CISO Series Newsletter
Posts
08-27-20 - Is This a Job Listing or a Corporate Wish List?

08-27-20 - Is This a Job Listing or a Corporate Wish List?

Is This a Job Listing or a Corporate Wish List?

August 27, 2020

View this email in your browser

This week's episode of Defense in Depth

What Cyber Pro Are You Trying to Hire?

This week's episode

is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our guest is Liam Connolly, CISO, Seek. All three of us discussed:

The poor focus of cybersecurity job listings often exposes either the poor understanding or lack of maturity of a company's information security program.
We often see management cyber jobs asking for engineering skills and vice versa.
Job listings can also portray the "last guy" syndrome. Those are the job listings that tack on desired skills the last person did not have.
When you see too many requirements it comes off as a wish list. It's not what is required, it's more of a question as to how many boxes can a candidate check off.
There can be serious harm to a company's ability to hire if they throw down too many requirements or even optional items. People who are truly required for the position you want may never apply because they'll be scared off by the other skills required or desired.
CISOs are often hired by non security people and as a result they don't have a full understanding of what type of CISO they want. As a result it's often hard to find two similar CISO job listings.
While CISO technical competencies are desired, it's clear that once hired a CISO will not be showing off their technical expertise. As a result, there's a lot of debate as to how much technical skill a CISO really needs. The job requires management, influencing, and communications.
Many hiring teams have a hard time parsing out the types of security people they need to build out a security team. That's why you get a single job listing that appears to want to hire five different types of security people.
If a CISO isn't given the budget and authority to hire a staff to fill all the necessary gaps for the company's security program, they will become fed up and leave. That starts the whole process again.
Many debate that job titles in job listings are just there to massage the ego. But if compensation doesn't match the title, then they realize the title is just for show.

Special thanks to this week's podcast sponsor, Salt Security.

Salt Security

protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.

Cyber Security Headlines

This week's sponsor of

Cyber Security Headlines

is Trend Micro

Mike Johnson on where to stick your password

Tomorrow! Friday [8-28-20] We're Hacking Cyber Diversity

Join us this Friday, August 28th, 2020 at 10 AM Pacific/1 PM Eastern for

“Hacking Cyber Diversity: An hour of critical thinking on hiring diverse staff and using that to improve security and your competitive advantage”

I'll be leading this discussion with Jules Okafor, CEO and founder, RevolutionCyber and Christina Morillo, security engineering, Microsoft and chapter lead for Women in Security and Privacy (WISP)

REGISTER

Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.

CISO Series Video Chat Highlights

Best Moments from Hacking Third Party Risk