View this email in your browser

Super Cyber Fridays!

Join us TOMORROW, Friday [10-27-23], for "Hacking Third-Party Risk in the Cloud"

Please join us on Friday, October 27, 2023 for Super Cyber Friday.Our topic of discussion will be “Hacking Third-Party Risk in the Cloud: An hour of critical thinking about the under-appreciated risks introduced by your sanctioned and unsanctioned SaaS apps.”Joining me for this discussion will be:

• Brian Vecci, field CTO, Varonis

• Richard Rushing, CISO, Motorola Mobility

Register

Thanks to our Super Cyber Friday sponsor, Varonis

Defense in Depth

What's Entry Level in Cybersecurity?

We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist.

Check out this post from Olivia Rose of Rose CISO Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is our guest Jay Wilson, CISO, Insurity.

You have to know where to look for entry level positions

Often we can take a US-centric look on the overall cybersecurity job outlook. "There is more interest in hiring entry level folks and developing them outside the USA. In the US there is more competition for jobs," said Keith Price of Envision Pharma Group. Bringing interns into cybersecurity teams is also another entry point. “Many companies have intern programs focused on early identification of cyber talent. We hire more than one of them every year directly from college,” said James O. Holley of 3M. Seth J. Kirschner of DoubleVerify also pointed to companies that offer training programs for interns to become analysts. 

Applicants need to rethink the process

Cybersecurity job applicants can use their security mindset in the job search process itself. "Pretend you're a hacker trying to get into this system called ‘First Cybersecurity Job’. The way everyone else has been trying to get in has been patched. Think like a hacker and get creative," said Timothy Pham of Free Geek. A lateral approach into the field is a viable option. Edward Mattison of Practical Security and Property recommended, “Take entry level jobs in IT. Focus on security tasks, get a cert of two, then move over to the cyber jobs that need some prior experience.”

Highlight the experience you do have

Many applicants forget that cybersecurity experience isn’t limited to paid work. "Get your hand dirty very early when you are in school, go for an internship, or volunteer,” said Tania Jareen of Wichita State University. Don’t shy away from crediting your volunteer work. Employers value the experience, not if you got a paycheck for it. "Remember experience is experience. Any volunteer work you’ve done counts," said Rodrick Epps of Interstate Batteries. 

Industry veterans need to step up

Those already in the field need to be of assistance to pave the way for new blood. Success in a security role often comes down to mindset and passion more than a set of skills to get you hired. "I’d like to see folks brokering an intro and getting comfortable with it. How weak we are as industry professionals if we can’t do that," said Diane Gandara, Silicon Valley Networker. 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, SlashNext

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Arvin Bansal, former CISO Americas, Nissan Motor Corporation.

Thanks to this week's headlines sponsor, Vanta

Cyber chatter from around the web...

Jump in on these conversations 

"Switching Cyber Disciplines ~4yrs in" (

More here

)

"Government Contracting (TS) = Never getting new skills like Private? Career Suicide?" (

More here

)

"100% Security Protection for Company" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [10-27-23] Hacking Third-Party Risk in the Cloud

• [11-03-23] Hacking SOC 2

• [11-17-23] Hacking US Data Privacy

• [12-01-23] Hacking Trust Management

Save your spot

and register for them all now!

Sponsored Content!

Upskilling Into People Management

Upskilling talent is a laudable goal for any organization, but getting there requires some careful consideration.

Part of this needs to be finding a commonality between what the business needs and the interests and motivations of a given employee. For Sara-Michele Lazarus, founder and CISO, Faded Jeans Technology, transitioning staff into people management can be the most challenging. This isn’t a discipline that’s mastered on day one, but rather a continual learning process. A mentorship program is key to navigating this type of upskilling.

Be sure to watch this video to understand how fostering upskilling can benefit both your staff and business.

Huge thanks to our sponsor, Team8

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.