Monday, July 7, 2014

How secure is your cyber?

It was wonderful to reconnect recently with Cecily Joseph, VP, Corporate Responsibility & Chief Diversity Officer at Symantec Corporation and hear about a fabulous new initiative that I was very impressed with. And let's face it, you know that I don’t get impressed all that easily. The program is an inspired combination of meeting an array of social needs, supporting Symantec's business, building and consolidating meaningful social partnerships and engaging employees. Roll all that into one program, with a clear target outcome, and it seems to me you have a sustainability winner. This is what powerhouse Cecily Joseph and her team and partners have achieved with the new Symantec signature program, the Symantec Cyber Career Connection (SC3) . The focus of the program is on closing the cyber workforce gap. I'll share a few insights from Cecily, and then, I will go on to tell you about some other things about Symantec's sustainability communications which impressed me as well. Hmm, don't want to overdose on being impressed, but if the shoe fits…. 

SC3 is based on the fact that cybersecurity is becoming a necessary part of what almost every company does. Research has shown that an estimated 300,000 cyber security jobs in the U.S. cannot be filled, and 20 percent of these jobs could be filled by people without college degrees. Symantec’s Internet Security Threat Report has shown that the amount of data breaches grew by 62% in 2013 and that approximately 552 million identities were exposed worldwide as a result of data breaches. Many of the companies that need cybersecurity talent, such as data analysts, security analysts or network defense technicians are customers of Symantec's information security programs and services. By investing in developing the cybersecurity talent pool, Symantec is serving its customers while supporting its own sustainable business value proposition. Symantec's long-term commitment is to put 15,000 individuals a year through the SC3 program (after it has been piloted successfully and reached scale) and equip them to become our cyberprotectors of the future. Typically, these will be individuals from underserved populations that would otherwise not have had a similar opportunity to become qualified to perform meaningful (and interesting) work. 

How's it going to work? 
"The program will run as a pilot, starting in three cities – New York, New Jersey and Baltimore. We are working with experienced non-profit partners, for example, Npower has vast experience of delivering similar programs and LifeJourney has a tried and tested record on digital learning environments to support STEM education. The idea is to encourage economically disadvantaged people between the ages of 18 to 29 who have not had the means to pursue a college degree. We will link in to existing programs and curricula, adding our own specialized cybersecurity syllabus." 

Will this be an online learning program? 
"No, this can't be an online program. It's more than just learning the technical aspects. We are helping prepare individuals for getting out into the job market – preparing resumes, interviewing etc. That's why our initial reach will be limited. The nature of the study requires a hands-on learning environment." 

Symantec is a big company. Why don't you just hire people and train them for jobs in cybersecurity at Symantec? 
"We have a cybersecurity (information security) department here at Symantec just like everyone else. We need such a department to protect our own systems and networks. The sort of people that are needed in that department are very different from the software engineers and programmers who develop our products and make up a large part of our population. So it wouldn’t be realistic to think we could fit thousands of cybersecurity analysts into our own company, though we will of course consider hiring SC3 grads if we can. Our contribution is much greater when we create a pool of talent that is so needed in the industry, and help SC3 grads get jobs through the connections we have with our corporate customers." 

How did you hit on this idea? 
"We wanted to make our impact resonate. We have been doing so much over the years, but we hadn’t come up with a leading program that we felt was having enough of an impact and reflecting our investment. We also wanted to create an initiative that would engage our employees in a more compelling way. We could have gone down the route of combatting cyberbullying or other such social impact programs, but we were hearing loud and clear that there is a real shortage of skilled people and we felt that was a need we were uniquely equipped to meet." 

What about women? Have you made women a specific target of this program? 
"Getting more women in technology is difficult to say the least. However, we have a program goal of at least thirty percent women as a first step. We are working with our partner organizations to do the outreach. We will be involving our own women employees to help mentor and support the SC3 students. Many of our target group have not had an inspiring woman role model in technology and that's something we have quite a few of at Symantec." 

How many employees will be engaged in this program? 
"That's hard to say, there will be many opportunities in different parts of the SC3 program. One of the things I am most proud about is that I have already had many employees come up to me requesting to participate. Our employees get this. It resonates with them. They understand well the threat of cybersecurity, of course, and they know they have skills to contribute. This is a really exciting aspect of the program for me. It's creating a new momentum in the company". 

It seems to me that Symantec have hit on a good thing. I wish Cecily and her team success. The better we get at cybersecurity, the better off we will all be.

Before I close, I wanted to share that second great impression I mentioned earlier. It's this. Symantec has as wonderful an array of CSR communications as I have seen at any company. In addition to the annual CR Report (every two years, a full GRI Index report and every in-between year a shorter non GRI report), Symantec maintains a suite of communications second to none, including: 

The last annual "Vision" trade convention that Symantec held in Las Vegas was eco-managed to perfection and you can read all about the efforts to greenify that conference in a full event sustainability report. Really great stuff. 

Cecily noted "Sometimes, you have to say things in 10 different ways for it to reach all the people and for them to actually hear it. A single annual CR report is not enough. We believe it's really important to maintain a range of communications that will reach all our employees and diverse stakeholders in different ways that will attract their interest." 

Symantec's next CR Report to be published later this year will be a G4 report. With a materiality matrix in place, and existing strong engagement processes, the fundamental processes at Symantec make G4 a natural evolution. 

In the meantime, looks like cyber is going to get lots more secure with the new SC3 program. I guess all my attempts to hack into the world's leading online ice cream recipes may not come to fruition after all. 

elaine cohen, CSR consultant, Sustainability Reporter, HR Professional, Ice Cream Addict. Author of Understanding G4: the Concise guide to Next Generation Sustainability Reporting  AND  Sustainability Reporting for SMEs: Competitive Advantage Through Transparency AND CSR for HR: A necessary partnership for advancing responsible business practices . Contact me via   or via my business website   (Beyond Business Ltd, an inspired CSR consulting and Sustainability Reporting firm

No comments:

Related Posts with Thumbnails