Sign up to save your podcasts
Or
Share Cybersecurity Hiring
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cybersecurity Hiring
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-hiring/)
Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is one our favorite InfoSec gadflies, Greg van der Gaast.
Thanks to this week's podcast sponsor, Morphisec
Detection-based security technologies are by definition reactive, responding to threats after they've hit. Morphisec takes an offensive strategy to advanced attacks, dismantling the attack pathways to prevent an attack from ever landing. No detection, no hunting, no clean-up. Watch the on-demand webinar to see how it works. More at www.morphisec.com.
On this episode of Defense in Depth, you'll learn:
- Specialization also veers towards simplifying as Greg said, "A lot of middle of the road positions are being narrowed and dumbed down in a push towards commoditization."
- Is the collection of so many tools pushing us to more specialization? Have we created our own hiring problem?
- There are needs for specialists and generalists in cybersecurity. The issue is where do you find the balance from the creation of your toolset to your hiring?
- Too many open positions for security analysts which isn't a defined role. Sometimes there's an inherent laziness in hiring managers just wanting "a security person" and not understanding their environment as to what they really need.
- Greg notes that "you can often tell how broken an infosec organisation is just by looking at the job roles they're looking to fill and the job descriptions."
- If you're developing a tech stack and then looking for people to manage it, that is the reverse way you should be building a security program.
- Students are eager to learn, but degrees are useless when companies are hiring for specific tools.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-hiring/)
Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is one our favorite InfoSec gadflies, Greg van der Gaast.
Thanks to this week's podcast sponsor, Morphisec
Detection-based security technologies are by definition reactive, responding to threats after they've hit. Morphisec takes an offensive strategy to advanced attacks, dismantling the attack pathways to prevent an attack from ever landing. No detection, no hunting, no clean-up. Watch the on-demand webinar to see how it works. More at www.morphisec.com.
On this episode of Defense in Depth, you'll learn:
- Specialization also veers towards simplifying as Greg said, "A lot of middle of the road positions are being narrowed and dumbed down in a push towards commoditization."
- Is the collection of so many tools pushing us to more specialization? Have we created our own hiring problem?
- There are needs for specialists and generalists in cybersecurity. The issue is where do you find the balance from the creation of your toolset to your hiring?
- Too many open positions for security analysts which isn't a defined role. Sometimes there's an inherent laziness in hiring managers just wanting "a security person" and not understanding their environment as to what they really need.
- Greg notes that "you can often tell how broken an infosec organisation is just by looking at the job roles they're looking to fill and the job descriptions."
- If you're developing a tech stack and then looking for people to manage it, that is the reverse way you should be building a security program.
- Students are eager to learn, but degrees are useless when companies are hiring for specific tools.
More shows like Defense in Depth
View all
Hacked
186 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
369 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
176 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
195 Listeners
Cybersecurity Headlines
138 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
167 Listeners