Interview: Jung Lee, CyberVista

Do methods to test compatibility of new and current employees actually give you an idea of how suited someone is, how skilled they are and what training they may need in the future? One company trying to do this is CyberVista, and Infosecurity met with its chief product officer Jung Lee to find out more.

The concept of the company was in wanting to find a way to address the skills and hiring gap, “and once you are hired you’re given a proper and clear pathway.”

Lee admitted that there is a lot of talk about that issue, as not only do you want to make sure that you’re bringing the right people in, but that they are being employed in the right way.

This leads to what CyberVIsta does. Lee showed Infosecurity its seven-question assessment to determine where a person’s skills stack up in the cybersecurity workforce, and determine which position within the field they are most suited for based on their skills.

The Virginia-based company works with global organizations to assess cybersecurity skills and train where there are existing deficiencies. Lee said that any task begins with a diagnostic tool being run, as the applicant should be guided through the recruitment path to determine a person’s strengths and weaknesses.

This led to CyberVista’s concept of coming up with a diagnostic to help you through, and then guide you to a career path. This is not a straight multiple question test, but designed to assess and test the person.

Lee explained that the intention of this is to get away from the typical compliance and training clickbox concepts, to one that better determines a person’s skills. “We want the questions to be easy enough once you’re in it, but totally hard to get if you’re not within that skill set.”

A total of 14 questions are asked, and Lee said that the reason that a performance tracker is important is that the test is scored in modules, and each question corresponds to a different part of the job specification. “You get not just an overall score, but a very direct score based on the subject areas,” he said. “What we’re trying to get at the end is seven areas of what you need for a certain job.”

He said that the skills are based on a combination of what is in the NICE framework but also from what it collected from interviewing customers and doing job analysis. However, companies can modify the test “as what we are providing is a set of questions for them to create a diagram for a profile for themselves.”

So is this open for editing to whatever a company wants to add in for their hiring and retention needs? Lee said it is currently available using CyberVista’s own set for questions for the matching, but it can add more to it. This includes adding soft skills that are not currently part of the module.

“If a company said they wanted to use us for a diagnostic test, they could set 36 questions to base on the seven areas and gain a profile of what the person would look like based on their job requirements,” he said. “This not only gives you a path, but also a path to very direct training, so it allows for training to be understood.”

Lee also said that as well as assessments, you find that people come with varied backgrounds and the diagnostics can be very different among one team. “That ensures a consistent team, as you want to make sure that lots of areas are covered.”

Asked how many tests have been completed in the three years of CyberVista’s existence, Lee could not say how many, but guessed at thousands. He said that the next stage is to come up with an efficient way of training, and to make sure the workforce is measured in “a good way, and a way that can bring about change because measuring for the sake of measuring is not important – being able to do something about it is.”

What’s Hot on Infosecurity Magazine?