RCR 016: Cybersecurity Hiring (Part 4) - CISSP Study and Training!

Description:  

In this show, Shon will go over the key aspects of looking for candidates externally to your organization or if you should consider one of your current employees. This is part 4 of 5 in the ongoing series designed to help HR/Hiring managers as well as those looking for cybersecurity jobs.

These videos will go over what the hiring professionals should be looking for and what potential candidates should strive to achieve to meet the growing cybersecurity job demand.

This part of the video series will go through what you should consider when looking at internal vs. external candidates for your cybersecurity jobs. You need to determine if there are regulatory requirements that mandate that someone is required within your organization or if you can outsource the capability.

Transcript:

Welcome to the reduce cyber risk podcast where we give you the tools you need to meet your regulatory requirements while helping keep the evil hacker Hornet Bay hi my name is Sean Gerber and I'm your host for this action-packed informative podcast join me each week is I provide the information you need to best protect your business and reduce your company cyber risk now when I get the first part about internal vs. external we've talked about this and numerous parts around our session here but internal candidates if you're focusing on an internal candidate maybe they don't have an it hella positive peace around that would be is they don't know what they don't know so therefore they don't already anchored and what they believe is what it should be done so what security should be and and ask more questions especially if they come from a non IT background Finance compliance really good people that could do well in a security space but the key part about that is they have to want to do they have to have the hunger to do it they also had to have very good interpersonal skills this role is a lot about influence now your security analyst role maybe more about just doing the buttons you'll click a button here call somebody there and it may not be as much from an interpersonal standpoint however if you're going to do a security architect role or anything like that you're going to have that challenge so you need to focus on good interpersonal skills they also need to have a hunger to learn they always need to be able to learn and expanding and what they do don't have a hunger it is as boring as dry toast is boring boring right do you have to have the ability to understand that and always be willing to learn we are looking at external candidates use less experienced people it may be warranted depending we talked about that right if there's not much of a market or you don't have the the paycheck to pay for all that maybe that's the situation fermenters okay Mentor that they're available maybe there's another company that's close by that maybe like a sister company or maybe not a competitor but they have a security person that they could be a mentor to one of your people size business that do they have accountability are they connected with the CIO the CFO to CEO are they connected with the sea level or just the owner in reality do they have a manager do they have someone that can walk in through but is there some level of accountability around security and that they can go ahead and report to if they are being held responsible by the CIA local operations I know there's many many medium-sized businesses that may have offices in places around the globe do they have that responsibility from a global standpoint where are they specifically local to your geographic location all of that will play into this a bit as well do they have vendor requirements or restrictions that that can come into play what about risk assessment requirements so all of those pizzas kind of come into the debeing when you have Global or local operations any regulatory requirements are you part of the nydfs the New York Department of Financial Services they require a Cicero or in reality they require somebody that can do security responsibility for security within an organization and you going to see that a lot of people will say it while I've got to have a security officer no not really you just need to have somebody that it can be your responsible person for security by Chinese cyber laws another person got to have someone decided Define specifically that is your responsible person around Chinese Cyber Law you're as far as your resume go she got some key topic are easy to be aware of it so if you're a person that you're if you're looking at resumes or you're putting your resume out there's an individual or is HR some key topics you think about industrial experience or industry experience doesn't necessarily make the person of the candidate so you can a person who's in the chemical manufacturing space apply for a financial role in security they may be gaps in certain areas but they may have a laundry list of experience at take some Way Beyond what the financial services person could find do they have regulatory requirements around PS pci-dss Sox see fats New York Department of Financial Services and the alphabets do they have to have their regular experience or do they need to have it just one field they weren't specifically in just all of banking their entire life not a bad thing but if you're looking for a chemical Bankers are a security person in banking their entire life may not be your best choice choices maybe who's your best choice that's just something to consider around them security organizations Square aisaka any of these things that are out there so are they involved in those do they have any government involvement did they come from a government background many security people come from the government that's where I came from day is a commander a red team that's all we did was penetration testing and we used to hack all kinds of systems but there was a government that did it right and that's what I was part of and we can get away with hacking those systems because in reality that the government owns those systems I didn't have to worry about being put in jail for hacking into a system now did you do that what happens if my competitor just see what happens you probably going to go break big rocks into little rocks so the good talent does post challenges right so you've got understand if you get these good people you're going to have to keep them and what's going to keep them money for filming location whatever might be but you need to consider those things because they are not they're going to go security clearances big deal okay if you can get some of the security clearance you better need a security clearance security clearance is only good for a certain. Of time so that's just something to kind of consider but if your job requires a clearance those are even harder to find okay it's now gone so if someone wants to come back in and pull me on as a contractor so now they have to go all the way back to the beginning they just go back where I left off however the simple fact of the matter is they still have to go back and that cost money and time for the job description goes you need to put out the responsibilities so the person who designs builds test excetera those keywords that walk people through what is the expectation so if you are looking from a business of being the individual what are the responsibilities of the role do you really want to do that during HR person what are you trying to accomplish design-build test Exeter excetera excetera you're going to need some help in that right and driving information security within an organization that's Miller key bullet right you try to put this into the organization do you need to put that down that needs to be culture within your organization that drives information security also you put down the Implement security measures these are just key responsibilities squeaky duties will be conducting regular systems test monitoring ensuring compliance governs protecting intellectual property review and current system security measures and implementing enhancement those are kind of the key duties that a security person would be doing again responsibilities don't make sure that it's compliant and that you are protecting your IP nothing to think about skills and competencies prison information security and or it risk management solid knowledge experience with firewalls encryption strong customer focus right able to meet demands and internal external users those are some key job descriptions that are skills and competencies that you may require within your organization for security person talk about security certification certified ethical hacker industry-specific requirements HIPAA ffic sock to Chinese Cyber Law and so forth again very different levels of certification and skills and competencies this was part was that the last part of my talked about with a description the job description responsibilities you keep part of this lesson was to get you out there and this episode was to walk you through if you're putting together a resume what are some things you should consider if you're an individual who is looking to hire individuals what are some things you should look at with the resume what should you consider okay I got some great stuff out there more videos you'll find out on YouTube and see stuff out there a LinkedIn as well but you can check it out to reduce cyrus.com alright have a great day see you