![Mid season reflection with Kim Jones. [CISO Perspectives] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F1dbba220-f7ac-11f0-878a-4b5e0a72f77f%2Fimage%2F4576c79a6260b29daaff0ea0480913c0.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)
CyberWire Daily: CISO Perspectives – Mid-Season Reflection with Kim Jones
Host: Ethan Cook (N2K Networks)
Guest: Kim Jones, Host & Former CISO
Aired: February 3, 2026
Episode Overview
This special mid-season episode flips the script: regular host Kim Jones becomes the guest as editor Ethan Cook leads a reflective deep dive into the first eight episodes of CISO Perspectives. Together, they examine recurring challenges in cybersecurity leadership, especially around talent, diversity, education, and the profession’s future. The discussion is candid, insightful, and rich with anecdotes as Kim distills lessons learned and pinpoints industry-wide pain points—and possible solutions—as the series heads toward its finale.
Key Discussion Points & Insights
1. Complexity and Multifaceted Challenges in Cybersecurity Leadership (02:50–05:10)
- Ethan notes how each guest brought “a different viewpoint,” reinforcing how “complex” and “multifaceted” the cybersecurity problem is.
- Kim: The industry often defaults to “soundbite opinions” about critical issues—especially the cybersecurity talent gap—without diving into the underlying nuance or doing the research.
- Quote: “No one seems to have time to do the work, to do the research… you miss some of the nuance and complexity if you don’t do that.” (04:04)
2. The Talent ‘Bloodbath’ – Mercenaries Over Missionaries (05:10–09:09)
- Referencing Will Markow’s episode, Ethan highlights the ongoing “bloodbath” for top talent, where organizations poach rather than nurture employees.
- Kim: Time pressure and fear—not negligence—fuel short-term hiring. With rising stakes (fines, potential jail time), leaders fear making mistakes and prefer to hire proven performers, not develop new talent.
- Quote: “We have created an environment…that says I have to be right 100% of the time, which by definition sets the profession up for failure.” (07:40)
- This creates a cycle where “stealing talent” is easier than investing in growth.
- Organizations often “hire mercenaries, not missionaries,” expecting them to leave when a better offer arises.
3. Core Problem: Inconsistency in Approach (09:09–11:34, 29:25–31:06)
- Kim argues the “inconsistency” in how organizations approach recruiting, developing, and retaining talent is the root issue:
- Can’t claim “college doesn’t matter” yet only recruit from colleges.
- Can’t trumpet skills-focused hiring if you don’t define or assess for specific knowledge, skills, abilities, and experiences (KSAEs).
- Quote: “If I were to label our biggest headache, it’s inconsistency. And whichever approach we choose to take… I contend that the vast majority of us are being inconsistent in our approach, and that’s what’s shooting us in the foot." (10:24)
- Calls for consistency across recruiting, professional standards, and internal development.
4. Diversity, Equity, and Inclusion—the Critical, Not Political, Imperative (12:13–16:46)
- Kim shares personal experience navigating the DEI conversation as one of few Black CISOs of his generation.
- Frames the value of diversity as essential not just for image or compliance, but for innovation, critical thinking, and security’s strategic mission.
- Quote: “If we all have similar backgrounds… then we’re all going to think about the problem in a similar fashion. That limits our creativity." (15:38)
- “Diversity is absolutely essential for a cyber professional and their team to succeed.” (16:11)
- Diversity extends beyond race and gender—to economic status, education, and thought.
5. Critical Thinking & Experience – The “Purple Unicorns” Debate (22:47–28:41)
- Discussing episode 7 with Dr. Laura Ferry (Arizona State University), Kim and Ethan examine the push-pull between the value of formal education and real-world experience.
- Many demand “hyper specific experience,” resulting in unrealistic job postings for “purple unicorns” with tailored skills.
- Quote (Kim): “We’re stealing talent. We’re not creating talent… And then we complain that we can’t find the talent or resources and we don’t want to spend the time to build it.” (25:51)
- The expectation for colleges to graduate perfectly job-ready talent is “antithetical” to higher ed’s actual mission.
- Kim paraphrasing Laura: “We now create an individual who is absolutely, positively perfect for your job requirement but may not be hireable anywhere else… That’s a problem.” (28:10)
6. Trade vs. Profession: The Identity Crisis (29:25–31:06)
- Drawing from an early episode with Larry Whiteside, Kim reflects on whether cybersecurity is a trade (with clear practical skills) or a profession (with distinct standards).
- Again, the industry’s “inconsistency” around expectations for entry creates hiring friction and limits workforce development.
7. Certifications: Industry Solution or Barrier? (31:06–37:00)
- In Kim’s episode with Simone (with a legal & certifications background), they discuss the overwhelming number (450+) of certifications and the lack of an industry-wide standard akin to the legal bar.
- Entry-level job requirements often list certifications (e.g., CISSP) that require more years of experience than entry-level staff can have.
- Certification processes risk becoming a business in themselves, benefiting test providers more than professionals.
- Kim: “There are some value propositions to certifications… there’s a right way to do it. But it’s important to remember just as there are pros for certifications, there are also some cons and challenges.” (35:55)
8. Looking Ahead: The Path Forward & The “C-Word” (Consistency) (37:00–end)
- Quote (Ethan): “Consistency from both an organizational perspective… a CISO perspective… consistency from a employee perspective or prospective talent and being consistent in how you approach it.” (37:09)
- Kim teases future episodes and the upcoming season finale, which will further tie together themes and look toward the future of the CISO role.
Notable Quotes & Memorable Moments
- “No one seems to have time…you miss some of the nuance and complexity if you don’t do that.” (Kim Jones, 04:04)
- “We have created an environment… that says I have to be right 100% of the time, which by definition sets the profession up for failure.” (Kim Jones, 07:40)
- “If I were to label our biggest headache, it’s inconsistency…” (Kim Jones, 10:24)
- “Diversity is absolutely essential for a cyber professional and their team to succeed.” (Kim Jones, 16:11)
- “We’re stealing talent. We’re not creating talent… And then we complain that we can’t find the talent or resources if we don’t want to spend the time to build it.” (Kim Jones, 25:51)
- “We want you to prove it by doing it somewhere else. So… we are inappropriately, unfairly and unrealistically attempting to shirk the responsibilities of any good profession and any good trade to make sure that we create a virtuous cycle that allows for training and growth.” (Kim Jones, 30:22)
- “Certification has become more of an industry or business…than something that proves out your ability to do the gig.” (Kim Jones, 34:39)
- “Consistency… will be critical.” (Ethan Cook, 37:09)
Timeline of Significant Segments
| Timestamp | Discussion Segment | |------------|-------------------------------------------------------------------------------------------| | 02:27 | Kim reflects on the shift from host to guest, setting a candid, introspective tone | | 03:24 | Debrief on talent discussions and the dangers of soundbites over research | | 05:10 | The “bloodbath” for top talent and root causes: time and fear | | 09:09 | Is change possible? Short-term vs. consistent solutions for talent development | | 11:34 | Talent assessment, the diversity episode, and Kim’s decision to go solo on such a subject | | 12:13 | Kim’s DEI experience—making the business case, not a political argument | | 16:46 | The value of diversity beyond demographics—critical thinking in action | | 22:47 | The false dichotomy between education and experience; purple unicorn problem | | 31:06 | Certification industry explosion and its impact on hiring | | 37:00 | Bringing it all together: Consistency as the persistent, critical “C-word” | | 38:37 | Teaser for the season finale and closing reflections |
Episode Tone & Takeaways
The conversation is reflective, honest, and informed by Kim’s long personal history at the intersection of security, leadership, and talent development. Both host and guest emphasize the urgent need for industry-wide consistency in hiring, development, and standards—and stress that diversity and an openness to various experiences are not just ideals, but operational necessities. The issues examined here—from the overreliance on certifications to the “mercenary” talent war—challenge listeners to move beyond surface-level solutions and commit to building a more sustainable, strategic cybersecurity field.
For Listeners New and Old:
This episode serves as both an accessible entry and a recap, providing newcomers an orientation to the pressing issues shaping the cybersecurity workforce—and giving returning subscribers context for deeper themes that will return in the season’s final episodes.
For Further Insights:
Kim and Ethan encourage all listeners to subscribe, promising even richer discussions and a culminating finale where trends, challenges, and the evolving CISO role will be synthesized and projected forward.