RCR 015: Cybersecurity Hiring (Part 3) - CISSP Study and Training!

Description:  

n this show, Shon will go over the key aspects for individuals looking for cybersecurity jobs. This is part 3 of 5 in the ongoing series designed to help HR/Hiring managers as well as those looking for cybersecurity jobs.

These videos will go over what the hiring professionals should be looking for and what potential candidates should strive to achieve to meet the growing cybersecurity job demand.

This part of the video series will go through what individuals need to consider when looking for cybersecurity jobs. We will go through the career progression and how to increase your knowledge. In addition, we will touch on mentorship, certifications, and using outside resources to help you in your journey.

Transcript:

Welcome to the reduce cyber risk podcast where we give you the tools you need to meet your regulatory requirements while helping keep the evil hacker hoarded Bay hi my name is Sean Gerber and I'm your host for this action-packed informative podcast join me each week is I provide the information you need to best protect your business and reduce your company cyber risk real shocker Bergin from reduce cyber-risk now this is the ongoing series we have around cybersecurity not just a job description and where do we talked about in this episode about did the responsibilities resume and job descriptions as a relates to the overall process that would be is they don't know what they don't know so therefore they don't already anchored and what they believe is what it should be done so what security should be and and ask more questions especially if they come from a non IT background Finance compliance really good people that could do well in a security space especially but the key part about that is they have to want to do they have to have the hunger to do it they also had to have very good interpersonal skills this role is a lot about influence. Your security analyst role maybe more about just doing the buttons you'll click a button here call somebody there and it may not be as much from an interpersonal standpoint however if you're going to do a security architect role or anything like that you're going to have that challenge so you need to focus on good interpersonal skills have a hunger to learn always need to be able to learn and then be changing and expanding and what they do a cyber-security is no different if you don't have a hunger it is as boring as dry toast is boring right stupid boring right do you have to have the ability to understand that and always be willing to learn you're looking at external candidates use less experienced people it may be warranted dependent we talked about that right if there's not much of the market or you don't have the the paycheck to pay for all that maybe that's the situation fermenters komentarz if they're available maybe there's another company that's close by that maybe like a sister company or maybe not a competitor but they have a security person that they could be a mentor to one of your people where to find a hard to keep but you need to focus on security people on how you can keep them here for a long-term responsibilities responsibilities of a security person they are responsible to manage team so they may be local or distributor resources but their purpose is to manage this team your business integration also do they have compliance data privacy and operational experience that may be required in many cases if you hear my cat there's a reason there's a mini reason book from a compliance operations standpoint so there's business integration around that and that if that's a good background to have especially if you're in a more medium sized business that do they have accountability are they connected with the CIO the CFO to CEO they have a manager do they have someone that can walk in through but is there some level of accountability around security and that they can go ahead and report to that they are being held responsible by from that the CIO the CFO to CEO Global or local operations I know there's many many medium-sized businesses that may have offices in places around the globe do they have that responsibility from a global standpoint or are they specifically local to your geographic location all of that will play into this a bit as well do they have vendor requirements or restrictions that that can come into play what about risk assessment requirements so all of those pizzas kind of coming to the debeing when you have Global or local operations any regulatory requirements are you part of the nydfs the New York Department of Financial Services they require a Cicero or in reality they require somebody that can do security responsibility for security within an organization and you're going to see that a lot of people will say all I've got to have a security officer no not really you just need to have somebody that you can be you're responsible person for security by Chinese cyber laws another person got to have someone decided Define specifically that is your responsible person around Chinese Cyber Law as far as your resume go she got some key topic areas you to be aware of his so if you're a person that you're if you're looking at resumes or you're putting your resume out there's an individual or is HR some key topics you need to think about industrial experience or industry experience doesn't really make the person of the candidate so what you can a person who's in the chemical manufacturing space apply for a financial role in security they may be gaps in certain areas but they may have a laundry list of experience that takes I'm Way Beyond what the financial services person can find do they have regulatory requirements around PS pci-dss Sox hats New York Department of Financial Services write but do they have to have that Realtor experience do they do they have it or do they need to have it deliver breath of him experience not just one field they weren't specifically in just all of banking their entire life however if you don't have any other choices maybe who's your best choice that's just something to consider around them a person Barton Security organizations is C Square aisaka any of these things that are out there so are they involved in those do they have any government involvement did they come from a government background many security people come from the government that's where I came from the command of a red team that's all we did was penetration testing and we've used to hack all kinds of systems but there was a government that did it right and that's what I was part of and we can get away with hacking those systems because in reality that the government owns those systems I didn't have to worry about being put in jail for hacking into a system now my neighbor and just see what happens if my competitor and just see what happens probably going to go break big rocks into little rocks the good town does post challenges right so you've got understand if you get these good people you're going to have to keep them and what's going to keep them money for filming location whatever might be but you need to consider those things because they are not they're going to go security clearances big deal okay if you can get somebody as a security clearance you better need a security clearance the security clearance is only good for a certain. Of time so that's just something to kind of consider but if your job requires a clearance those are even harder to find I had a clearance it's now gone so if someone wants to come back in and pull me on as a contractor they'll have to go back and read my clearance right so just go back where I left off however the simple fact of the matter is they still have to go back and that cost money in time for the job description goes you need to put out the responsibilities design-build test Excedrin those keywords that walk people through what is the expectation so if you are looking from a business of being the individual what are the responsibilities of the role do you really want to do that during HR person what are you trying to accomplish design-build test Exeter excetera excetera you're going to need some help in that right and driving information security within an organization that's another key bullet right to try to put this into the organization and we've talked about if you don't have support from leadership and you say you're going to do that from an individual stamps you need to challenge the HR person if you got a job interview and they say they want to drive information security within an organization nothing regular systems test monitoring ensuring compliance governs protecting intellectual property review and current system security measures and implementing enhancement those are kind of the key duties that a security person would be doing so again responsibilities efecto make sure that it's compliant and that you are protecting your IP nothing to think about skills and competencies experience and information security and or it risk management knowledge experience with firewalls encryption strong customer focusrite able to meet demands of internal external users those are some key job descriptions that are skills and competencies that you may require within your organization for security person security certification requirements cissp Packers industry-specific requirements HIPAA sfic sock to Chinese Cyber Law and so forth again very different levels of certification and skills and competencies this was part was that the last part of I talked about with a description the job description responsibilities you keep part of this lesson was to get you out there and this episode was to walk you through if you're putting together a resume what are some things you can consider if you're an individual who is looking to hire individuals what are some things you should look at with the resume what should you consider okay great stuff out there more videos you'll find out on YouTube and see stuff out there on LinkedIn as well but you can check it out to reduce cyber risk., all right have a great day see you