Super Cyber Fridays!
Join us TOMORROW, Friday [05-31-24], for "Hacking Microsoft Copilot"

Join us Friday, May 31, 2024, for “Hacking Microsoft Copilot: An hour of critical thinking of how to get your Copilot pilot into production.”

It all begins at 1 PM ET/10 AM PT on Friday, MONTH DAY, YEAR with guests Brian Vecci, field CTO, Varonis and Cyrus Tibbs, CISO, PennyMac. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Varonis

Defense in Depth
Recruiting From the Help Desk

Working the help desk seems like a great place to get entry level cyber security skills. So why is it so often overlooked or even looked down upon?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Sasha Pereira, CISO, WASH.

The help desk is a resource

CISOs can get a lot of organizational insight by keeping tabs on the help desk. "Help desk is a great vantage point to learn and understand an organization, the technology and tools they use, and the people you support. I did my time back in the Marine Corps and it has proven to be an immensely valuable part of my career," said Joseph Lewis, CISO, Centers for Disease Control and Prevention. The help desk is the first place you can learn about security controls that rub employees the wrong way, giving you an opportunity to adjust them faster, as Duane Gran of Converge Technology Solutions Corp pointed out, saying "Even if you don't hire help desk employees straight away, they are a great resource to know what is really happening in the company. They are at the tip of the spear in terms of hearing about staff frustrations around technology and security."

Embracing a service mindset 

Employees with help desk experience often have technical skills that translate to cybersecurity, but the benefits of recruiting them go beyond that. "Help desk experience fosters a customer service mentality. This helps transform security from the ‘department of no’ to a shop that asks ‘how can we make this work for everyone,’” said Justin Furrow of Zelis. Excellent customer service becomes a major asset when you consider the importance of communication in cybersecurity. "Their customer service skills remain undervalued. All aspects of security involve working with internal customers whether it be during an investigation trying to get additional context the logs don't provide or when troubleshooting on the engineering side," said Greg Mathes of Arvest Bank.

It’s not a direct pipeline

While help desk staff remain a still untapped source of high-quality recruits, it doesn’t mean the transition won’t require additional training. "In tier 1 tech, coding skills are mandatory to succeed in security engineering. You must learn to code, minimally Python, ideally Go and or Java," said Nick Reva of Snap. Brian D. McCarthy of Veritas GRC makes the case that the help desk offers a strong foundation, saying, "Lateral positions, like the help desk, have the underlying foundational elements for cyber success. Communications, escalation process, and large picture attack vectors."

Take advantage of the inside track

Cybersecurity processes are doomed to failure without buy-in. Employees with help desk experience know what kind of policies and procedures will work with staff, and which ones get worked around. "The help desk also has great insight into what security processes are burdensome and how people bypass them. If they can help the CISO ‘make the right way the easy way,’ that's extraordinarily valuable," said Chuck Herrin of F5.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Push Security!

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dimitri van Zantvliet, CISO, Dutch Railways.

Thanks to our Cyber Security Headlines sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

"How do you feel about the future of Cybersecurity?" (More here)

"Do you add extra protection to ”high value targets”, like your CEO?" (More here)

"Do security teams have the operations team run their infrastructure?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [05-31-24] Hacking Microsoft Copilot

• [06-07-24] Hacking SOC 2 vs. ISO 27001

• [06-14-24] Hacking the Conversation Around Risk

• [06-21-24] Hacking Generative AI Anxiety

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.