Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the Blog Category

Cybersecurity Strategy: The Business Risk Of Being Caught Unprepared

Cybersecurity Strategy

Cybersecurity Strategy

This article was originally published on Forbes by Domini Clark, Forbes Council Member and Founder and CEO of the cybersecurity recruiting executive search firm Blackmere Consulting

The chief information security officer (CISO) is a relatively new role and more and more companies are considering adding the position or increasing the influence of their existing CISO. The urgency stems from an increasing number of reported breaches, many involving hundreds of millions of records and requiring millions and even billions of dollars in fines and damage repair. In fact, Cybersecurity Ventures estimates that cybercrime will be a $6 trillion business by 2021.

A robust cybersecurity strategy is essential for every business, and a CISO leader is crucial to that strategy.

A word of caution: If you feel your company is too small to afford a CISO or your existing organizational structure doesn’t currently support another C-level role, please do not stop reading. Your need is just as urgent: Verizon’s “2019 Data Breach Investigations Report” found that 43% of cyberattack victims are small businesses. Investing in cybersecurity still is essential, and there are ways to protect your business without the enterprise price tag.

Attacks Are Surging

As evidenced by the nightly news, trying to implement cybersecurity strategy after a breach or other incident can prove disastrous. A look at the big picture underscores the need to be proactive. Smart systems, artificial intelligence, cloud-based solutions, the internet of things — many are calling it the Industry 4.0 revolution. Data and technology are at the heart of it all, and the digital landscape is expanding exponentially. But just as it is creating new avenues of growth and revenue, it also is creating new points of vulnerability for business, and the number and scope of cyberattacks is surging.

More and more business leaders are realizing that cybersecurity is no longer just the purview of IT, but requires a comprehensive strategy that extends to all aspects of the business, from the customer service call center to the boardroom. The National Association of Corporate Directors’ annual “Public Company Governance Survey” has, for several years, revealed that board members rank cybersecurity as a top concern. In the 2017-2018 report, only 37% of board members agreed with the statement, “I am confident that our company is properly secured against a cyberattack.” This showed a 5% decrease in confidence from the previous year.

The Risks

An effective cybersecurity strategy is critical, and it needs to address a complex and growing array of risks. You probably have risk management strategies for disasters like fire, earthquake or major power surges. With cybercrime, the risk can be even greater.

• Loss of data can lead to significant financial loss in multiple ways. Criminals can make data simply disappear, or they can use it for personal gain, such as insider trading. Using ransomware, they can encrypt your business-critical files and demand payment to release it. Research has pointed out good reason to believe that intellectual property (IP) is increasingly tied to wealth, and in digital format, IP is vulnerable to cyberattacks.

• Exposure of sensitive data is one of the biggest concerns in the high-profile news stories, and for good reason. If criminals have access to things like login credentials and passwords, routing numbers, credit card numbers and Social Security numbers, you can imagine the consequences. Even in the absence of bad actors, sensitive data can be exposed if security is lax. This can undermine the confidence of your customers and business partners and hit your bottom line — hard.

• A particularly unsettling risk is unauthorized control of physical environments. With increasing use of smart devices and automation, criminals or even terrorists can gain control of manufacturing, communication, transportation and other systems. Thieves could disable alarms and other physical security systems, and terrorists could cause catastrophes like sending a nuclear plant to critical mass, causing trains to crash or taking power grids offline.

• Other risks include malware attacks in the form of viruses, worms, Trojan horses, spyware and other software designed to cause havoc of one form or another. Phishing, in which the criminal poses as a legitimate player in order to access sensitive information, also can put your business at risk.

The consequences of a cyberattack can include damage to brand reputation, as well as the reputations of business owners, senior executives and board members. In several high-profile cases, CIOs or CEOs were forced to resign following major breaches at companies like Target, Equifax and others.

No matter your business or its size, cybersecurity strategy must be a high priority. In the next installment of this series, we’ll uncover why it is critical that your strategy include a CISO or security leader.

2019 US Cybersecurity Salary & Employment Study


This article citing the US Cybersecurity Salary & Employment study originally appeared on Comparitech here, and an excerpt appears below.

2019 US Cybersecurity Salary & Employment Study – which state has the best prospects?

In a world where data protection is becoming increasingly important, cybersecurity roles are at the heart of many companies’ employment strategies.

Often defined as “information security analysts,” these roles involve planning and implementing security measures that help protect an organization’s computer systems and networks. This includes installing software, i.e. firewalls and data encryption programs, investigating security breaches, and looking for potential vulnerabilities before they are exploited.

In 2018, the average salary for cybersecurity roles was $92,789 per year, and over the next 10 years (2018 to 2028), the job growth for these roles is 32 percent (much higher than the average of 5 percent).

So how do these roles shape up on a state-by-state basis (including the District of Columbia and Puerto Rico)?

We reveal where the cybersecurity job hotspots are, including where you’ll get the highest salary, where the most jobs are, and where the best long-term projections for these roles are.

US Cybersecurity Job Hotspots

The top-scoring states for cybersecurity roles

According to our research, Virginia is the best state to be an information security analyst. It was the highest-ranking state for the number of people currently employed in these roles and employment per 1,000 jobs. It also received a high score for its average annual salary and the number of job vacancies currently available.

However, there were some weak points to Virginia’s cybersecurity roles. Since 2013, the average salary and number of people employed in these roles have grown at a slower pace. But this is perhaps due to the vast number of roles already available, and it doesn’t seem to dampen the long-term projections for these roles (41.51 percent growth from 2016 to 2026).

Texas, Colorado, New York, and North Carolina were the other four states that made up the top five. All of these states performed better than Virginia with recent salary increases over both one- and five-year periods. However, only cybersecurity analysts in New York receive a higher average salary ($122,000) than those in Virginia ($111,780).

The top 5 states at a glance

Top 5 states for cybersecurity jobs

The highest-scoring states per category were:

  • Highest average annual salary – New York – $122,000
  • Highest % difference to state average annual salary for all types of employment – New Mexico – 80.34%
  • Highest number of people currently in these roles – Virginia – 14,180
  • Highest employment per 1,000 jobs – Virginia – 3.70
  • Highest number of jobs currently being advertised for – California – 5,008
  • Best long-term projection for roles – Utah – 50% growth
  • Best 5-year increase in employment numbers (from 2013 to 2018) – South Dakota – 212.50%
  • Best 5-year increase in average annual salary (from 2013 to 2018) – Arkansas – 41.69%
  • Best 1-year increase in employment numbers (from 2017 to 2018) – Wyoming – 66.67% growth
  • Best 1-year increase in average annual salary (from 2017 to 2018) – Kansas – 10.86% growth

Check out the rest of the article here.

Domini Clark, Blackmere Consulting, Celebrates Milestone with Forbes Human Resources Council

Forbes Human Resources Council Member

Forbes Human Resources Council Member

Forbes Human Resources Council is an Invitation-Only Community for HR Executives Across All Industries

Domini ClarkDomini Clark, CEO and Founder of Blackmere Consulting, is celebrating her one-year anniversary as a member of the Forbes Human Resources Council, an invitation-only organization for senior leaders to publish original content, connect and excel.

“We are so pleased to have Domini Clark entering year two as a member of Forbes Human Resources Council,” said Scott Gerber, founder and CEO of Forbes Councils. “Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world, and Domini Clark is an important part of that community.”

“I am excited to celebrate our first anniversary as a Forbes Human Resources Council member,” Said Domini Clark. “The values of the community are in perfect alignment with Blackmere’s dedication to making a powerful impact through intelligent connections.  Our participation has definitely helped us further cement our leadership role in the cybersecurity and technical talent acquisition industry.

Forbes Councils is a collective of invitation-only communities created in partnership with Forbes and the expert community builders who founded Young Entrepreneur Council (YEC). In Forbes Councils, exceptional business owners and leaders come together with the people and resources that can help them thrive. More information is available at


Blackmere Consulting is a Technical and Executive Recruiting firm dedicated to Cybersecurity and Information Technology.  From Fortune 100 companies to emerging growth organizations, our focus is to pair talented professionals with companies who value them.

For more information about Blackmere Consulting, visit

What’s Your Story? Why Stories Matter In Recruiting


This article was originally published on Forbes by Domini Clark, Forbes Council Member and Founder and CEO of the cybersecurity recruiting executive search firm Blackmere Consulting


In today’s employment market, candidates are in the driver’s seat. No longer can companies post simple job descriptions online and choose from the countless applications that pour in from qualified talent. To set your company apart from other employers, leaders need to tell their stories to candidates.

Compliance and process are important, but they shouldn’t overshadow the human element. Telling stories lets candidates know your company isn’t just policies, procedures and mission statements — it’s a group of real people working together and relying on one another to get the job done.

Stories Give You An Edge

Whether your data center runs on 100% sustainable energy or the organization was founded by a female combat veteran, there’s something unique about you as an employer. Here are some compelling reasons to tell your story, and some ideas on how to tell it.

• An interesting job posting differentiates your company from competitors who just post boring job descriptions from the HR files.

• It supports the emerging best practice of making a more personal connection with candidates; before direct contact, you’re introducing a more human element.

• Stories start engaging candidates with your workplace culture even before the hire.

Stories are part of marketing your opening position — appealing to a target audience. However, it’s a unique part. If your company uses leading technology or regularly posts 20% year-over-year growth, you should share that. But you also should share stories with emotional appeal that humanize your company.

Finding The Stories

Look for things that are unique about your people, culture or organization that highlight values or speak to a sense of purpose. Some examples:

• The company is family owned for three generations and has a reputation for integrity.

• Your organization provides each employee a couple of paid volunteer days each year.

• The company offers free yoga classes or massages once a week.

Get input from your top performers. What was it about your company that attracted them? In addition to less-personal things, like how great the business model is, look for real-person things like, “The schedule flexibility allows me to coach my daughter’s robotics competition team.” Incorporate these stories into your message to help attract similar candidates who are likely to be a good fit for your culture and mission.

Branding Is Generic; Stories Are Specific

Employment branding and value propositions are important — it’s surprising how many companies still aren’t using them. At the same time, these typically are generalized and apply to any position, from a help desk associate to a CITO. Stories should be more specific, which may also add substance to your overall message. For example, suppose a company has created the employment brand “Smart Careers for Smart People.” It gets your attention and may appeal to the type of people you want.

Just the same, it’s vague and impersonal. In contrast, the story about your company promoting volunteerism connects with candidates who value a sense of purpose. Candidates can identify with it and probably have some personal experience with volunteering. If they feel strongly about volunteerism, you’ve just increased your employment sticky factor.

Different Kinds Of Stories

Stories can be about the open position itself. When marketing a product or service, the goal typically is to attract as many customers as possible. However, recruitment marketing is about attracting the one candidate who best matches the ideal profile. It’s a sniper approach versus a buckshot one. Stories about the role help personalize it.

For example, search for “IT manager” on any major job site, and you’ll get tens of thousands of hits nationwide. The jobs share common requirements and responsibilities, but each one is unique. Put yourself in the shoes of a candidate, and consider which story would be more engaging:

• “Manage a strong IT team in a growing company.”

• “Lead a strong IT team as we implement version 2.0.”

The first story could apply to 80% of the jobs out there. The second is specific and makes it easier for candidates to picture themselves in the position. The first is a job, but the second is a role, and roles are more personal.

If a job involves relocation, tell the story about the new location, particularly if it’s not well known. Highlight the low cost of living and the great schools, but also connect it to the people at your company: “Townville offers a variety of outdoor recreation venues. Come down to West Park on Saturday to cheer on our company softball team.”

Telling your story takes a little more effort, but it’s worth it. Humans have been telling stories for millennia, and they are just as influential today as they were around the fire that kept the saber-toothed cats at bay. They connect us as humans on a powerful level.

Domini Clark to Dark Reading’s ‘The Edge’: Rethinking Cybersecurity Hiring

Dark Reading cybersecurity hiring

Blackmere Consulting CEO Domini Clark recently contributed to Dark Reading’s ‘The Edge’ on rethinking cybersecurity hiring.  The original article appeared here and an excerpt appears below.

Rethinking Cybersecurity Hiring: Dumping Resumes & Other ‘Garbage’

In a market that favors the job seeker, what are some alternatives to resume-sifting that will identify the talent you need?

By Joan Goodchild
Edge Features

While on the hunt for cybersecurity talent, Domini Clark is finding that the more things change, the more things stay the same.

“The irony is that as highly technical as the cyber talent pool is, the best way to actually reach the people you need to reach is to go ‘old school,” says Clark, who leads technical executive search firm Blackmere Consulting, which specializes in recruitment for cybersecurity positions.

In a job seekers’ market, in which infosec positions are red-hot and candidates have their pick of opportunities, Clark has been having more success lately by working more traditional methods of tracking down talent – research, connections, networking, and in-person meetings.

And so she now works to reach candidates face-to-face, through events, meetings, and other real-life opportunities to engage with talent.

Clark is one of many recruiters looking to diversify strategies for finding security employees in an ongoing skills gap impacting the industry. According to the InfoSec Institute, the shortage of cybersecurity professionals has grown to nearly 3 million globally, with approximately 498,000 openings in North America alone. This is happening in tandem with increased spending and prioritization of security in businesses around the globe. Gartner forecasts worldwide spending on information security products and services will reach more than $124 billion in 2019, an increase of 8.7% from the previous year.

With employers so desperately in need of help with security initiatives and seeking an edge to get workers interested in what they have to offer, what are some creative alternatives to resume-sifting to find the help you need?

Develop and Work Personal Connections
Beyond showing up, Clark believes the power lies in actually getting to know people — even if it starts in a virtual forum — by reaching out and asking for a conversation before even gauging the talent’s interest in a position. Get involved in community and industry groups and start working those relationships, she advises.

“With all of the recruiting tools available to find, screen, and communicate with talent, nothing beats actual connections,” she says. “The days of ‘post-and-pray’ are gone. Not to mention, cyber talent tends to be overwhelmed with surface reach-outs by recruiters [who] don’t understand the industry or their specific skill set in relation to the opportunity. Community involvement, and credible networking may be old school, but human interaction goes a long way in engaging with hard-to-find talent.”

Clark says she relies more frequently on forming those personal connections and relationships versus low-touch keyword searches and cold emails. Her goal, she says, is to create a solid reputation for Blackmere and a trusted network that talent will keep coming back to when looking for work and that employers will want to tap when they need help.

Try Local Colleges and Universities
IBM Security’s Academic Outreach program focuses on partnering with educational and research institutions to develop cybersecurity talent and close the skills gap. It offers training opportunities, scholarships for cybersecurity study, and sponsor hacking contest for teens.

Heather Ricciuto, who leads the program, says the goal is to both identify talent and raise awareness of the various security career paths—an understanding she says is severely lacking among young people.

“The biggest issue in security hiring that I have observed is the general lack of cybersecurity career awareness amongst students of all ages,” Ricciuto says. “In general, students do not know what a cybersecurity professional does. Those who believe they have some understanding typically have a misconception of the profession at large, based on what they see on television and the big screen. Academic outreach plays a big role in building awareness amongst students, faculty, and parents.”

For regional HR recruiters seeking security talents, a local school may also have programs in place or may even willing to form a partnership to create security education opportunities.

Tap New Recruiting Technology
CyberSN’s Deidre Diamond, founder and CEO, and Mark Aiello, president, think the employer–employee matching process should be more like using a dating site.

CyberSN, a talent acquisition firm focused on cybersecurity professionals, debuted its KnowMore platform at Black Hat in August to sync up what they said is a pool of qualified talent who simply aren’t being matched to the right opportunities.

“In our opinion, the No. 1 fundamental problem is that companies are relying on the old traditional hiring methods: draft a job description, which is usually garbage, post this garbage on a job site, and then complain when all the responses are garbage,” Aiello says.

This is compounded by recruiters who rarely understand cybersecurity well enough to draft a job description that makes sense to the cyber professionals who read it, he adds. KnowMore uses a common language between the talent seeker and the job seeker in order to build both job and talent profiles. CyberSN likens the language to what is used on dating sites like and eHarmony.

“As and eHarmony have taught us, quality matching of fewer candidates is the best recipe for success,” Aiello says.

KnowMore also makes matches based on projects and tasks of the job, as well as the professional’s experience, base salary expectations, desired location, educational background, citizenship requirements, and career progression pathways.

Reconsider the Criteria for Hiring
In an ideal world, hiring managers would have their pick of educated and experienced job candidates. But in a pinch, it is time to consider hiring people who simply have a foundation for success in security despite not having the precise education, credentials, and experience the company wants.

In a blog post, information security expert and writer Daniel Miessler said the cybersecurity hiring gap is due to a lack of entry-level positions. And companies are missing out on people with raw talent and a bit of experience that would make them a great hire for a security role simply because they may lack credentials. He advocates instead for hiring managers to focus on practical skills when considering talent instead of a standard checklist of job must-haves.

IBM Security’s Ricciuto echoes Miessler’s sentiments. She says those recruiting and hiring for security roles also need to expand their viewpoints on what makes a qualified candidate for different types of security jobs and reach beyond the normal candidate pools.

“There are many different types of skills and abilities needed in the security industry, so expanding hiring and recruitment efforts to reach a wider variety of talent and removing barriers for getting these candidates through the hiring process is also key,” she says.

Look In-House
Zane Lackey, chief security officer at Signal Sciences and former CISO of Etsy, espouses looking inward to develop new security talent and building a program of “security champions” throughout the organization.

“If you can’t scale security through direct hiring, you’ve got to find another way. Developing your existing employees into security champions can help close that skills gap,” wrote Lackey in a blog post.

One aspect of this strategy is to make an effort to embed security skills within other teams in the organization, such as product and development teams. This creates a more nimble and responsive structure throughout the businesses with a more pervasive understanding of risk.

But the second, even more critical, step in this plan is to find internal candidates who want to develop security skills. Lackey did this at Etsy by offering voluntary security training—a lunch-and-learn on how to attack your own application. The class allowed the organization to pull in a self-selected group of people who found security interesting.

“They came away with both raised consciousness about the risks they might be creating for the company and practical ways to reduce them,” Lackey said. “Instead of trying to train everyone at a low level and not making much of an impact, our security team focused on the people who were naturally interested in security and helping them develop real skills.”

One Size Does Not Fit All
Each organization will have its own differing needs for the security team, and no one strategy will work for finding the talent needed to fill critical infosec roles. But it’s clear organizations need to get creative, put in the time, and try new tactics in order to build out their security program today.

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio

In Cybersecurity Recruiting, Should You Go Internal Or External?

cybersecurity recruiting

This article was originally published on Forbes by Domini Clark, Forbes Council Member and Founder and CEO of the cybersecurity recruiting executive search firm Blackmere Consulting

Cybersecurity talent represents one of the biggest challenges in recruiting, across all functions. If you are responsible for your security team, you know the stakes are high — especially if you have a senior-level opening. According to the Ponemon Institute’s “2018 Cost of Data Breach Study,” the global average cost of a data breach was $3.86 million, or $148 per data record last year. Unless you are flush with grade-A security talent and turning away applicants at the door, any opening raises your company’s risk level. There are options to help you hire the best and hire quickly, but how do you know which one is right?

Is Your Internal Team Up To It?

One option, of course, is to hand the search over to your company’s internal human resources team. That team probably includes talented recruiters who have spent years honing their search strengths and crafting their negotiation skills in the business. Some cybersecurity leaders may be wondering why it is, then, that they don’t often seem to land great cybersecurity candidates.

The reality is that most internal recruiters are handling many difficult-to-fill jobs, and cybersecurity is often just one of their many areas of focus. They simply don’t have the bandwidth to create the necessary industry relationships. Rarely are they able to hit the most important conferences, and few have the cybersecurity training necessary to recognize true talent.

Another option is employee referrals, generally one of the most successful avenues for internal recruiting. Members of your organization’s C-suite often sit on boards with the executive talent you’re looking for. Engineers, architects and consultants socialize ideas and challenges with friends in the industry. Your team is not only adept at recognizing technical talent in another expert, but they also know the people they want to work with on a team. The downside to this strategy is that team members have only so many friends in the industry. If they continue to call on the same people over and over again, they risk ruining friendships, and you risk future relationships.

Going External

HR teams are often wary of external recruiters, fearing it will be too costly or that outsiders could threaten their “process ownership.” But given the cost of having any seat open plus the multimillion-dollar risk to the company, recruiting fees are a drop in the proverbial bucket.

More importantly, an external specialist in cybersecurity talent offers what your internal generalist recruiters cannot. This is a networking play with a high-touch approach. Cybersecurity professionals tend to be skilled at dismissing the large number of solicitations they receive regularly. System-generated emails won’t get through their personal firewalls. Specialist recruiters, however, have cultivated networks and relationships that are needed to make contact.

The cost of external recruitment will depend on the model you choose and the specifications that you negotiate. In general, expect to be presented with three main options: retained search, contingency and container.

How To Select A Recruiter

You can’t expect to pay Walmart-level prices and get Nordstrom-level service, so you want to ensure you get excellent value for your investment. The cost to your company may be one consideration, but to get the value you deserve, also factor in these elements.

• Ethics: Some of the most highly recognized firms will not sign noncompete agreements. In other words, they may be ushering talent in the front door and escorting them out the back door at the same time. Make sure you know their policy.

• Guarantees: Make sure you are covered if your candidate walks out or is unable to live up to the hype after they’ve been onboarded.

• Chemistry: If a potential recruiter feels smarmy, evasive or bullish to you, chances are good that your targeted talent will feel the same way. If the chemistry isn’t there, find someone else.

• Networks: If a prospective recruiter has 50 LinkedIn connections in the field of home repair, keep looking. Make sure they have spent enough time in the industry to make the right connections.

• Engagement: Once you’ve chosen, give the recruiter feedback on candidates, their process and your experience, especially if they are new to you. Great recruiters learn quickly and appreciate feedback, even when it’s not flattering.

The Bottom Line

Ultimately, you’ll have to decide which options are right for you and your organization. There are pros and cons to each. But don’t underestimate the risks. Most organizations are capable of defending against the daily onslaught of run-of-the-mill malware, brute-force DNS attacks and script-kiddie hacks. However, few organizations are prepared to protect their assets against a nation-state or non-state-actor attack, something the U.S. Director of National Intelligence has said is a stark reality today. It’s only with a complete and competent cybersecurity team that your organization can be truly prepared.

Aron Derbidge Joins Blackmere Consulting as Chief Revenue Officer

Aron Derbidge and Domini Clark of Blackmere Consulting at black hat 2019Derbidge pictured with Clark at Black Hat 2019

Blackmere Consulting is pleased to welcome Aron Derbidge as its Chief Revenue Officer.  Derbidge has spent the last 20 years leading and managing teams across a number of industries, and will lead business development for the firm.  Other responsibilities Derbidge will take on include marketing, contracting, and development and maintenance of the management systems.

“We are excited about Aron’s fresh perspective and approach to growing the business,” said Domini Clark, CEO of Blackmere Consulting.  “He demonstrates a passion for the cybersecurity industry, which, coupled with the credibility that is crucial to this role, is a combination that makes him a valuable addition to the team.

Derbidge has worked in both large and small companies.  He is excited to be part of a small team that is ready to grow, in an industry that makes a difference, he says. ” The cyber world allows me to be in a fast paced environment with real world mission implications,” said Derbidge.  “Helping our clients fill their critical roles in an industry that helps keep businesses, governments and individuals safer is an incredible opportunity.”

He is a proud father of 2 independent young women and proud husband to a long term special educator. The family also includes four legged members including a black Labrador retriever and an English bulldog. Derbidge is passionate about reading and learning and loves to be in the great outdoors.

Those who have the chance to speak with Aron in the future are advised to ask him about the time his bulldog met a goat.  You won’t be disappointed.

Blackmere Consulting Certified By the Women’s Business Enterprise National Council (WBENC)

Blackmere Consulting Certified WBENC Women Owned Business

Blackmere Consulting, a technical and executive recruiting firm dedicated to Cybersecurity and Information Technology, is proud to announce national certification as a Women’s Business Enterprise by the Women’s Business Enterprise National Council (WBENC).

“Over the last decade, Blackmere has proven itself as a leader in technical and executive recruitment, particularly in the cyber security sector,” said Domini Clark, CEO, Blackmere Consulting. “We are now in a place where we are pursuing mindful growth with a focus on what makes us unique.  Pursuing the Woman Owned Business Certification was a natural next step as we reach this important 10 year milestone.  We are pleased that this certification allows our partners to reap the full benefits of working with a woman-owned business including supplier diversity and tax incentives.  In the world if information security, credibility has always been and will continue to be a main priority for us. Attaining this certification proves once again we are living our values of integrity, diversity and thought innovation every day.”

WBENC’s national standard of certification implemented by the Name of RPO is a meticulous process including an in-depth review of the business and site inspection. The certification process is designed to confirm the business is at least 51% owned, operated and controlled by a woman or women.

By including women-owned businesses among their suppliers, corporations and government agencies demonstrate their commitment to fostering diversity and the continued development of their supplier diversity programs.

About Blackmere Consulting:

About WBENC:
Founded in 1997, WBENC is the nation’s leader in women’s business development and the leading third-party certifier of businesses owned and operated by women, with more than 13,000 certified Women’s Business Enterprises, 14 national Regional Partner Organizations, and over 300 Corporate Members. More than 1,000 corporations representing America’s most prestigious brands as well as many states, cities, and other entities accept WBENC Certification. For more information, visit

Top Five Insights from Talent42 2019

By Domini Clark, CEO, Blackmere Consulting

Recently I had to the privilege to rub shoulders with some of the best and brightest technical recruiters at the Talent42 conference in Seattle.  Known for its edgy and practical feel, the 100% tech-focused conference attracts big name companies like Google, Amazon and Expedia, as well as smaller organizations all fighting for the same technical talent. These were the key takeaways for me.

Re-defining “talent”

As the job market and economy evolve, the most cutting edge companies are taking a good hard look at what “talent” means in their environment. How do we truly achieve diversity and, in fact, what should diversity look like in our company? Are we putting up barriers for candidates without realizing it, such as making bachelor’s degrees a hard and fast requirement?

Technology is ephemeral, relationships are not

More and more, technical talent is making the choice to connect only with people and situations that “feel” right. This means that it is more important than ever to take the time to make a real connection with candidates, network peers and others.

De-Clutter the hiring process

Companies big and small have created hiring processes with rules, regulations, and excuses that have built up over time andoften are defended tooth and nail. That distracts us from the fact that talent acquisition is a very human endeavor, and real people — with other jobs and other job offers — can get stuck in the processes. With unemployment close to an all-time low, cumbersome processes simply don’t pay. To stay ahead of the game and win top talent, we need to take the clutter out of our hiring processes — make it easy for the candidates you want to want you, too.

Stories matter

Everyone knows that most technical talent, from software engineers to cybersecurity architects, have their pick of opportunities. Gone are the days of posting an HR-generated job description, sitting back and waiting for the talent to come to you. Instead, we need to tell the stories that leverage our greatness, whatever that may be. Maybe your data center is run with 100% sustainable energy, or your founder is a female combat veteran. Tell your story. The right person will be drawn to you and the culture that makes your company unique.

You can’t get away with anything

It was always a goal of the Internet to make massive amounts of information available to everyone. Be careful what you wish for! If you think your code review questions aren’t on the Internet, think again. That candidate you put through five interviews but then forgot to follow up with? She shared that on her blog and social media posts. There are “underground” sites in plain view listing companies that require whiteboard exercises. Staying mindful of the vast reach of communication may help drive better processes and will certainly keep you on your toes!

Taken all together, I think it means that robots will not be taking over our jobs as recruiters any time soon.  In fact, the more technical and more difficult the hiring becomes, the more human and efficient our processes must be. From tailoring our job descriptions to fit real people, to diving deep into the personal impact a job change has on our candidates, to making sure we’re telling the right story about our own unique culture, it’s clear that all of the technology in the world wont replace humanity in technical hiring.  

Skills in demand: Application Security Engineers

Skills in demand: Application Security Engineers

The need for Application Security Engineers has grown dramatically as legacy applications are moved to the web.  Application Security Engineers can be focused on enterprise or mobile applications, but their overall goal is similar:  consider all system vulnerabilities of applications from design/development through implementation and maintenance.  This is a subject matter expert with strong knowledge of IT architecture, hardware, web security, identity and access management, application firewalls, intrusion detection as well as threats and vulnerabilities.

What it takes

Hands on experience with secure code review, static analysis security testing, dynamic application security testing and strong knowledge of web development technologies.  A deep understanding of threat/attack modeling is also critical as well as the ability to interact with cross-functional teams.

Base compensation can range from $100-175K, often with additional incentives.  Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy,