{
  "docId": "019dd923-5de0-76bd-a169-54303fbbe19b",
  "docSlug": "0ec770bd87313ce8",
  "documentTitle": "The CEO’s Guide to Cybersecurity",
  "authorId": "BCG",
  "authorName": null,
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "strategy_consulting",
  "sourceTypeLabel": "Strategy consulting",
  "presentationDate": null,
  "orientation": "portrait",
  "aspectRatio": 0.784,
  "pageNumber": 13,
  "pageCount": 15,
  "prevPage": 12,
  "nextPage": 14,
  "slideType": "problem_statement",
  "function": "frame_problem",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "The slide uses a numbered header '10' suggesting it is part of a larger series of questions or steps.",
  "elementsJson": [
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 0.95,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5de0-76bd-a169-54303fbbe19b/13",
  "deckHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b",
  "deckJsonHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b.json",
  "deckAnchorHref": "/decks/019dd923-5de0-76bd-a169-54303fbbe19b#slide-13",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "Don't have the philosophy of asking for 110% of skills required and then hiring a candidate with 80% of the skills listed.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd951-fefa-773b-abc6-a242555df596",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.36,
        "y": 0.66
      },
      "kind": "list",
      "text": "Do we know which resources are necessary vs. optional? Have we developed qualifications for all cyber personnel? What's our biggest challenge in hiring cyber talent?",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "1048586b-3436-4348-8f75-20b3191f9640",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.14,
        "y": 0.52
      },
      "kind": "paragraph",
      "text": "Don't forget to have the information security manager work with HR to create the right requirements documents and hire the right candidates. After defining the requirements for the role including educational background, work experience, certifications, and degrees, the manager should communicate those clearly to HR in the job description. Additionally, it should be clear which requirements are absolute and which may be optional. Job descriptions should be written realistically. Don't have the philosophy of asking for 110% of skills required and then hiring a candidate with 80% of the skills listed. This approach often backfires and means fewer qualified candidates apply which is why it's so important for the manager to work with HR on realistic and fillable descriptions. Descriptions should also use gender neutral wording.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0872aebc-f7cf-4c37-b765-6bb563dffa54",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.14,
        "y": 0.37
      },
      "kind": "paragraph",
      "text": "Use the matrix above to assess the current talent pool and determine overlaps and gaps in staffing. Build out a plan to address the gaps and eliminate any overlaps. You may find that overlapped roles can help fill in gaps.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "2ab90c8f-ad79-4571-a6a1-46d2eddcd960",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.14,
        "y": 0.42
      },
      "kind": "paragraph",
      "text": "It's important to identify required qualifications for all cybersecurity personnel. The qualifications should be based on the role and responsibilities associated with and required for specific roles. A data center or NOC/SOC manager may need to be on premise and have physical security expertise to ensure the center is properly secured, but a threat hunter may be able to work from anywhere and have no physical security expertise. Role qualifications should be revisited at least once per year to ensure personnel are current with modern certifications and critical learning paths.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "6d777e5b-1c74-43bc-9435-32caf0b68adb",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.14,
        "y": 0.27
      },
      "kind": "paragraph",
      "text": "To attract the best cyber talent, start with a resource requirements matrix that includes current requirements and planned resource needs for the next six to 12 months. The matrix should include key decision points such as cost of resources (hourly or subscription), preferred channel (contractor, FTE, managed service provider), and any regulatory constraints or overhead. Note that the matrix will most likely include headcount and resources across multiple areas and lines of business within the organization.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "c44e80ff-006b-41e9-bca6-4cc6631cf21e",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.06,
        "y": 0.14
      },
      "kind": "title",
      "text": "10 How do you find, recruit, and retain the best cyber talent available, or find the best combination of managed services and cyber talent in a competitive market?",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "067174a5-8e5a-4280-bbf9-bdf1fc60e055",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "x": 0.36,
        "y": 0.64
      },
      "kind": "title",
      "text": "FOLLOW-UP QUESTIONS",
      "attrs": null,
      "subkind": "subtitle",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "9fd43f27-01c6-4d0a-88b3-66c4f66d49bf",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "Action Titles",
      "slug": "action-titles",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-8a51b7db96f9",
      "evidence": "Title is the talent recruiting/retention question",
      "confidence": 80
    },
    {
      "name": "Concrete Language",
      "slug": "concrete-language",
      "agent": "Storyteller",
      "layer": "slide",
      "matchId": "019dd95a-14f6-720d-8375-8e5d5a10ebd6",
      "evidence": "Concrete rule: don't ask for '110% of skills' then hire at '80%'",
      "confidence": 80
    },
    {
      "name": "Problem Statement Canvas",
      "slug": "problem-statement-canvas",
      "agent": "Architect",
      "layer": "slide",
      "matchId": "c9e7f04d-5450-43f5-9d4a-8bc71de1f081",
      "evidence": "Don't forget to have the information security manager work with HR to create the right requirements documents and hire the right candidates.",
      "confidence": 0.7
    }
  ],
  "frameworks": [],
  "arcBeats": [
    {
      "to": 13,
      "from": 12,
      "beatId": "019dd95a-0702-74a3-87e1-717aa3475ad1",
      "arcName": "The Consultant's Gambit",
      "arcSlug": "consultants-gambit",
      "beatName": "Evidence & Proof",
      "beatSlug": "consultants-gambit-evidence-proof",
      "evidence": "Q9-10 cite expert guidance on threat outlook and talent strategy",
      "position": 4,
      "confidence": 55,
      "parentBeatName": "Evidence",
      "parentBeatSlug": "evidence"
    }
  ],
  "loops": [
    {
      "to": 14,
      "from": 10,
      "name": "Mece Breakdown",
      "slug": "40-mece-breakdown",
      "bestFor": "Problem structuring, ensuring completeness, strategic analysis",
      "matchId": "019dd95a-088c-724c-b30e-0316b53f0e64",
      "evidence": "Q7-Q11 cover distinct management levers: measurement, budget, threat outlook, talent, current risks",
      "position": 2,
      "objective": "Enumerate the operational/strategic management dimensions of a cybersecurity program",
      "structure": "The Whole -> Category A (distinct) -> Category B (distinct) -> Category C (distinct) -> Complete Coverage",
      "confidence": 65,
      "description": "Divide a complex topic into mutually exclusive, collectively exhaustive categories"
    }
  ],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}