CyberWire Daily: "Bringing it all together. [CISO Perspectives]"
Host: Kim Jones (N2K Networks)
Guest: Ethan Cook (Producer, Researcher, Season Writer)
Date: February 10, 2026
Episode Overview
In the season finale of CISO Perspectives, host Kim Jones reflects on the biggest themes and insights from the past season with Ethan Cook, the podcast's producer and key behind-the-scenes researcher. This deep-dive recap explores the intricacies and contradictions in the cybersecurity talent ecosystem, emphasizing key lessons learned, persistent challenges, and forward-looking calls for action.
Main Themes
- The complexity and contradictions in the cybersecurity talent pipeline
- The impact of fear and opportunity in talent development
- Ongoing debates on whether cybersecurity is a trade or profession
- The difficulty defining and building sustainable career pathways
- The underappreciated value of diversity and inclusive hiring
- The need for industry-wide systemic changes—“Deeds, not Words”
Key Discussion Points & Insights
1. Entering Cybersecurity: The Outsider’s View
- Kim Jones introduces Ethan Cook as a near “tabula rasa” observer, granting a fresh perspective on the field.
- Ethan Cook admits to little prior experience in cybersecurity, highlighting the industry's openness to diverse backgrounds—and the common "stumble-in" story.
“Everyone seems to find a stumble of a way into cyber.” (03:23)
2. The Two Forces Shaping the Talent Ecosystem: Fear & Opportunity
[03:23–05:10]
- Fear:
- Hiring managers avoid taking chances on inexperienced or non-traditional candidates; institutions reluctant to invest in junior talent.
- Fear of mistakes, budget risks, and disturbing the status quo.
- Demand for “perfect” candidates stifles opportunity and innovation.
- Opportunity:
- Despite persistent problems, industry leaders maintain a belief that solutions are possible if approached systematically.
- Consensus: challenges are addressable, but require community and consistency.
Quote:
“First observation... is fear. The second observation... is opportunity. None of it ever felt like, oh, we just have to accept the fact that we are never ever going to get the budget we need or... the perfect talent pipeline.”
— Ethan Cook (03:23)
3. Building Practical Skills & Real-World Experience
[05:10–07:39]
- Kim Jones notes a paradox: everyone wants experienced hires, but few provide paths for juniors to gain that experience.
- Ed Vasco (Ep 11) likens cybersecurity training gaps to medical residencies, suggesting structured environments for early-career experience.
Quote:
“Most of these teaching hospitals are attached to a university... I took the same metaphor and said... would you be willing to allow early career professionals that opportunity to come in... and have consequence?”
— Ed Vasco (05:58)
4. Misreading Cybersecurity Workforce Data
[08:39–11:37]
- Will Markow (Ep 8) clarifies that statistics on open cyber jobs are misconstrued; the “700,000 open jobs” figure is cumulative over a year, not a snapshot.
- There are actually more entry-level applicants than entry-level jobs:
"For every 100 entry-level jobs, we had 110 entry-level workers vying for that.” (10:19)
- The industry tends to "hire mercenaries, not missionaries"—seeking top resumes in a competitive arms race.
5. Trade vs. Profession: The Identity Crisis
[11:37–15:32]
- Recurrent debate: is cybersecurity a trade (skill-based) or profession (formalized, structured)?
- Larry: Entry careers are trade-like; skills matter more than certificates.
- Ed Vasco: Cyber is fundamentally a profession with technical demands.
Quote:
“When you think about the entry level... it's not about certifications, it's about skills... akin to a trade.”
— Larry (12:54)
“I lean towards the idea... that we are a profession that has technical representation.”
— Ed Vasco (13:52)
Ethan Cook’s synthesis: Cybersecurity should be treated as a profession, but must acknowledge and reward technical skill pathways.
6. Opening Pathways into Cyber
[15:32–22:45]
- Multiple paths: degree, non-degree, certifications, skills-based.
- Ed Adams:
“You don't need to have a technical background to have a successful career in cybersecurity, full stop.” (16:22)
- Dr. Laura Ferry (ASU): Industry partners expect new hires to be fully pre-trained for their unique environments.
Quote:
“Each company would like us to teach these students to code the way they code... and not have to do any on the job training at all.”
— Dr. Laura Ferry (17:52)
- Hiring managers want "purple unicorns”—impossibly perfect candidates.
- Cyber has little tolerance for on-the-job mistakes, unlike most sectors.
7. The Vendor Proliferation Problem
[19:48–21:10]
- Thousands of cyber vendors, each with unique products, contribute to fragmented hiring—a demand for specific tech knowledge over broader skills.
Quote:
“Everyone wants the system done the way they do. They don't want to train people up.”
— Ethan Cook (19:48)
8. Skills-Based Hiring & Work Role Clarity
[22:45–25:55]
- Skills-based hiring rising—but slowly.
- Simone and Jeff Wilkin: Advocate defining job roles by competencies, not credentials.
Quote:
“Being able to rely on a credential alone can't be indicative of someone's true competence to perform the job.”
— Simone (22:45)
- Workforce Planning: Deliberate mapping of entry-to-executive pathways is essential (Ep 3).
9. Diversity—Beyond Lip Service
[25:55–29:34]
- Diversity increases team performance and error correction.
- Not just about race/gender—encompasses backgrounds, ways of thinking, problem solving.
Quote:
"It's not about checking off some box... I think the better way to view it is what I am bringing is different ways of thinking into my organization."
— Ethan Cook (26:22)
10. Solutions: Toward Systemic Change
[31:08–36:27]
-
No single fix—problems span the entire talent lifecycle.
-
Ethan’s recommendations:
- State-backed training: Like Ed Vasco’s Idaho model, similar to medical/nursing residencies.
- Bar-like association: State-level systems for consistency, credentialing—multiple routes (not only via four-year degrees); leverage community colleges.
-
Cautions: Avoid exclusion of capable candidates without college degrees; requirements should be defined by demonstrable skills, not pedigree.
“We have sat back on our laurels in our ivory towers and said, just trust us.”
— Dr. Laura Ferry (35:56)
11. The “First Mover” Challenge & Call for Action
[36:49–41:17]
- The burden falls on industry leaders and CISOs to take risks, try new methods, and break from unproductive routines.
“How the hell is it going to get any better if you don't show up?... Be the courageous hero. If there's no role model, become one. Show up.”
— Kim Jones (37:47)
Notable Quotes & Moments
- On Fear:
“There’s a lot of fear in the ecosystem right now... people are unwilling to take a risk.”
(03:23 – Ethan Cook) - On Skills vs. Credentials:
“Entry level means no experience.”
(16:22 – Ed Adams, cited by Kim Jones) - On Defining Entry-Level:
“If you're expecting new hires to have more than a year's experience though, you're not looking for entry level candidates, but rather looking to steal experienced assets.”
(42:54 – Kim Jones summary) - On Diversity’s Business Value:
“My team produces more than your team. My team is more effective in what we produce. They produce less errors, they account for more facts, they correct facts, they correct errors faster, etc.”
(28:31 – Ethan Cook) - On Leadership Courage:
“The world doesn't change through complaining. It changes through direct action.”
(38:13 – Kim Jones)
Summary of Kim Jones' Final Rant ("Deeds, Not Words")
[41:40–45:32]
Kim’s closing monologue pulls together the season’s core frustrations:
- Inconsistency in job descriptions and talent expectations
- “Talent theft” (hiring experienced people vs. growing talent)
- Lack of clear, internal advancement pathways
- Systemic failure to act (“stop talking and start doing”)
- Need for mapping entry-level roles, reframing educational partnerships, and creating merit-based internal progression
Key Points:
- Walk the talk: align hiring, training, and promotion practices with actual organizational beliefs and needs.
- Build true entry-level jobs and adjust pipelines to reality.
- Standardize and professionalize cybersecurity talent management.
Important Timestamps
- 03:23 – Fear and opportunity in the cyber talent system
- 05:58 – Ed Vasco on practical experience and training
- 10:19 – Will Markow on entry-level job reality
- 12:54 – Larry on trade vs. profession
- 16:22 – Ed Adams on non-technical backgrounds
- 17:52 – Dr. Laura Ferry on varied industry expectations
- 22:45 – Simone on skills-based hiring
- 35:56 – Dr. Laura Ferry on higher education’s “ivory tower” gap
- 37:47 – Kim Jones on the challenge of being “the first” diverse hire
- 42:54 – Kim Jones, closing action points
Takeaways for Listeners
- The cybersecurity talent ecosystem is complex, often contradictory, and in need of systemic reform—not just more conversation.
- Consistency, courage, and a focus on deeds over words are vital.
- Diversity is not a quota: it's a strategic advantage.
- Entry-level really does mean entry-level; organizations must allow space for growth and mistakes.
- Solving the talent challenge will require multiple, coordinated routes and a collective appetite for risk and experimentation.
Listen if:
You want a nuanced, honest, and solutions-oriented look at why cybersecurity hiring remains so difficult—and what leaders, educators, and aspiring professionals can actually do about it.
![Bringing it all together. [CISO Persepctives] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F57e23afe-f7ac-11f0-970f-efc977a05d89%2Fimage%2F4576c79a6260b29daaff0ea0480913c0.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)