[08-15-23] ​​5 Years Required to Write a Better Job Description

​​5 Years Required to Write a Better Job Description

August 15, 2023

CISO Series

CISO Series Podcast

5 Years Required to Write a Better Job Description

5 Years Required to Write a Better Job Description

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for the episode is our special guest TC Niedzialkowski‌, CISO, Nextdoor.

Hire based on competency not years of experience.It sounds like a good idea, but how do you encourage this in a job listing? Part of this comes down to listing hard requirements in a job listing, rather than an arbitrary number of years. “I narrow it down to one or two things, and those need to be crystal clear in the job description,” said TC Niedzialkowski, on the importance of being specific. The interview process can then be used to show the soft skill competencies that will let someone thrive in a leadership role. 

When it comes to new technology, cyber professionals tend to embrace a “glass half empty” mentality.We’re seeing this with the rush to show how new large language model-based tools are insecure. While virtually any tool can be demonstrated to be insecure in some way, the bigger issue is how these will be implemented in secure environments. A prompt-injection that gets ChatGPT to say a bad word isn’t a security problem. But applying security controls around things like single sign-on with tools is still critical. 

CISOs are increasingly in the hot seat.Recently the SEC threatened to issue a Wells Notice on SolarWinds CISO Tim Brown for “failure to disclose material information.” This has caused some controversy in the CISO community. In most environments CISOs’ internal communications are very transparent. It is up to the board and other executives as to what they want to communicate externally. If that’s the case, why are CISOs being blamed for lack of public communications? CISO accountability might just be part of the role being accepted into the C-suite. “If we want to be making decisions that impact the shareholders of the company, being held accountable for those decisions is part of that,” said Mike Johnson. 

We have an embarrassment of security vendors.Richard Stiennon’s Security Yearbook 2023 lists over 3,400 security vendors and that number continues to grow. A CISO’s job requires reducing risk for the organization. Looking at vendors, when they need to solve a problem and/or reduce risk, is part of that. Making sense of the crowded landscape requires balancing potentially discovering a new vendor that can better solve an existing problem, or further drilling down on existing solutions to get the most out of what you already have. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Reqfast

Reqfast

What I love about cybersecurity...

"I love that you get to be skeptical, humble, and creative, and think from an attacker's perspective and then implement the best defensive strategy that you can with the resources available. Going into it, there's a lot of really smart people that have worked really hard on impressive systems, and you almost have to have this illusion that there's something wrong with it, there's something that's going to be exploited, and you need to find out what it is, and you need to find out how to protect it." - TC Niedzialkowski‌, CISO, Nextdoor

Listen to full episode of

Create A Pipeline of Cyber Talent...

"We have to find people that have the basic fundamental skills that we need to learn the ability to do the job, and then put them in either an apprenticeship or an entry-level role or just a role where you can teach them the skills that they are missing or improve and hone the experiences that they already have and get them fairly rapidly up to the skill level that you need." - Geoff Belknap, CISO, LinkedIn

Listen to full episode of

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group.

Thanks to our Cyber Security Headlines sponsor, Veza

Veza

Super Cyber Fridays!

“Hacking Conferences” – Super Cyber Friday 

Hacking Conferences

Please join us on Friday, August 18, 2023 for Super Cyber Friday.

Our topic of discussion will be “Hacking Conferences: An hour of critical thinking about shaking up the old format of in-person events.”

We’re going to focus on smaller conferences with this discussion, not huge expos like Black Hat and RSA.

Joining me for this discussion will be:

  • Gianna Whitver, co-founder and CEO, Cybersecurity Marketing Society

  • Tom Hollingsworth, organizer, Tech Field Day

Sponsored Content!

Are CISOs the CFOs of IP?

Are CISOs the CFOs of IP?

We’ve seen a lot of security concerns around the use of generative AI tools, particularly around data leaks.

These new technologies provide challenges around how we build, use, and leverage them. So it’s easy to miss the new opportunities these afford. Sounil Yu, CISO, JupiterOne, sees ChatGPT and other AI tools as a way to transform the role of the CISO entirely. He proposes a new role where the CISO acts like a CFO for intellectual property. Rather than focusing on restricting all IP, regardless of value to the organization, Sounil looks at these as potential assets for investment.

Team8

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.