The Rise of the Breach Response Specialist

It was not that long ago that the most senior security incumbent at the time of a data breach was not only fired ignominiously, but torn to shreds by his/her ‘peers’ as being anything from unqualified, to incompetent, to grossly negligent.

They became nothing short of pariahs.

The vestiges of this ridiculous practice are still rife (take BA for example), but things are changing, and we all have a Recital to thank for it:

Continue reading

You Want an Honest CV / Resume? Here’s Mine!

I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.

When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.

Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).

Continue reading

Cybersecurity Recruiters: Your Failures Explained

Each time I think I’m getting to the heart of the challenges faced by those on all sides of cybersecurity recruiting, a further complexity raises its ugly head.

While I still think that job titles are horribly limiting, that job descriptions completely miss the point, and that the cybersecurity skill-gap misconception is mostly the fault of the organisations asking for help, there’s no getting away from the fact that cybersecurity recruiters are doing themselves no favours.

Continue reading

You’re Not Hiring People, You’re Trying to Solve a Problem

5 years ago, when I was still smarting from being laid off [fired, cough], I found myself back in the job market looking for …something.

After 12+ years in the same organisation, I had worked my way up from ‘Firewall Administrator’ to ‘Director of Delivery’ for EMEA and APAC. Through poor planning and various character flaws I was at a complete loss where to even start looking for an equivalent position. My safety-net was non-existent as making connections has never been what I would call a strong suit.

Continue reading
Skills Gap

Cybersecurity Skills Gap? You’re Clearly Looking in the Wrong Place

Like every other independent security consultant out there, I have to ask; “Cybersecurity skills gap? What the Hell are you talking about?”

I’m not even going to quote the plethora of doomsday statistics, but suffice to say the majority of organisations and Governments believe the cybersecurity skills gap is actually a real thing and getting worse. They have no idea that the experts to solve most security issues are out there with dumbfounded expressions thinking; “I’m sitting RIGHT here?!”

Continue reading