Cyber has a skills gap. How approaches to tech, hiring – and retaining women - can help

Linda Lacina, Meet the Leader Welcome to Meet the Leader, a podcast where top leaders share how they're tackling the world's toughest challenges.

In today's episode, we talk to Petra Jenner of cybersecurity and analytics company Splunk. She'll talk about growing cybersecurity risks and how bridging the talent gap can help tackle them.

Subscribe to Meet the Leader on Apple, Spotify, and wherever you get your favorite podcasts. And don't forget to rate and review us. I'm Linda Lacina from the World Economic Forum and this is Meet the Leader.

Petra Jenner, Splunk People plan their vacation but forget to plan their career.

Linda Lacina, Meet the Leader The world needs 3.4 million cyber security experts to support the global economy. These workers are critical to getting ahead of threats that can disrupt everything from hospitals to electricity to banking.

And with hacking, it is a matter of when, not if. In fact, 86% of business leaders in one recent survey believe that growing geopolitical instability could lead to a catastrophic cyber event in just the next two years.

The industry is struggling to fill that gap thanks to a number of factors. Our Cybersecurity outlook shows a growing gap for tech skills in general and demographic shifts, but there's also factors unique to cybersecurity, including recruitment that often focuses just on traditional backgrounds in IT and computer science, a misunderstanding that roles can be possible for some people with the right on-the-job training.

Given tech’s fast growth, making opportunities available to women will be particularly important for the sector and for economies in general. In fact, our 2024 Global Gender Gap report shows that across sectors it will take a staggering 152 years to reach parity in overall economic opportunity and job participation.

I talked to Petra Janner. She is the senior vice president and general manager for Europe, Middle East and Africa for Splunk. That's a cybersecurity and analytics company. She shared with me why bridging this labor gap will be so critical. She also talked about what's needed to expand talent pools to new groups, including women and those with nontraditional backgrounds, and why it's important to retain the people that you have skilled in such a stressful field.

She'll get into all of this, including how the profession has informed how she navigates risk. But first, we'll get started with the talent gap in tech.

Petra Jenner, Splunk We just had a session here in Davos, right, and where we discussed also the shortage of talent and also especially the diversity of talent.

And I think we need to do two things. First of all, we need to leverage a different language, which is easier to understand, to remove the potential barriers to access and enter the cybersecurity space, right? People feel that maybe too complicated, too technical, or I will never be able to cope with that, especially women. That means we need to remove in the job advertisements, we have to make clear what we are looking for. The language has to be reshaped so it's better fit for purpose and addresses, especially women. That's the first step.

And the second thing is we need to have a career succession planning in the organization, which is much more intentional. What I mean by that is not only saying, okay, we, you know, make sure women are joining us, but also to really have ongoing career progression conversations. And that's also something we have built at Splunk that we really regularly interact, communicate, double check. You know, what's the progress? What are you up for? What do you want to succeed? Because firstly, it's difficult to get women into the jobs. But then I think the main challenge is to keep them in the jobs and keep them happy and engaged and make sure we don't lose them halfway through their career.

Linda Lacina, Meet the Leader And so what does that look like -- sort of on a block and tackle level. What has worked for Splunk. What are those steps like? Is there like a regimented time that you are checking in with people at different milestones in their career, or are there other triggers to make sure that you're working that in. What's worked for Splunk so other people can kind of, you know, learn from that, maybe work it into their own plans?

Petra Jenner, Splunk So first of all, the first thing, which I think is important, to really schedule at least quarterly check-ins with your leaders, with your, you know, younger population, with your talents, diverse talents. And this is not only female talent. This is very important to foster this culture around in the whole organization. So that means really having regular interaction and having really intentional career progression discussions. Right? Because there is also a saying that people plan their vacation but forget to plan their career. Especially what I've noticed is that the younger people ask me like, okay, please help me. Please build my career now. Right. What do you suggest as my next step?

Right. I think the role of a leader is in these conversations. To really understand what is the true desire of this individual and make sure that it's really mapping their interest rather than, you know, just say, "okay, you have to do three steps in order to become a manager, right?" So it has to be really thought through jointly of what could be potential areas of development, learning and development, which needs to be done. So that's very crucial. Right. And this has to be systematically part of the way we lead people. And trust me, you may say this exists in organizations. I know that many people would say I don't have enough time to do these regular check ins.

The second thing we do is, like, foster communities, right? So we have multiple communities for underrepresented minorities. And it's very important to set the tone from the top so that I will attend, that I will write about it. I make sure that these Employee Resource Group, that's the way we call the communities, are really known to other people and leveraged accordingly. Right. So these are small little things, but they are very important and very effective in fostering this culture of inclusion, diversity and also building on the younger talents in the organization.

Linda Lacina, Meet the Leader You mentioned that you attend these Employee Resource Groups. I talked to one company once that had a women's resource group, and their group had put together a proposal for to improve the maternity benefits. Right. Because they had advocated for it, and also because leadership that was sort of part of that as well, it got done. Are there sort of things that those groups have advocated for at Splunk, or how important is it if something hasn't been proposed? How important is it, I guess, for a leader to be actively asking those folks, "hey, what can we make happen?"

Petra Jenner, Splunk And that's exactly what I have started to do, right? I mean, I haven't done that in the earlier days, to be honest. But now I have started to use this conversation to really understand how they feel, what is missing, and they are becoming an instrumental part of our people agenda.

What I mean by that is that they are giving input of what they would like to see, whether from a cultural aspect or from social benefits and so forth, whatever is needed.

And then we reflect how we can implement this within the organization and then record back to them what we are planning to do, or even let them present their own ideas to the broader teams, so that the teams also see that this has been generated within the organization, rather than top down from the leadership. I think that's very important, and that's what we are just fostering. And we are going to leverage the community groups to provide us some further insights on what we can do better in order to become an even better employer for the future.

Linda Lacina, Meet the Leader Tell me a little bit more about this. What's success? What do you want to build with this?

Petra Jenner, Splunk One of the top priorities we clearly have, and, you know, especially in my organization is all around ensuring that we have even a stronger people, a more human culture. You know, create a work space where people really are proud to be part of and also make sure that we are going to create even a more inclusive work environment.

This is really something you can never be at the top. You constantly have to evolve. I think that's very important to really make sure people feel that they can develop and progress their careers by being at Splunk, right. So, that's one of the key objectives.

The other objective, of course, is to really set the tone on what are the business priorities for next year. And as you know, cyber security, digital resilience is on top of everyone's agenda, and make sure that our teams and people are educated on the latest trends. So we leverage also the World Economic Forum to capture what are the latest trends and discussions and feed that back into our teams so that they are really up to speed and can provide advisory to our existing customers. So that's another very important element.

Linda Lacina, Meet the Leader You mentioned a little bit about the labor shortage. There's going to be labor shortages that are going to affect a range of industries. And you know, cyber has sort of had a labor shortage. You can't quite get enough folks to meet the demand for the work that needs to be done. For leaders who are listening to this. How important is it for them to look at inclusivity as not just a sort of a nice-to-have -- we all like inclusivity -- but also as a real strategy to tackle labor shortages.

Petra Jenner, Splunk I mean, it's a at the top of every executive I have spoken to. The strategy is to mitigate that risk and the upcoming shortage and existing shortage already. Really different, right?

I would say in the technology space we have, let's say, the advantage that we are at the forefront of technology and people know that it's a very interesting industry for the next coming years. So they understand if they invest in learning into, you know, let's say cyber technology or digital resilience or observability or any kind of AI-related topics, it's a good investment in their personal career development. So we are a little bit at the positive side of this.

Nevertheless, people fear, then, the accessibility of knowledge and how to learn. So I think we need to make sure is that our cultures in the organization are really learning cultures. And what I mean by that, you know, encourage formal leadership and ongoing development, learning, enablement of the individuals. And I think this has to become also a bit like more attractive on how we learn things and easier to absorb for the different audiences in the organization because not every audience is technical savvy. Believe it or not. Not even in the technology company everyone understands all you know aspects of technology. It's only a small portion. So they have to translate so that every part of the organization really understand what we are doing, in their own words, and to really address that accordingly if they speak to potential candidates, to potential recruitings.

And I think overall, for cyber, especially, we need to remove this notion of, "oh, it's so technical and I cannot cope and learn it." Especially for women. Right. Because in the cyber space or in the digital resilience space, there's so many factors and so many different jobs that not everyone has to be super technical.

Linda Lacina, Meet the Leader Tell me a little bit more about that. What would surprise someone listening to this? They think, well, "hey, I could never work in cyber. That's not a fit for me or my skills wouldn't translate." What might surprise them about how their skills might translate? Are there certain roles or are things that you guys are looking for? They're like, gosh, we need someone to do X or Y.

Petra Jenner, Splunk Yeah, I think everyone with an interest in learning technology could easily learn parts of it, right? Of course, they won't be a developer in cybersecurity, the next day. But I think if you invest a little bit more and we need to guide them through this. What are the potential education streams they have to go after.

But I think I would say to everyone who is interested in joining, there are roles which are really like normal business roles. We have sales, we have marketing functions. We have a HR functions in our organization. We have sales functions where you have to have a certain level of understanding, but you don't need to know the the deep ground of technology. And then of course, there are the real heavy technology roles. And in these roles, of course, you need to have a bit more deeper knowledge. So if you have a good analytical set up, if you have the desire to learn new things, and also if you are prepared to go into an industry which is going to be at the forefront of emerging technologies and want to have also a safe but also innovative workplace, that's the place to be. So that's what I would say to every woman. You know, it's like there are many opportunities and everyone wants to support the women, especially the women in that space.

Linda Lacina, Meet the Leader With cyber, are there particular things that make it harder to retain women?

Petra Jenner, Splunk I think the role, I mean, I think what you're referencing relates especially to the security analyst roles. These are the real deep technical roles to really understand what's going on in an organization from a technical point of view. Or let's say, roles like security manager or CISOs, even. Attacks happen, right? And what makes these roles special is that you have times where everything seemed to be quiet, and then all of a sudden an attack happens and then you need to be at the forefront of it. And this makes it probably more stressful because you may have more emergency from a technology point of view. Or you need to, let's say, reduce an emergency quickly, right? You need to recover. And I think that requires very specific skills in terms of resilience.

And it also requires a good constant, you know, looking after yourself. And I think that's the area where we lose sometimes cybersecurity talent and also managers in that space -- women and men, by the way -- because they feel that they have to be always on and always reachable. Right? Because the attack landscape has massively increased. So. I think that's a little bit the area where I think cybersecurity, especially on the real technology part of cybersecurity, this is where I see people having time constraints. They don't feel they have enough work life balance. It depends on how you organize the work, right?

And also it depends on whether the companies are using the right technology. There are ways where we could simplify and reduce the workload. So I think that's my call to action for some companies. There is technology to reduce the workload of security analysts and managers, but you have to use them and you have to invest in these technologies. So, I think that's also what drives a little bit the the churn and the change on security talent in general.

Linda Lacina, Meet the Leader If we're not able to bridge this gap with labor, right, especially in cybersecurity -- what happens in ten years?

Petra Jenner, Splunk Very good question. I think what is very important that we leverage artificial intelligence, right? And especially machine learning to make sure that repetitive threats will be determined much easier and will be eliminated at a certain point in time. So I think that's one thing. And we need to double down on this. So AI is very crucial to, let's say, probably reduce the risk of talent shortage. AI could be the response to it. Right. So I think that's one part.

And the second part is of course we need to make sure that we leverage these technologies like AI constantly in our security products to reduce the workloads and also the constant emergency perception. I think these are the only two things which could really reduce the talent scarcity.

Linda Lacina, Meet the Leader In cyber, think there's a very healthy attitude towards risk. And you tell me if I'm on the right track here, but the reality is, as you mentioned it earlier. Attacks happen, right? Things will happen. Success isn't that nothing happens, right? Because that's not realistic. Being able to accept that yes, there will be these attacks and you need to mitigate those risks. What else can anyone learn about approaching risk in a healthy way?

Petra Jenner, Splunk I think the first and most simple answer is that we approach threats as that "there is threat," and that we should shift the mindset to "we will be attacked potentially." So the question is "how do you mitigate this attack? How do you prepare for potential attack and reduce the impact of an attack?"

And that's also what the notion of digital resilience is all about. You need to look ahead of what are the potential attacks which could happen and just anticipate that there will be attacks and then drive processes, procedures, build frameworks in an organization that they are prepared for the future.

Because the attack landscape will be strengthening, will be, you know, worsened over time. It is worsening every week and month. If, let's say, an attack happens, the most important thing is that it's detected fast and isolated as soon as possible, right? And that the rest of the systems and the rest of the digital processes are not impacted. So I think that's the most important thing you can do.

Linda Lacina, Meet the Leader Is there a piece of advice that you've always been grateful for?

Petra Jenner, Splunk Yes, I was always grateful for "treat other people like you want to be treated". I think it was advice my father has given to me. He said, look, treat everyone as important, right? You have one time, an opportunity to leave a good impression. So make sure you treat people like you want to be treated.

Linda Lacina, Meet the Leader The 2024 Global Risk Report had identified cyber as one of the top things, especially for the near term and for the years ahead. What needs to happen this year to make sure that we're ready for the future?

Petra Jenner, Splunk I think this year we need to start building frameworks right in the organization that really describe how, let's say, the emerging technologies like AI or, you know, other technologies, are really leveraged in an organization to make the company or the organization more digital resilient. I think this has to happen now.

And with frameworks, how do we utilize these technologies. And how do we don't utilize it? And then the other part of the framework is also going to be what are the ethical usage, and where we don't allow certain technology to be used and be very explicit around that. I think that's absolutely fundamental. This has to happen now because the further we leverage these technologies, it is probably too late to do this afterwards.

We have to think of how does an organization leverage these technologies and set boundaries and also clear rules and guiding principles -- this is what I mean by framework -- to make sure that it's used in the way we want to have the leverage of this technology.

And it should always be human centered. That's why we applied at Splunk. We have this framework and we always have the human centered -- that's absolutely fundamental.

Linda Lacina, Meet the Leader You had mentioned that if we don't do it now, it'll be nearly impossible to work it in later. Tell me more about that. Why is that?

Petra Jenner, Splunk When it was launched in 2022, Gen AI, you know, last year was all about Gen AI. People are constantly using it, New use cases are identified. People are using that in their day-to-day interactions. And the more we use it, the more it becomes natural. So now it's the time in order to regain -- also trust in an organization -- you need to build, you know, certain barriers or certain frameworks. And how to operate because it's already there and it's going to be exponentially leveraged and used over time because there's so much business opportunity and efficiency gains behind it, so that the use of this technology will be even further accelerated. And if we don't start to find a way to -- I don't want to say to regulate it -- but to work with this technology, and use it in the way we want to use it, then we need to do it now.

Linda Lacina, Meet the Leader What gives you hope that all this could move in the right direction?

Petra Jenner, Splunk First of all, I think that many companies, you need to build a community of technology companies, and they are working together to make sure that's going to be used in an ethical way. So that's the first thing which gives me hope.

The second thing is also there's a good, let's say, healthy debate about the ethical usage of these technologies. It's from the legislation point of view. It's also coming from policymakers, from politicians, from different government bodies, as well as from corporations. So there is this discussion going on which I think is very healthy.

It is the first time I've seen that like this. Normally people just jump on technology, use it because it's an efficiency gain, and they just walk away. But there is a good understanding that it has a lot of positives, but it also has some areas we have to look into. So I think that mindset is already there, which is good. That gives me hope.

Linda Lacina, Meet the Leader That was Petra Jenner, thanks so much to her, and thanks so much to you for listening. Find a transcript of this episode, as well as a transcript from my colleague's episodes of Radio Davos at wef.ch/podcasts.

This episode of Meet the Leader was produced and presented by me, with Jere Johansson and Taz Kelleher as editor, Juan Toran as studio engineer in Davos, and Gareth Nolan driving studio production.

That's it for now. I'm Linda Lacina with the World Economic Forum. Have a great day.