C (14:04)

This.

D (14:04)

Episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed's sponsored jobs to hire top talent fast. And even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

B (14:39)

It is always my pleasure to welcome back to the show Kevin McGee. He is the Director of Cybersecurity for Microsoft for Startups. Kevin, welcome back.

C (14:48)

Hi Dave. Glad to be back.

B (14:50)

So it is that time of year, the most wonderful time of the year when the kids go back to school. So we thought today we would do a little Dave and Kevin back to School Edition. What do you got for us today, Kev?

C (15:02)

Well, we both have our kids off to school. It's the happiest day of the year for parents, which is great, but one of the things that we've explored over the years is just the skills gap, but from a different perspective of how do we really address the skills gap in a positive manner, and that's making sure that we're providing educational opportunities to bring in folks from outside the industry to provide opportunities for those within the industry to grow different skills. Because if you're super technical and you just go for another certification in technical aspects of the industry, it's not preparing you for a leadership role. It's not preparing you to be a manager, to recruit and motivate and mentor your staff. So I've always seen this leadership gap challenge within our industry that I thought was really something we needed to address. And I've had an opportunity to work with a couple of universities to develop some programs over the last little while and doing a survey of what's available in the US And I'm Canadian, of course, in Canada. I'm very pleased to see sort of where we're headed with some of the educational opportunities available.

B (16:06)

Well, before we dig into some of the specifics, can we stay at a high level for a second and let me just be put on my skeptical hat for a minute and ask, are you convinced that the notion of a skills gap is a real thing? Because not everybody is.

C (16:23)

I'm on record, I think extensively on this podcast of saying no, I don't think there's a skills gap. I meet with students every day in my role and through my connections with universities and colleges that are desperately trying to get in the industry but can't find a job. And then I meet with employers who are trying to hire. They just can't hire. It's not a skills gap, it's a skills mismatch gap. We want someone with five years experience, we want someone with leadership experience. And again, what other options? A lot of the young people come to me and say, well, I've got five certifications, should I do another? It's hard to differentiate yourself. It's hard to demonstrate real world experience. It's hard to match up those two sides. And I think that's because we're just not a mature industry like plumbers. You know, there's a. There's a very clear way to become a plumber. There's a very clear way to become an accountant. There's a very clear way to become A doctor, a lawyer with an apprenticeship or an internship or an article in process or whatnot. We're just not there yet, but we're headed in that direction.

B (17:24)

Well, let's talk about some of the specifics then. I mean, in terms of maturation, where, where does the industry stand?

C (17:31)

Well, I've had some firsthand experience with the University of Guelph where I did my master's degree. We created a threat intel program which was a combination of practical skills, but then also theoretical knowledge which involved a capstone project working with companies and cyber leaders to build something out in the real world. The university recruited a board of prominent cybersecurity professionals that could come in and provide guest lectures and really provide those real world experience. What was great for the students, they got to interact with people actually doing the jobs and what was great for the employers is they got a firsthand look at some of those folks that are actually the brightest and up and coming. And we could give feedback then to the university for what could be changed to make the program better. A number of colleges in Canada, I'm not sure if it's the same in the US have these advisory boards where they bring in industry folks to help with curriculum. I'm on a number of them. So I really encourage anyone who wants to look at joining a board of directors or whatnot. This is a good gateway to learn the skills, to work with an educational facility in a board advisory manner, but to just go through the curriculum, provide feedback, real world experience into this program. So it's really making a difference. Now Guelph is actually launching a leadership program in combination with the business program to combine what are the leadership qualities and what are the management qualities that you need to learn to be a successful leader. But within the cyber range, which is completely different from managing in any other business context, what does that provide for.

B (19:10)

The person new to the industry to walk in with classroom experience in leadership training. Classroom training in leadership, but still lacking that time with an organization that five years of experience that everybody seems to want these days.

C (19:30)

I think it's going to be difficult to walk into maybe a soc and manage a SOC without any sort of experience. But there's so many other roles that are popping up in our industry now that just didn't even exist maybe a year ago or whatnot that are going to require different skills. So managing risk from a compliance management or automating compliance, we have teams now that are involved in creating basically soar for compliance solutions. Completely different skill set than managing a SoC. But the fundamentals of leadership and management are universal. So there's an opportunity for experienced managers to come from other fields into our industry and maybe bring interesting things from what happens in those industry to ours. The great example I've always used, I sat on a hospital board for a number of years and we started every board meeting with the chief nursing officer of doing a near miss analysis where we went over a potential bad thing that could have happened and what the organization learned from that. Now that's something I've brought to my career in cyber to say let's not wait till something bad happens, let's discuss near misses and how can we improve and get better. So I think it's a chance to bring other folks from other industries maybe into the fold and expand our talent pool, but then also give those technical people that maybe have a computer science degree with no management experience or skills that opportunity to move up in the leadership positions and be successful.

B (20:48)

What's your advice for the folks who are actually heading back to school as we're recording this, to increase their odds of being the one who's selected when they graduate or when they decide they want to enter the market. What are your recommendations for the breadth of things they should have under their belt?

C (21:11)

I think when we started out in our generation, you were the computer guy and you had to know everything about the computer and that was fine. And our industry is really getting evolved to sort of niche specializations. So exploring different aspects of what is available in terms of career. Is it forensics? You're interested and you're seeing a lot of cyber law programs that are evolving now where you're not really training to be a lawyer, but you're training to understand how to administer compliance and whatnot. I think thinking beyond the careers available in cybersecurity are just penetration testing and configuring firewalls to the greater depth and breadth of the careers that are available and explore those because there's fascinating opportunities in privacy and consent management. The explosion of AI is going to create all sorts of new challenges and problems that we're going to have to address as security profess professionals as well too. So interdisciplinary skills are fantastic. Bringing like law or some other aspect to the cybersecurity space, but then also finding a niche that really resonates with you as well. So you stand out. Not a generalist now, specialist. I think that's where we're headed. And the market for the educational offering seems to be headed in that direction as well.

B (22:30)

Let me flip it for you then. I mean what about for the employers? What part can they play in addressing this skills mismatch as you describe it?

C (22:42)

Yeah, I think the Guelph example where we brought in 40 or 50 different companies to advise. Great opportunity to engage directly with the students, provide feedback on the training. But also the more you're engaged and involved in these programs, the first look of the best talent is yours. So you get to pick out that talent and maybe make that offer before anyone else as well. So you're not, you can't just really wait around for someone to pop up on the radar that has all the skills that you're looking for and all the aspects. I think really we need to start looking at developing talent and taking responsibility for that. And I find the organizations that are hiring the best talent and moving those talent through a process of promotion and whatnot and getting them really engaged quicker are the ones that are very invested right from the very beginning of the pipeline.

B (23:33)

Kevin McGee is director of Cybersecurity for Microsoft for Startups. Kevin, thanks so much for taking the time for us.

C (23:39)

Great. Thanks, Dave.

A (23:52)

Running a business comes with a lot of what ifs, but luckily there's a simple answer to them. Shopify. It's the commerce platform behind millions of businesses including Thrive Cosmetics and Momofuku, and it'll help you with everything you need. From website design and marketing to boosting sales and expanding operations. Shopify can get the job done and make your dream a reality. Turn those what ifs into Sign up for your $1 per month trial@shopify.com Specialoffer.

E (24:21)

Mint is still $15 a month for premium wireless. And if you haven't made the switch yet, here are 15 reasons why you should 1.

B (24:29)

1.

E (24:29)

It's $15 a month.

B (24:31)

2.

E (24:31)

Seriously, it's $15 a month.

B (24:34)

3.

E (24:34)

No big contracts.

B (24:35)

4.

E (24:36)

I use it.

B (24:36)

5.

E (24:37)

My mom used to say, are you. Are you playing me off? That's what's happening, right? Okay, give it a try. @mintmobile.com Switch upfront payment of $45 for.

A (24:45)

Three month plan $15 per month equivalent required New customer offer first three months only, then full price plan options available, taxes and fees extra. See mintmo.com.

B (24:59)

And finally, it was perhaps only a matter of time before the Darwin Awards, a long monument to human misadventure, spawned an AI edition. The 2025 AI Darwin Awards honor Not tragic self removal from the gene pool, but the hubris of deploying machine intelligence where wisdom plainly did not follow. Consider Taco Bell's drive thru AI, whose grasp of natural language proved as tenuous as its tortillas. Or Ripplet's vibe coding episode, in which an overeager model dutifully ignored instructions and annihilated a production database. Proof that do not touch is irresistible to algorithms and toddlers alike. McDonald's, meanwhile, entrusted 64 million job applicants data to a chatbot felled by the mighty password 123456. The awards remind us AI is merely a tool, although one with global reach, zero patience and alarming enthusiasm. And that's the cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2n2k's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Teltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Sam.