- CISO Series Newsletter
- Posts
- Entry Level Position Available. 15+ Years Experience Required
Entry Level Position Available. 15+ Years Experience Required
Entry Level Position Available. 15+ Years Experience Required
CISO Series Podcast
Entry Level Position Available. 15+ Years Experience Required
On this week's episode Andy Ellis, operating partner, YL Ventures and I welcome Bryan Willett, CISO, Lexmark to discuss the following issues. Please give us your thoughts.
Do hiring managers need awareness training on the definition of "entry level?"
This week's newsletter headline is not a joke. An actual job listing on LinkedIn discovered by Mike Miller of Cyber Protection Group requested just that. We're all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs. Honestly, I keep hunting for these so-called 3+ years of experience for entry level jobs and I don't see them, but I'm told they do exist. As evidenced by this post, this topic drives cyber pros crazy. Why does it still happen and are these job posts just a foil for our collective frustration with the industry?
“What is the value of security operations if you’re not detecting and dealing with an incident? What do I pay you for?”
This was a question Dom Goldthorpe of BAE Systems overheard from someone in upper management. Both host and guest agreed that your incident response team should operate at 50% capacity because they'll be needed for those unexpected spikes. Brian Willett said they're getting these security responders to work with their architecture and IT operations teams primarily to look down the supply chain and help improve the security of their parts delivery.
Where can a trust based relationship work and not work?
"You want to see that they have a repeatable process there that shows that they know how to test for the integrity of the product they're bringing into their manufacturing line, and that they know how to test it coming off the manufacturing line for its integrity," said Bryan Willett who also noted that he has to do his own verification as well. But, that trust begins by getting first hand insight to the third-party vendors' processes and seeing for yourself that they know what they heck they're doing.
Did cybersecurity awareness month actually accomplish anything?
Bryson Bort, CEO of SCYTHE asked this question on Twitter as to what's the ultimate goal of getting everyone to pay attention to cybersecurity for the month of October. Here are some of our favorite answers:
- Getting security to be aware of the business.
- A push for more empathy.
- To influence organizations to prioritize security the same way they prioritize productivity.
- We need a Woodsy the Owl or Smoky the Bear level of outreach to hit those outside of cybersecurity.
Please
and read the full transcript. If you haven't already
t, please do.
Thanks to our podcast sponsor, AuditBoard
Best advice I ever got in security...
"There's always a Corellian starship ready to destroy the Earth. Meaning there's always a crisis. Manage calmly through it." - Bryan Willett, CISO, Lexmark
Listen to full episode of
Isn’t it all exposure management? Isn’t that what we’re doing?
"As security professionals, what we’re thinking about first and foremost is to give the attacker the most limited amount of exposure to attack in any given situation. And honestly, the term was founded in the software development practice, so things like configuration, like how would you securely access an application. Well, let’s not give someone four different methods. Let’s do one and really lock it down. And so I think the terminology isn’t necessarily new, but I would say I think the term actually better resonates with board level and C-level decision makers." Jonathan Trull, CISO, Qualys
Listen to full episode of
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
Make sure you
to join the LIVE "Week In Review" this Friday for
Cyber Security Headlines
. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Terrance Cooley, CISO, Air Force JADC2 R&D Center.
Thanks to our Cyber Security Headlines sponsor, Automox
Super Cyber Fridays!
"Hacking Cyber Insurance" - Super Cyber Friday
Join us this Friday for "Hacking Cyber Insurance: An hour of critical thinking about getting the finance side to be working in concert with security and IT.”
It all begins at 1 PM ET/10 AM PT this Friday, December 2, 2022 with guests Scott McCrady, CEO, SolCyber and Anthony Dagostino, CEO and founder, Converge. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, SolCyber
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.