When Job Descriptions Reveal a Broken Security Program

When Job Descriptions Reveal a Broken Security Program

May 16, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Cybersecurity Hiring

Defense in Depth: Cybersecurity Hiring

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest, security maven, Greg van der Gaast, discuss the following:

  • Specialization also veers towards simplifying as Greg said, "A lot of middle of the road positions are being narrowed and dumbed down in a push towards commoditization."

  • Is the collection of so many tools pushing us to more specialization? Have we created our own hiring problem?

  • There are needs for specialists and generalists in cybersecurity. The issue is where do you find the balance from the creation of your toolset to your hiring?

  • Too many open positions for security analysts which isn't a defined role. Sometimes there's an inherent laziness in hiring managers just wanting "a security person" and not understanding their environment and what they really need.

  • Greg notes that "you can often tell how broken an infosec organisation is just by looking at the job roles they're looking to fill and the job descriptions."

  • If you're developing a tech stack and then looking for people to manage it, that is the reverse way you should be building a security program.

  • Students are eager to learn, but degrees are useless when companies are hiring for specific tools.

Special thanks to this week's Defense in Depth podcast sponsor, Morphisec.

Morphisec

Detection-based security technologies are by definition reactive, responding to threats after they’ve hit. Morphisec takes an offensive strategy to advanced attacks, dismantling the attack pathways to prevent an attack from ever landing. No detection, no hunting, no clean-up. Watch the on-demand webinar to see how it works. More at www.morphisec.com.

Our “What Not to Do” Security Selling Secret - CISO/Security Vendor Relationship Podcast

Vulnerability Management

Topic Takeover: Vulnerability Management

One program we initiated in 2019 is something called "Topic Takeover" where we delve into one topic, by creating a deluge of articles, videos, podcasts and memes on just that one subject. The editorial is fully controlled by CISO Series, but we align ourselves with a sponsor who is eager to be associated with the topic.

Check out our first "Topic Takeover" effort on the subject of vulnerability management. Thank you to Vulcan Cyber for sponsoring the series.

Defense in Depth: How CISOs Discover New Solutions

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.