New Venture by Tiro Security Aims to Bridge the Diversity and Skills Gap in Cybersecurity

Los Angeles, CA, November 17, 2020 — Tiro Security has teamed up with HoneyBee HR to launch The nextCISO Apprenticeship, a robust program aimed at preparing aspiring but otherwise disadvantaged individuals for key roles in the growing field of cyber security. Tiro Security founder Kris Rides, vCISO/CTO for TiroSecurity Jenai Marinkovic, and HoneyBee HR founder Melissa Elza are leading the effort.

The nextCISO Apprenticeship initiative will address several areas of need in the current business environment. The first is the low percentage of minority representation within the cybersecurity field. The second is the skills shortage in the cybersecurity industry which promises to only worsen in the coming years. The third is the scarcity of programs for security certifications and degrees that adequately address the skills necessary to make graduates ready for day one.

The concerning cybersecurity outlook

According to the newly released 2020 (ISC)2 Cybersecurity Workforce Study, “data suggests that the global cybersecurity workforce needs to grow 89% to effectively defend organizations’ critical assets.” The talent shortage in Cybersecurity is now at 41% in the US and 89% worldwide. 56% of respondents said their organizations are at risk due to cybersecurity talent shortages. Yet, a majority of open roles will go unfilled, presenting a substantial risk to many companies. Due to a variety of factors, one being the reluctance or inability to invest in staff training, companies are not opening roles to those without a proven track record or verifiable skills. Even junior professionals are being passed over. The position of Chief Information Security Officer (CISO) is among those with the highest demand.

Chinks in the current educational landscape

Although many colleges and universities have started cyber security programs in recent years, many are woefully inadequate. The main problem is that there are not enough true cyber security experts – those who have dealt with critical real-life experiences – to teach them. As a result, graduates have the “book knowledge” but few display the nimble thinking necessary to deal with a complex and ever-changing cyber landscape. Hiring managers need to have confidence that an individual is truly ready to protect their systems. Errors in judgment of a cyber incident can have disastrous results. Conversely, an out-of-the box thinker might ward off an unexpected cyber attack, giving the company an advantage.

The diversity dilemma

So, who are the people currently holding top cyber security jobs? Not surprisingly, they are overwhelmingly white males. Minority representation within the cybersecurity field is roughly 26%, and only 14% are women. And those tend to be concentrated in non-management positions. Fewer occupy leadership roles, despite being highly educated. Yet achieving diversity in the workplace has become a priority in today’s business world. It is one of the defining issues of our time.

What the program entails

The nextCISO Apprenticeship Program approaches the prevailing challenges holistically. It targets governance, risk management and compliance (GRC) as an entry point, ensuring that a strong understanding of controls frameworks for enterprise security and compliance capabilities are baked into the foundation at the onset. Part of the training addresses the variable side of the equation – human interaction and response, resulting in a thorough understanding of GRC audit requirements.

After mastering basic GRC concepts, nextCISO students work toward the following certifications and capabilities:

Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance

Information Security Foundation based on ISO IEC 27001 from EXIN

Another big takeaway from the 2020 (ISC)2 Cybersecurity Workforce Study, was that cloud computing security is the most in-demand skill set by far, with 40% of respondents indicating they plan to develop it over the next two years. The specialized ISO 27001 training gives graduates the ability to get organizations the certification necessary to show that its data is sufficiently protected. Also covered as part of the course are requirements of the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA), both federal laws that anyone doing business on the internet must follow.

The intense 6 month program ends with a project involving real client work.

The students and teachers

A majority of the candidates for the nextCISO Apprenticeship Program do not currently work in tech positions but have shown an interest in changing careers and advancing themselves through hard work and determination. The program is open to anyone showing potential but actively recruits and encourages minorities – black, indigenous persons, people of color (BIPOC), LGBTQIA, and women – to apply.

Course designers and teachers for nextCISO are experts in GRC, Cybersecurity, Human Resources, Design, AI and Futurism. They are highly educated, have years of experience in their field and have achieved a level of success and recognition that makes them respected educators.


Thank you to The Cloud Security Alliance and EXIN for partnering with this program to make it possible to provide leading industry certifications at no cost to the nextCISO students.

What the principals say about their initiative

Rides, Marinkovic, and Elza are all pleased with the way their rather unique initiative is developing. “As machine learning and cognitive solutions evolve in sophistication, security teams must re-examine how they organize work, design jobs, and plan for future growth. We are answering that call for change,” says Marinkovic. Elza agrees, saying, “There are many reasons why the workforce of tomorrow needs to look different. And there is so much potential out there that has not yet been tapped and cultivated. We are looking to fill the gap between the two.” Rides adds, “One of the toughest challenges in bridging the skills gap is getting entry level candidates relevant commercial experience, the nextCISO program does exactly this. What’s more it’s bringing the industry together to be able to do all of this at no cost to the students.”

To learn more about the nextCISO Apprenticeship Program, visit For questions, further information about the program, or specifics on how to apply, contact (person and email).

About Tiro Security

Tiro Security is a boutique Cybersecurity and GRC recruitment and solutions organization, based on the West Coast but helping clients all over the USA. Offering an evolutionary response to the solution provider marketplace, Tiro Security provides businesses with the most comprehensive and cost-effective solutions via a customized service that caters to the needs of your business model and company goals. Whether that is putting together your cybersecurity team, building out your cybersecurity program or helping ensure you meet your GRC obligations. For further information, visit us at and follow us on Twitter @tirosecurity.

About HoneyBee HR

HoneyBee HR offers bespoke people solutions that support companies through their workforce transformation initiatives and is serving clients across both US coasts. The HoneyBee approach is customized and tailored to the specific needs of your business. Whether you require leadership development for your managers, launching customized learning programs, an operational needs assessment, recruitment services, guidance navigating cultural change, implementing a DEI program, or a virtual Chief People Officer to help you build a proper people infrastructure, we do it. For further information, visit us at and on

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud – from providers and customers, to governments, entrepreneurs and the assurance industry – and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

About EXIN

EXIN is a leading independent exam- and certification institute, having certified millions of professionals in the digital domain. EXIN has over 1000 accredited partners in more than 165 countries worldwide. EXIN’s flexible and innovative services enable candidates to take exams worldwide in a wide range of languages.

EXIN enables digital transformation by assessing and validating competences. EXIN offers a broad range of current and in-demand certifications that cover a broad spectrum of specialisms in IT, including Service Management (such as VeriSM™, SIAM™, ITSM), Agile (Agile Scrum, DevOps, Lean IT), and Security (Information Security Management, Privacy & Data Protection based on GDPR, Cybersecurity) as well as Data Center Management. For further information, visit us at, and follow us on

Tiro Security are a specialist Cyber Security staffing and professional services company. Formed in 2012, headquartered on the West Coast and helping clients all over the USA, Cyber Security is ALL we do. Tiro Security is extremely active in the cyber security industry and regularly speaks as experts on staffing, careers and retaining talent at major conferences including DEFCON, ISC2 Congress, ShellCon, BSides and RSA.

Posted in ,