruiting firms, Emagine IT successfully built a high-quality, cost-effective cybersecurity team. They focused on hiring candidates with growth mindsets and implemented accelerated onboarding models, including shadowing and reverse-shadowing, to quickly develop new hires.

Retention strategies included fostering loyalty through training, benefits, and culture, which helped mitigate the impact of turnover and build enduring relationships with replacements.

Large Business Success at Microsoft

At Microsoft, Jay has seen the company transform from a non-recognized entity in security to a leading name in the field. This was achieved through aggressive sales and recruiting, initially focusing on rapid growth before transitioning to a customer success model. Jay's initiative to build the Microsoft Federal customer success organization from scratch saw it grow from 10 to 150 employees in three months, with a focus on upskilling legacy system administrators for cybersecurity roles.

Key retention tools at Microsoft include free academic benefits and immersive industry experiences. For instance, taking 40 employees to DEFCON and Black Hat conferences in the first-year accelerated passion and expertise within the team. This investment led to employees self-funding attendance at these conferences in subsequent years. Additionally, Jay's team spearheaded projects like adding voice-based capabilities to Microsoft Security tools, promoting diversity by partnering with universities to open cybersecurity career paths for vision-impaired students.

Jay Bhalodia's experiences highlight the importance of a balanced approach to talent acquisition and development in cybersecurity. His strategies at Emagine IT and Microsoft underscore the value of investing in training, fostering passion, and leveraging diverse experiences to build and retain a strong cybersecurity workforce. Through tailored training programs, inclusive hiring practices, and immersive industry experiences, organizations can develop successful cybersecurity maturity models and enhance their overall cyber resilience.

More Insight into Cyber Workforce Trends and Challenges

The 2024 SANS | GIAC Cyber Workforce Report includes six unique case studies from top cybersecurity leaders from leading organizations across the US. In addition, the report paints a full picture of the challenges and opportunities for building cybersecurity teams that are backed by successful hiring and development practices. To read the report in full, download it now.