- CISO Series Newsletter
- Posts
- 05-12-20 - Three Years Experience Required for Sub-Entry Level Positions
05-12-20 - Three Years Experience Required for Sub-Entry Level Positions
Three Years Experience Required for Sub-Entry Level Positions
This week's episode of CISO/Security Vendor Relationship Podcast
Three Years Experience Required for Sub-Entry Level Positions
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our gsponsored guest is Brandon Traffanstedt, global director of systems engineering, CyberArk. The three of us discussed:
Where do you find great help desk people?
The blanket demand for X years of experience won't necessarily yield a great help desk person. Simply look for people who've had a combination of working with computers and dealing with the public. Anyone who has worked at Apple stores or Geek Squad has those credentials.
What will a home risk assessment really reveal?
While concerns have been running high regarding everyone working remotely, there is an urge to know employee's at-home computing environment. Before you pull the trigger to conduct a home risk assessment, ask what will such an effort reveal and what will be the cost/benefit of knowing. What will you do once you know? And prior to the pandemic, how did you feel about employees working from home or in coffee shops? A less costly and time consuming option would be just to offer guidance.
Obfuscate secrets from users outright.
A user can't necessarily give up their secrets if they don't know what they are. Secrets to allow for access don't have to be elements that a user knows, like their password. They could have to do with policies and behaviors that are essentially unknown to them, or at least not consciously. The more you're able to do that, and remove standing privilege, the harder you make it for an attacker, who gets legitimate credentials, to move throughout your network.
Special thanks to this week's podcast sponsor, CyberArk.
At
, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.
PREVIEW of Friday's [5-15-20] Hacking the Visibility of the Cloud
Join us for “Hacking the Visibility of the Cloud: An hour of critical thinking about what we can see and what we’d like to see in the cloud”.It’s happening this Friday, May 15th, 2020 at 10 AM Pacific/1 PM Eastern.REGISTER
Enter to play "What Is It and Why Do I Care?"
This is a brand new game for CISO/Security Vendor Relationship Podcast where we ask vendors to submit the best explanation of their category and what makes them unique. We’ll match companies in similar categories, and then I'll read the explanations (“What is it?”) and the differentiators (“Why do I care?”) to the CISOs all without revealing the names of the companies or the people who sent in the submissions. If the CISOs pick either response as their favorite, I'll then reveal the names of the winners, but not the losers.There's no risk to you to make your pitch. When have you ever heard that in cybersecurity?Go ahead and pitch and potentially you could get some kudos for your savvy skills explaining your technology.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.