In an interview with Jon Brickey, Senior Vice President and Cybersecurity Evangelist at Mastercard, the 2024 SANS | GIAC Research Report explores the impact of training on hiring success. Leading a team of 800 cybersecurity and IT professionals, Jon Brickey shares his approach to fortifying Mastercard's cybersecurity capabilities through diverse and comprehensive training initiatives.
Diverse Training Initiatives
Jon Brickey champions a variety of training programs to strengthen his cybersecurity team, ensuring they are well-prepared to handle modern cyber threats. These initiatives include:
- Cyber Ranges: Providing immersive adversarial training environments where teams can practice defending against and launching cyberattacks. These often involve competitive scenarios with other companies.
- Phishing Simulations and Response Training: Preparing teams to identify and respond effectively to phishing attacks.
- Compliance Training: Ensuring adherence to industry regulations and standards.
- Education with Expert Insight: Engaging guest speakers and subject-matter experts to provide in-depth knowledge.
- Individual Risk Scores: Assessing and addressing individual risk factors.
Mastercard also collaborates with SANS on cybersecurity training and degree programs. Jon Brickey emphasizes the importance of continuous training, stating, "If you are worried about training and losing people, you should worry about not training them."
Strategic Partnerships for Business Enablement
Jon Brickey's team collaborates with internal cybersecurity teams to assess cyber risks and conduct reconnaissance for risk management. This strategic partnership enables Mastercard to stay ahead of potential threats and manage risks effectively.
Despite challenges, such as top-performing individuals departing for rival companies, Jon remains committed to the value of training. Mastercard allocates $11,000 per year for accredited college programs, with notable success from participants in NYU's Tandon program and Washington University in St. Louis. Jon's motto of "Mission first, people always," with a focus on comprehensive training, helps maintain an attrition rate below 5%.
Holistic Approach to Cybersecurity
Jon Brickey and his team engage with the entire cybersecurity spectrum, from sourcing and recruiting to coding, defensive cybersecurity, risk assessment, controls, event validation, and collaboration with investigators and legal experts. In his quest for talent, Jon prioritizes aptitude alongside fundamental knowledge, successfully integrating diverse professionals into his team. Noteworthy hires include:
- A former music teacher now excelling in the Red Team.
- A language instructor demonstrating exceptional Red Team skills.
- Law enforcement personnel showcasing excellent investigative capabilities despite limited technical backgrounds.
Emphasis on Character and Direct Relationships
Jon Brickey values direct relationships with his hires, prioritizing character, experience, certifications, and education, in that order. By focusing on these attributes, Jon ensures that his team is not only skilled but also aligned with Mastercard's mission and values.
A Comprehensive Strategy
Jon Brickey's insights underscore the critical role of diverse and comprehensive training programs in building a robust cybersecurity workforce. His strategies at Mastercard highlight the importance of continuous education, strategic partnerships, and a holistic approach to cybersecurity. By prioritizing character and fostering direct relationships with hires, Jon ensures that Mastercard's cybersecurity team is well-equipped to tackle current and future challenges, ultimately enhancing the organization's overall cyber resilience.
More Insight into Cyber Workforce Trends and Challenges
The 2024 SANS | GIAC Cyber Workforce Report includes six unique case studies from top cybersecurity leaders from leading organizations across the US. In addition, the report paints a full picture of the challenges and opportunities for building cybersecurity teams that are backed by successful hiring and development practices. To read the report in full, download it now.