08-20-20 - I'm Looking to Hire Someone Who Already Knows Everything

I'm Looking to Hire Someone Who Already Knows Everything

August 20, 2020

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Junior Cyber People

Junior Cyber People

 On this episode of Defense in Depth:

Co-host Allan Alford and Naomi Buckwalter, director of information security & privacy at Energage, discussed:

  • There are tons of newbies eager to work in cybersecurity. The shortcoming is not the available pipeline, but a lack of headcount and managers' willingness to train and find appropriate assignments.

  • Because headcount is often the limitation to hiring, leaders will opt to hire the most senior person they can get.

  • Common feeling is hire one experienced person and stress them out rather than hire three junior people and train them. Problem with the former is if you stress that experienced person they will leave and tell others not to work there.

  • There is plenty of good junior-level cybersecurity work, such as asset management cleanup, PII discovery, procedure documentation, filling out security questionnaires, scrubbing and tuning out false positives from alerting systems, reviewing vendor contracts, patch verification, following up on vulnerability management with other teams, launching and managing vulnerability scans, interviewing for shadow IT installations, working with help desk for user account remediation, and scanning logs for anomalies.

Thanks to this week's sponsor of Defense in Depth, Salt Security.

Salt Security

protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.

Rohini Katsuri, chief product officer, Pulse Secure on the different security planes

TOMORROW, Friday [8-21-20] We're Hacking Third Party Risk

Join us tomorrow, Friday, August 21st, 2020 at 10 AM Pacific/1 PM Eastern for "Hacking Third Party Risk : An hour of critical thinking on how to consider and measure all risks into your overall risk posture”.I'll be leading this discussion with Gerard Scheitlin, Reciprocity GRC expert and founder, RISQ Management and Nina Wyatt, CISO, Sunflower Bank.REGISTERPlus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.Huge thanks to Reciprocity for sponsoring.

Lee Parrish, CISO, Hertz on cranking up security structure

Best Moments from “Hacking Healthcare Security” Video Chat

Best Moments from "Hacking Healthcare Security" Video Chat

Here are seven minutes of highlights from last week's video chat“Hacking Healthcare Security: An hour of critical thinking on reducing risk across the health industry’s unique threat vectors.".

To see the entire replay of the video chat, go here.

Joining me in this valuable hour were Jon Ehret, vp of strategy & risk, RiskRecon and Errol Weiss, CSO, Health-ISAC. 

Thanks to our video chat sponsor, RiskRecon

RiskRecon-Third Party Risk Report
Best Bad Idea for "Hacking Healthcare Security"

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.