CyberWire Daily — "Midseason Reflection with Kim Jones"

Podcast: CyberWire Daily — CISO Perspectives
Host: Ethan Cook (N2K Networks)
Guest: Kim Jones [CISOP]
Date: March 17, 2026

Episode Overview

This special episode of CISO Perspectives takes a reflective pause at the midseason, turning the microphone on regular host Kim Jones. Ethan Cook steps in as interviewer, prompting Kim to share the biggest themes, recurring pain points, and actionable lessons surfaced so far from conversations with cybersecurity leaders. Together, they delve into the interconnected challenges of talent, diversity, education, certification, and, above all, the need for greater consistency in the industry’s approach to securing organizations and building resilient teams.

Key Discussion Points & Insights

1. The Multifaceted Complexity of Cybersecurity Leadership

[02:27–05:10]

• Multiple Angles, No Easy Answers: Kim highlights how each guest brings a unique perspective, revealing the “multifaceted” (03:03) and persistent complexity of modern cybersecurity—from talent gaps to evolving leadership strategies.
• Soundbites vs. Substance: Kim critiques the industry’s tendency to favor hot takes over deeper exploration:

  “Everyone seems to have an opinion ... and everyone seems to give that opinion in the sound bite. ... When you start to get them to peel that onion away, no one seems to have time … you miss some of the nuance and complexity.” (Kim Jones, 03:24)

2. The Cyber Talent “Bloodbath” & Arms Race

[05:10–09:09]

• Short-termism and Fear: Firms focus on poaching ready-made talent rather than nurturing employees, driven, Kim argues, by time pressures and fear of failure.

  “We have created an environment in that ecosystem that says I have to be right 100% of the time, which by definition sets the profession up for failure.” (Kim Jones, 07:14)

• Poaching vs. Building:

  “… why am I going to take someone who has the potential for doing great and wonderful things and nurture them and grow them, etc. When I can steal? Someone who has the ability to do it now …” (Kim Jones, 07:51)

3. The Root Problem: Inconsistency

[09:09–11:34]

• Lack of a Unified Approach: Kim asserts that inconsistency—across job requirements, educational expectations, hiring criteria—is the biggest headache in the profession.

  “You can't tell me that college doesn't matter yet the only place you recruit from are people with college degrees and universities.” (Kim Jones, 09:54)

• Key Takeaway:

  “If I were to label our biggest headache, it's inconsistency. … Whichever approach we choose to take, ... the vast majority of us are being inconsistent in our approach, and that's what's shooting us in the foot.” (Kim Jones, 10:41)

4. Diversity, Equity, and Inclusion: Beyond Politics

[12:13–16:46]

• Critical Need for Diverse Perspectives: Kim addresses DEI from a pragmatic, not political, standpoint—asserting its absolute necessity for innovation and resilience.

  “I would contend that [diversity is] not a political issue, it's an issue regarding critical thinking. ... If we all have similar backgrounds ... then we're all going to think about the problem in a similar fashion. That limits our creativity.” (Kim Jones, 13:55)

• A Personal Story:

  “I've been in situations where people have questioned whether or not I've earned the right to be where I am, questioned whether or not I'm just a diversity hire, despite the fact that I tend to take the jobs that nobody else wants to take.” (Kim Jones, 12:57)

• Value of Challenge:

  “I don't want people who think like me. ... I want people who are going to challenge the way I look at problems.” (Kim Jones, 16:49)

5. The Value of Critical Thinking & Real-world Experience

[16:49–23:47]

• War Story: Kim recounts how his outside-the-box thinking—shaped by diverse experiences—helped solve a seemingly intractable technical problem.

  “I came up differently than [my engineers] had ... from my military background ... solving problems with duct tape, chewing gum and baling wire. ... There's only really two ways to develop better critical thinking skills. One is experience. The other is somebody else's experience.” (Kim Jones, 21:22)

• Mentorship & Learning:

  “Unless you want to be old like I am ... I like to lean on other people's experience and learn from them and get better.” (Kim Jones, 22:33)

6. Education and the “Purple Unicorn” Illusion

[23:02–29:25]

• Are Colleges Irrelevant? Kim pushes back against the notion that university degrees are unnecessary for cyber roles—arguing that college builds critical thinking and adaptable skills:

  “There is this staunch misperception that college is worthless ... but there's a value proposition. Part of that is critical thinking.” (Kim Jones, 24:43)

• Industry’s Unrealistic Demands:

  “We're looking for that purple unicorn with the rainbow butterfly wings ... who has three years of experience in exactly the tools I'm looking for, has all the certifications ... and wants to work for $50,000 a year.” (Kim Jones, 27:47)

• Mercenaries, Not Missionaries:

  “We're hiring mercenaries, not missionaries. ... And then we're complaining that we can't find the talent or resources and we don't want to spend the time to build it.” (Kim Jones, 26:40)

• Attempting to Offload Training: Ethan notes that businesses want candidates perfectly trained at someone else’s expense:

  “It sounds like businesses ... are trying to offload training costs onto the individual or the college.” (Ethan Cook, 28:41)

7. Are We a Trade or a Profession?

[29:25–31:06]

• The “Trade vs. Profession” Dilemma:

  “Are we a trade versus a profession? ... there's a pivot point for both, but we still haven't been consistent.” (Kim Jones, 29:35)

• Consistency, Again: Defining uniform requirements is key—otherwise expectations are unclear for both industry and academia.

8. The Certification Maze

[31:06–37:00]

• Too Many Certifications:

  “There were like over 450 separate certs that you could get within cyber ... what's required and what's not.” (Kim Jones, 31:42)

• Certifications as Gatekeepers: Automated screening for high-level certs in entry positions is unrealistic and exclusionary:

  “They're looking for this [CISSP] for entry level positions with two years of experience and you can't get the CISSP until you have five ...” (Kim Jones, 35:20)

• The Business of Certification:

  “… certification has become more of an industry or business ... than something that proves out your ability to do the gig.” (Kim Jones, 36:22)

• There Is Some Value—But Be Consistent:

  “There are some value propositions to certifications and there’s a right way to do it ... there are also some cons and challenges.” (Kim Jones, 36:44)

9. The Recurring Need for Consistency

[37:00–38:07]

• A Cycle of Inconsistent Practices:

  “Consistency from both a organizational perspective. Consistency from A CISO perspective ... from a employee perspective ... I think will be critical.” (Ethan Cook, 37:09)

• Looking Forward: Next episodes will continue examining how the industry can achieve this.

Notable Quotes and Moments

• “We are nothing if not inconsistent regarding our approach to this problem, and we continue to be.” (Kim Jones, 11:23)
• “Diversity is absolutely essential for a cyber professional and their team to succeed.” (Kim Jones, 15:47)
• “We're hiring mercenaries, not missionaries.” (Kim Jones, 26:40) — originally attributed to Will Markow.
• “There are only really two ways to develop better critical thinking skills. One is experience. The other is somebody else's experience.” (Kim Jones, 22:19)
• “Consistency ... the C word’s going to be there for a long time.” (Kim Jones, 37:06)

Key Timestamps

• 00:00–02:27: Introduction, show setup, and context by Ethan Cook.
• 03:24–05:10: Discussion on the multifaceted nature and superficiality of industry hot takes.
• 05:10–09:09: The talent “bloodbath” and industry’s reactive tendencies.
• 09:09–11:34: Inconsistency as the profession’s biggest headache.
• 12:13–16:46: Why Kim did a DEI-focused episode solo; the value of diversity.
• 16:49–23:47: War stories, critical thinking, and the role of experience.
• 23:47–29:25: The problem of unrealistic demands for “purple unicorns”; university/career pathways.
• 29:25–31:06: Trade vs. profession—what does/should cyber aspire to be?
• 31:06–37:00: Certification overload, murky credentialing, and gatekeeping.
• 37:00–38:37: Wrapping up: the recurring call for industry-wide consistency; preview of coming episodes.

Episode Tone & Style

• Direct, Thoughtful, and Candid: Kim’s voice is pragmatic, unvarnished, but deeply constructive—reflecting decades of “in the trenches” leadership. Ethan’s prompts are curious and reflective.
• Analogies and Storytelling: Kim uses vivid stories (“Guns and the Geeks,” problem-solving with “duct tape, chewing gum and baling wire”) and memorable terms (e.g., “purple unicorns”).
• Challenging the Status Quo, Seeking Nuance: Both speakers continually probe beneath surface-level answers, urging listeners to avoid quick fixes and lean into complexity.

Final Reflection & Looking Ahead

“Today was a moment for reflection, an opportunity to look back at the journey we've taken this season and revisit the powerful insights shared by the guests who joined us. From tackling the cyber talent crunch to reimagining what strong security leadership looks like … we’ve covered a lot of ground.” (Kim Jones, 38:37)

What's Next?

The season finale will reverse roles once more, with Kim interviewing Ethan, promising a synthesis of all major season themes and a discussion of the evolving role of the CISO.

For listeners interested in deeper dives on these topics or who missed earlier episodes:
This reflection distills the season’s recurring struggles—with talent, diversity, education, certification, and above all consistency—laying vital groundwork for continued evolution as a profession. The episode is rich in both frontline insights and actionable critiques, making it essential listening for anyone serious about cybersecurity leadership.