Each time I think I’m getting to the heart of the challenges faced by those on all sides of cybersecurity recruiting, a further complexity raises its ugly head.
While I still think that job titles are horribly limiting, that job descriptions completely miss the point, and that the cybersecurity skill-gap misconception is mostly the fault of the organisations asking for help, there’s no getting away from the fact that cybersecurity recruiters are doing themselves no favours.
I have made no secret of my distain (bordering on disgust) for anyone using the GDPR’s ‘administrative fines’ to further their own ends. Whether the ends are selling products, services, or column inches, trying to scare organisations into parting with their hard-earned cash is totally unacceptable and I only hope that most of them have failed.
That said, it is clear from Google (€50M), British Airways (€200+M), and Marriott (€110+M) that enormous fines are now a reality for organisations who egregiously break the law. And make no mistake, they ARE breaking the law. A law that enforces one of OUR fundamental human right.
I am absolutely sick to death of security vendors using the buzz-phrase Artificial Intelligence (AI) as a descriptor for their product or service.
- AI does not even exist yet, the most you can say is that it’s very clever programming;
- Not everyone is a fan of AI.
So, by trying to claim your product uses AI, you have now alienated 2 types of people; 1) those who hate bullsh*t artists, and 2) the paranoid.
In cybersecurity, there are a lot of both.
It is with thanks to Chad Loder that I write this blog. His post on LinkedIn made me laugh out loud and is what inspired me to propose the CEO Cybersecurity Challenge (#ceocybersecuritychallenge). The very simple post was:
From: Security Team
To: All Employees
Subject: Security Awareness Training
To opt out of this year’s security training, click here.
Security experts will instantly see the simple genius of this social engineering tactic. In just 10 words you get:
Anyone who reads my blogs knows that I’m not highly technical. In fact, I have warned organisations against buying technology [for technology’s sake] more than I have ever recommended it. And I will continue to do so until everyone is following the pre-purchase golden rules: