Cloud CISO Perspectives: Early May 2023
Phil Venables
VP/CISO, Google Cloud
M.K. Palmore
Director, Office of the CISO, Google Cloud
Welcome to the first Cloud CISO Perspectives for May 2023. This month, we’re featuring guest author MK Palmore, director in our Office of the CISO. MK will be discussing our new Google Cybersecurity Certificate and how it can help organizations close the security talent gap.
Before I turn the mic over to MK, I’d like to thank everyone who attended our panels, presentations, keynotes, and visited our booth at the RSA Conference last month. It was a pleasure to see old friends and make new ones, and to share the excitement over our Security AI Workbench announcement and our plans for how AI can improve security.
And speaking of events, our annual Google Cloud Security Summit is next month, June 13-14.This year, we’ll explore the latest technologies and strategies from Google Cloud, Mandiant, and our partners to help protect your business, your customers, and your cloud transformation. You can register for the broadcast in your choice of two time zones here. We hope to see you there.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
How the new Google Cybersecurity Certificate can narrow the security talent gap
By MK Palmore, director, Office of the CISO, Google Cloud
The importance of securing our digital assets and critical infrastructure has never been more vital. Although the security industry faces a complex landscape of evolving threats, one of the biggest challenges to overcome is our talent gap.
Cybersecurity has been identified as the top area of concern for enterprise risk, yet we face an enormous workforce gap today. While the global cybersecurity workforce added 464,000 jobs over the past year, there is still an employment gap of more than 3.4 million positions globally, according to research published by security industry nonprofit ISC2.
It is more imperative than ever before to ensure that we build a strong and diverse cyber workforce, equipped to create a safer internet for everyone. From national security to protecting critical infrastructure, this talent gap affects everyone and we all need to come together to address it.
Our team has been working behind-the-scenes to make cybersecurity education more accessible. I’m excited to share more about Google’s new Cybersecurity Certificate, which combines our industry-leading expertise in cybersecurity with our proven approach to training people for in-demand jobs.
Built and taught by cybersecurity experts at Google, this rigorous program will equip people with the in-demand skills needed for entry-level jobs in cybersecurity, such as cybersecurity analyst and information security analyst. The certificate requires no prior experience or degree, is self-paced, completely online, and can be completed in under six months of part-time study.
The certificate program can help teach people how to identify common risks, threats, and vulnerabilities, and the techniques to mitigate them. From conducting a security audit to automating security tasks, learners can gain hands-on experience including using Python, Linux, SQL, and Security Information and Event Management (SIEM) tools.
The Google Cybersecurity Certificate can help prepare learners for the CompTIA Security+ exam, the industry-leading certification for cybersecurity roles. Learners will earn a dual credential when they complete both.
There is also a great opportunity to improve the diversity of the cybersecurity industry, as Hispanic, Black, and female workers are underrepresented in the field. Fifty-five percent of Google Career Certificate graduates identify as Asian, Black, or Latino, based on program graduate survey responses last year.
Graduates of the Google Cybersecurity Certificate will have the opportunity to connect with more than 150 employers who are committed to considering Google Career Certificate graduates for open jobs. A 2022 survey of our U.S. program graduates found that 75% reported a positive career outcome within six months of completing the certificate.
The benefit of the Certificate is two-fold. First, it can help employers fill their talent gaps by hiring from a skilled, diverse talent pipeline and it can help re-train and upskill their current employees. Second, it can help those eager to join the cybersecurity workforce learn and build the skills they need to jumpstart a career in this fast-growing field.
At Google, we are more focused than ever on protecting people, organizations, and governments by sharing our expertise, empowering society to address ever-evolving cyber risks, and continuously working to advance the state of the art in cybersecurity. But we know we can’t do this alone.
Expanding the pathways into the field will increase the size of the talent pool and the range of backgrounds and skill sets within it. We need more skilled talent and diversity in cybersecurity to help combat the ever-evolving threat landscape. Please spread the word. For organizations that are looking to hire program graduates or reskill their workforce, please join our Google Career Certificates Employer Consortium.
Transforming the cybersecurity workforce will not happen overnight. But as a national (and global) security priority, it is imperative for all of us, including governments and industry, to do our part. It is our belief that with focus and investment, we can create a more robust and equitable cybersecurity workforce, one that is equipped to build a safer world for everyone.
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
Get ready for Google Cloud Next: Discounted early-bird registration for Google Cloud Next ‘23 is open now. This year’s Next comes at an exciting time, with the emergence of generative AI, breakthroughs in cybersecurity, and more. It’s clear that there has never been a better time to work in the cloud industry. Register now.
Give boards and leaders more support to respond better to evolving threats: Kevin Mandia, CEO of Google Cloud’s Mandiant, explained at the RSA Conference how external pressures are shaping the current cybersecurity landscape. Read more.
Game-changing IT security with Unity, Orca Security, and Google Cloud: Take a look at how the partnership between Orca and Google Cloud helps Unity maintain optimal visibility across their IT landscape for more reliable, secure, and dynamic performance. Read more.
How Broadcom simplifies compliance for government customers: Broadcom makes it easier for federal agencies to meet compliance obligations with Assured Workloads. Here’s how.
Google Cloud security tips, tricks, and updates
How to solve challenges when security patching Google Kubernetes Engine: Reviewing data collected between 2021 and 2022, we found that Google Kubernetes Engine (GKE) customers sometimes delay security patching their clusters. Here are some tips on how to patch without interrupting operations. Here's how.
Secure Enterprise Browsing: Chrome adds enhanced DLP and extension protections: New enhancements can help organizations protect their data and users as they work on the web: Data loss prevention (DLP), security insights and visibility, and extension security are now available in Chrome Enterprise. Read more.
Protect business data with ChromeOS Data Controls and new security integrations: A newly-expanded set of built-in features can help businesses protect their data and users, building on our new Chrome browser extension controls. Read more.
How to get more from Chrome Browser Cloud Management: You can offer a streamlined user experience across corporate Chrome browsers, and a higher level of enterprise security, with Chrome Browser Cloud Management. Here's how.
Cloud Data Loss Prevention’s sensitive data intelligence service is now available in Security Command Center: We have integrated Cloud DLP’s sensitive-data discovery service with Security Command Center to help security teams identify and act quickly on the threats that matter for your organization. Read more.
New asset query simplifies asset inventory management in Security Command Center: Securing growing environments requires tools to help discover, monitor, and secure cloud assets. To help, Security Command Center now includes new asset query functionality designed to make it easier for IT and security teams to identify assets in large, complex environments. Read more.
Manage IAM permissions with the Google Cloud mobile app: We’re excited to announce the availability of enhanced permissions management on the Google Cloud mobile app. This new capability enables you to easily view, assign, and search for all the roles in your organization. Read more.
Introducing Organization Restrictions, a new way to keep threat actors out: With Organization Restrictions, a new generally available Google Cloud security control, administrators can restrict users’ access to only resources and data in specifically authorized Google Cloud organizations. Read more.
Extending Zero Trust access to multicloud applications: To help administrators connect and configure applications hosted outside Google Cloud, enhanced BeyondCorp Enterprise onboarding includes a new workflow to add web applications and auto-provision load balancers and backend services. Read more.
3 new ways to authorize users to your private workloads on Cloud Run: It's easier than ever to build internal apps on Cloud Run. Here are three common design patterns and how Cloud Run can help implement them. Read more.
Google Cloud Security Podcasts
We launched a weekly podcast focusing on Cloud Security in February 2021. Hosts Anton Chuvakin and Timothy Peacock chat with cybersecurity experts about the most important and challenging topics facing the industry today. Earlier this month, they discussed:
What happens in a Confidential Space, stays in a Confidential Space: What is Confidential Computing, and why does it matter that we’ve added Confidential Space to the mix? Google Cloud’s Nelly Porter and Rene Kolga chat about the new Confidential Computing tool called Confidential Space. Listen here.
Finding the balance between building secure products and secure cloud: Some of our focus is on making Google Cloud more secure, while some of our focus is on selling security products. We talk with Jeff Reed, vice president of product for Google Cloud Security, about his lengthy career in cybersecurity and how Google Cloud threads the needle. Listen here.
Looking back at RSA 2023: We came, we saw, we got excited: From startups with big booths on the show floor, to why Google Cloud heavily discussed code generation and complex content summarization, we look back at this year’s RSA Conference, with our own Connie Fan, senior product and business strategy lead. Listen here.