Post
Post
Share
Annotate
Save
Julie Devoll, HBR
Hello, my name is Julie Devoll, editor of special projects and webinars at Harvard Business Review. I recently had the pleasure of attending Zero Trust World and sitting down with Sami Jenkins, [chief operating officer] and cofounder of ThreatLocker. Sami discussed the challenges of building high-performing cybersecurity teams and addressing the industry’s talent shortage and why organizations must stay actively engaged in managing their security.
Sami, thank you so much for joining us today.
Sami Jenkins, Threatlocker
Thank you for having me.
Julie Devoll, HBR
So ThreatLocker brings together developers, security engineers, researchers, and operations teams. What challenges come with structuring an organization that brings together so many specialized disciplines?
Sami Jenkins, Threatlocker
And the biggest challenge is getting everybody to work together at times. And we have a phenomenal team, and we do work at a rapid pace. And then finding the right talent, especially local to Orlando—we are office-based here and it is just finding the skill set at times.
Our teams do work very, very closely together, and they build a product, obviously. And so with ThreatLocker works, we have our developers who together. And then we’ve got our infrastructure push to build, and then we’ve got a help desk for customers as well. And the biggest challenge from day one, in a sense, is just structuring teams, in a sense.
So I’m responsible for building the teams. I still personally hire quite a lot of the people on the team. So as we grow, we always find different areas that need different skill sets. So currently, we’re working on building the solutions engineering team because, hey, we just released a new product. So I need more people to onboard that new product.
Julie Devoll, HBR
Got it. So cybersecurity is facing a significant talent shortage. What are the hardest jobs to find skilled workers [for]? And if there is a skills gap, what approach does ThreatLocker take to address [it]?
Sami Jenkins, Threatlocker
So the hardest role for ThreatLocker to find in Orlando is a kernel developer. We have some of those externally, but I would like to get one in Orlando just because it’s a high-priority role—or a team of them in Orlando—skills gaps and shortages. So a lot of it is a people problem at times. You have to want to come in, and you have to want to learn. And so we hire a lot of juniors and interns, and we train them on what we want to do. And then we mold them into what we need in a team.
But like this—there is a skills gap. We see it in developers. AI is not helping that at the moment. But we have a lot of junior developers who want to come in and do an interview. And they’re just using AI to script it for them because we give them a dev task. And then we ask them how it works, and they don’t know.
And we’re also seeing a lot of people aligning resumes to the job spec. And then when we come in and question what their skills [are], they just come back with nothing.
Julie Devoll, HBR
What is one misconception business leaders commonly have about cybersecurity? And how does that affect the way organizations approach risk?
Sami Jenkins, Threatlocker
So one of the biggest misconceptions is people think they’re safe if they’re not getting alerts or if their products—some of the products—are doing it. But obviously, the way ransomware works, I mean, it’s ever-changing.
So, I mean, you need to consistently monitor it. I mean, what worked yesterday may not work today, so you need to be always on the forefront. And also, people think, “Hey, I have a product,” and then they get lax. And then they stop monitoring it. And also, they think, “Hey, the product is—it’s doing what it needs to do, and we can remove that product. We’re not getting hacked.” And then suddenly, something happens. They get breached and then pay a ransom on it.
Julie Devoll, HBR
Well, Sami, thank you so much for sharing your insights with us today.
Sami Jenkins, Threatlocker
Thank you for having me.
Click here to learn more about ThreatLocker.
