This week's episode of Defense in Depth
What Cyber Pro Are You Trying to Hire?
This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our guest is Liam Connolly, CISO, Seek. All three of us discussed:
The poor focus of cybersecurity job listings often exposes either the poor understanding or lack of maturity of a company's information security program.
We often see management cyber jobs asking for engineering skills and vice versa.
Job listings can also portray the "last guy" syndrome. Those are the job listings that tack on desired skills the last person did not have.
When you see too many requirements it comes off as a wish list. It's not what is required, it's more of a question as to how many boxes can a candidate check off.
There can be serious harm to a company's ability to hire if they throw down too many requirements or even optional items. People who are truly required for the position you want may never apply because they'll be scared off by the other skills required or desired.
CISOs are often hired by non security people and as a result they don't have a full understanding of what type of CISO they want. As a result it's often hard to find two similar CISO job listings.
While CISO technical competencies are desired, it's clear that once hired a CISO will not be showing off their technical expertise. As a result, there's a lot of debate as to how much technical skill a CISO really needs. The job requires management, influencing, and communications.
Many hiring teams have a hard time parsing out the types of security people they need to build out a security team. That's why you get a single job listing that appears to want to hire five different types of security people.
If a CISO isn't given the budget and authority to hire a staff to fill all the necessary gaps for the company's security program, they will become fed up and leave. That starts the whole process again.
Many debate that job titles in job listings are just there to massage the ego. But if compensation doesn't match the title, then they realize the title is just for show.
Many debate that job titles in job listings are just there to massage the ego. But if compensation doesn't match the title, then they realize the title is just for show.
Read more: https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/
Tags 🏷
#cissp #cciso #cism #isc2 #isaca #malware #cyberattack #threats #ransomware #cyberrisks #iot #itsecurity #cloud #cloudsecurity #infosecurity #securitymanagement #awarenesssecurity #top10vulnerabilities #carreira #career #darkweb #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cibercrime #cisoseries
Tags 🏷
#cissp #cciso #cism #isc2 #isaca #malware #cyberattack #threats #ransomware #cyberrisks #iot #itsecurity #cloud #cloudsecurity #infosecurity #securitymanagement #awarenesssecurity #top10vulnerabilities #carreira #career #darkweb #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cibercrime #cisoseries
Comentários
Postar um comentário