Intelligent Connections. Powerful Impact.
Call Us: 415-510-2973

Archive for the Blog Category

Skills in demand: Security engineer, identity management

An Overview of the Role of Security engineer, identity management

Understanding who your users are and what, exactly, they have access to within your system is critical for any enterprise. Identity and access management (IAM) engineers must have a strong understanding of the complex work flow within a system. In these roles, business acumen is just as important as technical acumen due to the interrelationship between the technology, business needs and overall corporate policy. This is a subject matter expert with strong knowledge of IT systems architecture, web security, identity and access management, public key infrastructure (PKI), single sign on (SSO), federating identity to cloud services as well as threats and vulnerabilities.

What it takes

Solid experience in configuration, administration and troubleshooting IAM technologies along with strong communication skills and the ability to work with internal and external customers. These roles often have a strong strategic component due to the ever changing tools, corporate policies and industry specific regulations.

Compensation

Base compensation can range from $120K to $175K, often with additional incentives. Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the October 2015 Issue of SCMagazine

 

Skills in Demand: Incident Response Manager

An Overview of the Role of Incident Response Manager

Cybersecurity incidents are on the rise around the world and the need for experienced incident response professionals is outstripping the available supply of talent. The incident response manager role is responsible for managing high-impact incidents on a large, often global, scale. Responsibilities include developing IT security incident response process, collaborating with key stakeholders and finding unique security solutions for critical vulnerabilities. This is a technical expert, an intelligence expert and someone who has the ability to influence immediate change within an organization in the midst of high pressure situations. Read more

Skills in demand: Pen Tester

Recent breaches have highlighted the need for talented pen-tester technologists with the ability to assess vulnerabilities long before they are under attack.

Read more

Standing Out and Fitting in at DefCon

DefCon is a crazy and unique experience and, admittedly, it’s not extremely welcoming to the outsider.  The Vegas regulars whisper about all of the hackers as if they’d just walked into a band of terrorists and in one day, the inside of the Paris hotel turns from a sampling of middle America into a sea of black t-shirts, mohawks and tattoos.

To be honest, my first DefCon a few years ago was super intimidating.  I was new-ish to the industry and feeling the pressure of being the least knowledgeable person in a room of BRILLIANT people.  This year, several DefCons in, I had a notably different experience:  I was overwhelmed by an incredible sense of inclusion and community. This is my tribe.

Just to paint the picture since most of you haven’t met me already, I’m a corn-fed, mid-western girl who sort of hovers in some strange space between preppie and hippie – I’ve never even gotten a tattoo.  I’m not your typical DefCon attendee and my mainstream vibe sticks out like a sore thumb in certain circles.  In fact, my first mentor told me that no one would talk to me at DefCon if I dressed so much like a corporate mom.

Fast forward several years later to a personally challenging year which has changed my world view dramatically. Instead of donning my black shirt and pulling my hair back in a tight ponytail so that I fit in better, I decided to go au natural.  Not the way you’re thinking – get your mind out of the gutter.  Instead, the first morning, I pulled on my navy capris and corporate mom top and headed out the door with a smile.

The strangest things happened.  As I started talking to people I would have been intimidated to approach five years ago, people smiled and talked back! It soon became clear that Defcon is like everything else.  Most of us are a little self-conscious about what we don’t know and whether we’re fitting in – even when we’re amongst a group of professed individualists!  The more I shared my authentic, if not traditional DefCon self, the more fun I had.  I was open about what I don’t know, confident about what I do know, and others were far more comfortable creating a true connection with me in return.

Through all of the incredible technical talks, challenges, networking events, and crazy parties, the best thing I learned this year is that we are one.  We are one community coming together to solve some of the world’s most challenging problems.  We all bring our different talents, styles and ideas to the table in one hot soup of messy humans.  That is what DefCon is to me and I can’t wait for next year!!

Skills in demand: Information security analyst

Overview of the Information Security Analyst

As global organizations work to stay ahead of cyber attacks, they require information security analysts to help steer them through risk assessment, vulnerability assessment and defense planning. The role of information security analyst is growing and can provide a strong path for upward mobility.

Read more

Cyber Candidates Say: You Snooze, You Lose!!

Increase Your Success Rate of Hiring Infosec Candidates

Okay, we all get it, it’s a tight labor market and information security and the demand for infosec talent is far outstripping the supply of information security professionals available.  This is causing a huge shift in mindset for many HR departments round the globe.  No longer can you run a candidate through 5 interviews over 2 months and expect them to be sitting on the sidelines patiently waiting for you to make a decision.

Smart companies are making BIG changes.  After losing top tier candidates to competitors, one company decided to speed up the process and take more risks in order to hire more, better candidates.  What had been at least a three-month interview process with a consensus hiring posture involving four different Directors, has become a two-week process from interview to offer.

In this case, one Director is in charge of the process and the timing is closely monitored by the CEO, who is deeply invested in making hiring work.  Once a candidate is presented to the Director, the clock starts.  Initial interviews are held within days, an onsite interview is scheduled for the next week and the offer is prepared and available for delivery at the time of the second interview with the hope that there is mutual interest.

Here is the skinny on what makes this work:

  • Executive buy-in (this cannot be stressed enough)
  • Flexibility in HR process
  • Risk tolerance
  • Team participation
  • Candidates are prepped for a swift hiring decision
  • Firing decisions with “bad hires” are handled swiftly

Without all pieces in place, this process does not work.  Leadership MUST take the lead in a cultural/process shift of this nature.  Everyone in the organization must know that the risk of losing top tier talent is far more caustic than the possibility of a making a bad hire. Most of us have policies in place that afford us the ability to remove bad hires from our organizations, yet we are loathe to utilize them.

Take a risk.  Your competition is starting to get the hint and you might get left behind!

Hiring in information security

In this tough information security market, many organizations make the mistake of approaching talent the same way they approach all other organizational hiring. The truth is, you can’t hire quality information security talent the same way you hire customer service reps. If you just run an ad pulled from the job description HR gave you, don’t be surprised when the top talent you’re searching for is not interested.

Read more

Staffing Industry Analysts Credits Domini Clark with Quote of the Week about the Best Cybersecurity Professionals

Blackmere founder Domini Clark was credited with the Quote of the Week from Staffing Industry Analysts (SIA).

BEST CYBERSECURITY PROS ‘THINK LIKE CRIMINALS’ — STAFFING QUOTE OF THE WEEK

“The best cybersecurity professionals think like criminals,” Domini Clark, an Idaho-based recruiter at the recruiting company Decision Toolbox, told The San Diego Union-Tribune in a story about unfilled cybersecurity jobs. “The joke in the industry is that superstars have an ‘evil bit’ in the code of their personalities. They know better than to have a high-profile online presence. ‘Paranoid’ is too strong a word, but they tend to be hyper-cautious and some take pride in operating in ‘stealth mode.’”

Blackmere’s Erin Hanson to Speak at ISSA Webinar: How to Recruit and Retain Cybersecurity Professionals

How To Recruit and Retain Cybersecurity Professionals

 

2-Hour Live Event: Tuesday, October 25, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Click here to register.

Overview:

We have all heard the term “Cybersecurity talent shortage.” With information security rising as one of the quickest growing industries, there are more jobs than there are qualified candidates. This creates a difficult HR environment and tends to lead to a high level of turnover. How can businesses recruit, but just as importantly, retain, key cybersecurity personnel?

In this two hour ISSA International web event, industry professionals will share their experiences and provide real world feedback regarding one of the most challenging issues facing the information security field. Additionally, we will explore the results of a comprehensive employment study performed by ISSA and ESG earlier this year. What does the data collected in the survey tell us about the current and future security job markets, and how can you apply these findings to your business operations?

 

Speakers:

Erin Hanson, Director of Client Experience, InfoSec Connect

Erin has been involved in people analytics and professional recruiting for federal government contractors for over 20 years. Erin’s experience includes recruitment of highly specialized doctorate level skill sets in support of energy research positions including life sciences, physical sciences, IT/Cyber and specialized engineering fields. Additionally, Erin has experience in business analytics, proposal writing, program development/administration, and business development roles. Her experience offers demonstrated abilities in managing and developing solution oriented proposals and programs.

Erin is a graduate of University of Idaho with a Bachelors in General Studies with an emphasis in Industrial Technology. She is certified as a Global Professional in Human Resources. Erin’s degree emphasis in industrial technology and broad experience in technical recruiting provides her with a strong technical terminology and understanding of skill sets in multiple science, technology, engineering, and math fields.

 

Candy Alexander

Candy has nearly 30 years in the security industry working for companies such as Digital Equipment, Compaq Computer Corporation, and Symantec. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed Corporate Security Programs. She is now working as a Virtual CISO and Cyber Security consultant.

Candy is the chief architect for the Cyber Security Career Lifecycle for the ISSA (Information Systems Security Association), and until recently she served a Director for 14 years on the International Board. She is also the past President and current Board Member of the ISSA Education and Research Foundation. Candy has also served as Vice President of Education and Vice President of International Relations for the ISSA. She remains a loyal member at the local level with the New England Chapter and the ISSA – New Hampshire Chapter.

Candy has received numerous awards and recognition, including that of Distinguished Fellow of the ISSA, ranking her as one of the top 1% in the association, and she was inducted into the ISSA Hall of Fame in 2014. She also had the opportunity to be a featured speaker for the IT Security Symposium at the United Nations, and even received an invitation to the Offices of the White House to speak on the importance of security awareness to the President’s “Cyber-Czar” staff.

 

Kim Jones

Kim L. Jones is Director, Cybersecurity Education Consortium, Arizona State University and has been an intelligence, security, and risk professional for over 25 years. A sought-after speaker and industry thought leader, Jones has built, refined, and/or managed security programs in the financial services, healthcare, manufacturing, outsourcing and defense industries.

Jones has a bachelor’s degree in computer science from the U.S. Military Academy at West Point, a master’s degree in information assurance from Norwich University and holds the CISM, CISSP, and CRISC certifications. He is a member of the CISO Advisory Council for ISSA International.

 

ISSA International Web Conferences occur on a monthly basis and provide CPE credits for continuing education. For more information and to see the upcoming schedule, click here.

Recorded ISSA Webinar: Internships – Do They Really Work?

Information Systems Security Association (ISSA) recently hosted a webinar Internships: Do They Really Work?  InfoSec Connect’s Domini Clark and Erin Hansen were on hand as panelists to lend their perspectives about internships in the information security field.

Internships can be a great way to test drive a career in cybersecurity and get a sense of the typical day in the life of a practitioner. Learn from the experts about what it’s really like to intern in the cybersecurity field and what it’s like to apply lessons learned in a real world environment.

View a recording of the webinar on YouTube here.