Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the Blog Category

Studies are nice, but women in security say it’s time for the next step: Domini Clark to Naked Security

Blackmere founder Domini Clark weighed in on the current state of women in security and how to improve the status quo.  The article originally appeared on Naked Security by Sophos here.


Studies are nice, but women in security say it’s time for the next step

There’s been no shortage of studies over the years about the fairness gap between men and women in security, not to mention every other industry.

Now comes one from the Center for Cyber Safety and Education and the Executive Women’s Forum showing that women make up only 11% of the cyber security workforce.

These studies are well intentioned. But according to several women in the industry who spoke with Naked Security, it’s time to move beyond the studies and focus on actually changing the culture. One of them is Magen Wu, a security consultant with Rapid 7.

She said the latest survey is a great example of awareness on an issue that has been long debated in the industry. But the data reads a lot like a phishing report.

It’s good to have the numbers on who opened the email versus who clicked the link or filled out the form. But unless we do something with that information, it serves little purpose other than to generate awareness that we have a problem.

The latest study

For this latest study, the Center for Cyber Safety and Education and the Executive Women’s Forum surveyed more than 19,000 participants from around the world. It painted the following picture:

  • Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce
  • Globally men are four times more likely to hold C- and executive-level positions, and nine times more likely to hold managerial positions than women.
  • 51% of women report various forms of discrimination in the cybersecurity workforce
  • Women who feel valued in the workplace have also benefited from leadership development programs in greater numbers than women who feel undervalued.
  • In 2016 women in cybersecurity earned less than men at every level.

Indeed, those statistics resonate for some of the women we interviewed. One San Francisco-based infosec professional, who asked that her name not be used because of potential repercussions at work, explained how she was encouraged to apply for a position within her company on an all-male team only to be told later that those who encouraged her didn’t really think she’d fit in. She pressed them for examples of why she wouldn’t work out and got no answer. She believes the real issue was gender.

A call to action

Those interviewed said it’s time to move beyond studies and surveys that merely illustrate an already understood problem and start focusing on some action items that’ll lead to meaningful progress.

Wu would like to see reports and articles that are more a call to action on what can be done at the individual, corporate, and community level to positively impact the numbers:

For example, do the women who are in the industry today get into it because of a mentor? If so, we should try and be more proactive about reaching out to people about mentorships or establishing mentorship programs at conferences and work. We are asking some of the right questions, but it may be time to shift focus from why there are so few women to why do the women who are here stay.

As the industry grows, so does female representation

Some say surveys like this are flawed for a variety of reasons. The questions don’t dig deep enough into the respondent’s skills or match up with the actual roles they have in their companies. It also doesn’t paint a full picture of areas where progress has been made.

Allison Miller has seen the good and bad in the industry over her career, which includes technical and leadership roles in several industries and now product strategy for Google Security. With a seat on the (ISC)2 board of directors and on selection committees for popular security industry events, she has an even broader view. She said:

As the industry overall has expanded, the representation of women has kept up and in some sectors even grown.


Domini Clark, a recruitment partner at Decision Toolbox,  said she has seen the challenges over the course of steering people toward jobs in the industry. But things are improving:

There is far greater awareness than there was when I was going to school, but the tide has not shifted completely. 
Women often face other issues that men traditionally have not faced like family care and being stretched too thin on all sides personally and professionally. Culturally, I think that is changing some as well.

The way forward

Miller said the she has worked across the spectrum, in “amazing, inclusive cultures” and places that were not. Women should research the culture at the places they’re looking at. They should learn all they can about the management. Above all, they should play to win.

My strategy for women in any industry is, compete and win. Really go for greatness. What we need is people who want to be here [in cybersecurity] and are really willing to work hard, set the bar higher. Only by being competitive can we get a seat at the table.

Top Strategies For Engaging Cybersecurity Talent: Domini Clark Advises Recruiting Trends

Blackmere founder Domini Clark  contributed a byline article to Recruiting Trends, sharing top strategies for engaging cybersecurity talent.

The article originally appeared here, and an excerpt is below.


Top Strategies for Engaging Cybersecurity Talent

Lots of companies are competing for these professionals. How do you stand out amidst the noise?

When it comes to cyber-attacks on your company, it isn’t a matter of if, but of when. Cyber-attacks are on the rise. According to PwC’s Global State of Information Security Survey 2016, there were 38-percent more security incidents in 2015 than in 2014, across all industries.

It doesn’t just happen to giant corporations like Yahoo!, Sony and T-Mobile. estimates that 43 percent of attacks target small businesses. Large or small, it can cost you plenty. The average cost of a single data breach is $7 million — up from $5.4 million in 2013 — according to the 2016 Ponemon Cost of Data Breach Study. More than half of these costs are related to lost business due to customer churn.

Since the best approach is to prevent the hacks, attacks and breeches from occurring in the first place, cybersecurity needs to be part of your IT program. However, as you are aware, talented cybersecurity professionals are in serious short supply. They’re a bit of a unique beast, so you’ll need a recruitment approach for engaging cybersecurity talent that’s different from the ones you’re using with other positions — even other IT positions.

A Breed Apart

The best cybersecurity professionals think like the criminals they oppose. That enables them to anticipate what hackers might try, and to identify weak points in system defenses. The joke in the industry is that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. With this mind-set, they won’t have a high-profile online presence. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating under the radar.

You likely won’t find their résumé on CareerBuilder or LinkedIn, so you’ll need to leverage your best networking skills and hardcore power-searching techniques. If your quarries think like a criminal, you have to think like Sherlock Holmes to track them down. Don’t email them a link to apply as they won’t click on a link from an unknown source (and neither should you). Send them a PDF with instructions for connecting with you.

It’s Not a Posting, It’s a Pitch

The demand for these professionals means they’re constantly hearing from recruiters. InformationWeek’s cites new research by Enterprise Strategy Group and the Information Systems Security Association indicating that about half of cybersecurity professionals are contacted by a recruiter at least once a week. If you post a standard HR job description of duties and requirements, it will wash out among all the other background noise.

In today’s market you have to court talent, and that is especially true of cybersecurity professionals. Don’t think of it as a job posting, think of it as a sales pitch. Resist the ingrained habit of listing what your company needs, and focus instead on what will engage the interest of your target audience.

Appeal to the Hot Buttons

In general, cybersecurity professionals want to:

*Take on intriguing work that is varied and unique. Let them use their devious creativity to your company’s advantage.

*Try new tools and techniques to keep up with the ever-evolving threat landscape. If you’ve got the coolest technology, your pitch should highlight that.

* Do more than just scratch the surface — offer them opportunities not only to look under the hood, but also to take some deep dives into your systems and code.

* Have the option to work remotely. Your organization may cling to traditional models, but if virtual options give you an edge in the talent war, then it’s time to loosen up.

* Feel appreciated and valued for their contributions — just like other employees in your company. If you don’t have a proactive recognition and rewards program in place, now’s the time.

Keep Your Social-Media Buzz Fresh

This is good general recruiting advice, but definitely important for this group. The content doesn’t have to be about job openings (although you should push those out, too). Instead, think of social media as digital pheromones that make your company attractive. Blogs and tweets help establish your company as a thought leader, enhancing your brand. They also increase the likelihood that hard-to-find candidates will stumble across your company.

Share great insights and ideas your team has, and be sure some of your efforts target the cybersecurity community — it’s not ALL underground. Join cybersecurity forums and discussion groups, for example. Encourage your existing cybersecurity talent and ranking IT leaders to write blog posts and white papers on the topic. Spray those pheromones where they’ll get the best results.

Hang Loose

There are definite qualities to look for in cybersecurity candidates, but you can’t run an effective search if you focus only on screening people out. The pool’s just too small. It may be hard to convince hiring managers to loosen up, but you can point out that, given that security threats are constantly evolving, a degree probably isn’t as important as current experience. Or consider recruiting recent graduates by offering the opportunity to gain valuable hands-on experience. Another tactic: Instead of asking for five to seven years of experience, ask for three to five and highlight the opportunity for career growth.

You can try retraining existing IT staff, but keep in mind that success in cybersecurity takes a certain mind-set. Ideally, you have a system administrator who can channel her inner hacker and ask, “What would I do if I wanted to get past our own security measures?”

Hopefully you weren’t expecting fast and easy tips for engaging cybersecurity talent. You’ll have to invest time and money, but you can think of it as insurance against multimillion-dollar losses.

Looking to Attract Cybersecurity Talent? Enhance Your Covert Ops. Domini Clark to The Staffing Stream

Blackmere founder and cybersecurity recruiting expert Domini Clark shared her tips on how to attract cybersecurity talent in a recent article in The Staffing Stream.

Excerpt from the article:

Cyber-attacks are on the rise, with a 38% jump in security incidents from 2014 to 2015. Companies in all industries are vulnerable, regardless of size – some 43% of attacks target small business. Attacks can cost into the millions for a single data breach, and more than half of these costs are related to lost business due to customer churn.

Since the best approach is prevention, it’s clear that cybersecurity needs to be part of your IT program. Finding the right talent is not so clear. Cybersecurity professionals are a unique group, so you’ll need a recruitment approach that is different from what you’re using with other positions.

A Unique Profile

The best in the trade think like the criminals they oppose, enabling them to anticipate hacker tactics and identify chinks in a system’s armor. Insiders joke that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating under the radar.

Very few post résumés, so you’ll need to leverage your best networking skills and hardcore power searching techniques. Be creative, Sherlock. But don’t email a link — they don’t click on links from unknown sources. Send a PDF with instructions for connecting with you.

Sell, Sell, Sell

Some estimate that half of cybersecurity professionals get a recruitment call at least once a week. If you reach out with a standard list of duties and requirements, your message will wash out among all the other background noise. You have to court talent in all areas, especially with hard-to-fill roles. Don’t think of it as a job posting, think of it as a sales pitch. Instead of focusing on what your company needs, lead with the selling points that will engage your target audience.

In general, cybersecurity professionals want the opportunity to:

  • Take on intriguing work that is varied and unique.
  • Try new tools and techniques to keep up with the ever-evolving threat landscape.
  • Do more than just scratch the surface, including taking some deep dives into systems and code.
  • Work remotely, even if only two or three days a week.
  • Receive recognition and rewards, like the rest of us.

Apply Social Media Liberally

The content doesn’t have to be about job openings. Think of social media as digital pheromones that make your company attractive. Have team members in all disciplines share their ideas and insights. Blogs and tweets help establish your company as a thought leader, enhancing your brand.

But be sure to target the cybersecurity community specifically, including forums and discussion groups. Encourage your existing cybersecurity and IT talent to write blog posts and white papers on the topic. Spray those pheromones where they’ll get the best results.

Stay Loose

With a pool this small, you can’t run an effective search if you focus only on screening people out. Loosen the requirements. For example, since security threats are constantly evolving, a degree probably isn’t as important as current experience. Another tactic: Instead of asking for five to seven years of experience, ask for three to five and highlight the opportunity for career growth.

Hopefully you weren’t expecting fast and easy tips for recruiting cybersecurity talent. You’ll have to invest time and money, but you can think of it as insurance against multi-million dollar losses.

Hacked Again…It can happen to anyone, even a cybersecurity expert

By Guest Blogger Scott Schober

Hacked Again is the true story of my showdown with a daunting cyber-attack on my small company Berkeley Varitronics Systems, Inc. As a small business owner and security expert, I was naive in thinking I was immune to a cyber hack. After all, I regularly presented at security events, wrote on the subject frequently and taught others how to steer clear from online attacks and avoid cyber breaches.

The only thing that hit me quicker than the irony of a hacked cybersecuritry expert was the ugly truth that no one is completely safe from cyber hackers, especially when hackers have their sights set on you. My company suffered multiple credit and debit card compromises including $65,000 stolen from our checking account. In addition to monetary theft, my twitter account was also hijacked, and my company’s website security was “tested” by unknown cyber assailants. We even suffered repeated DDoS attacks that crippled our online store from selling our wireless security tools. A DDoS attack (Distributed Denial of Service) prevents legitimate users of your website from accessing it due to a flood of IP requests to the point of server shutdown. You might recall that recently DYN (a large domain name server for Twitter, NetFlix, LinkedIn) suffered a huge and devastating attack. I discuss details of this DDoS and the future of such attacks in one of my latest blogs entitled ‘IoT: the 21st Century Trojan Horse’

It’s been some time since I was hacked, but the ordeal is still a painful memory. I have learned valuable lessons on how to better protect my company and myself from hackers. My first instinct was to flee and hide the fact that my own company was hacked. But as I gained the courage to share my story, I learned that I was not alone. My company designs wireless threat detection tools used by cyber threat intelligence groups throughout government agencies so I can confidently share important security tips regarding wireless vulnerabilities that are often overlooked. I also delve into how to protect yourself from identity theft, malware and spam, and explain why it’s so dangerous to post too much personal information on social media as well as the importance of strong passwords which can never be overstated.

Here are a few key tips that will keep you safe from cyber hackers. I go into further depth in my book entitled Hacked Again.

  • Be careful whom you share your Wi-Fi password with. If you have not setup a guest network and have shared your password, change it to a stronger one immediately after they logout.
  • Never click on any attachment or link in an e-mail that you did not expect to receive no matter how legitimate it might look. This is a phishing attack and happens to millions of users everyday.
  • Make frequent backups. This prevents loss of precious data and is especially effective against ransomware threats.
  • Think before you put out personal information on any social media site or you might end up being a victim of identity theft.
  • Do not click on the bottom of a spam e-mails asking to be “unsubscribed”. You will likely receive more spam because they now know you are a real person using that email address. This increases the value of any email address substantially to thieves on the Dark Web.
  • Create Passwords that are long, strong, and unique.
  • It’s critical to have a password that is not easy to discover. Don’t use personal information in any of your passwords. Make sure that you don’t use the same password across multiple accounts.
  • It only takes one corrupt employee within an organization for a successful cyber crime to occur. Report all suspicious activity to your employer. Insider threats are dangerous to everyone within any organization.
  • Make sure you check your credit card statements regularly.
  • Never post your actual birth date on social media and do not use your actual birth date to answer security questions

For more of my story, you can get a copy of my book “Hacked Again” available at

Scott Schober @ScottBVS

CEO | Author | Speaker | Cyber Security & Wireless Expert at Scott Schober LLC

Scott has presented extensively on cybersecurity and corporate espionage at conferences around the globe. He has recently overseen the development of several cell phone detection tools used to enforce a “no cell phone policy” in correctional, law enforcement, and secured government facilities. He is regularly interviewed for leading national publications and major network television stations including Fox, Bloomberg, Good Morning America, CNN, CCTV, CNBC, MSNBC and more. He is the author of “Hacked Again”, his latest book as well as a contributor for Huffington Post and guest blogs regularly for Tripwire’s State of Security series. Scott also writes for Business Value Exchange, Fortune Magazine, SecureWorld, and IBM Big Data & Analytics Hub.

For more details and definitions on unfamiliar terms please visit my cyber security dictionary:


Fight against hackers hurt by huge shortage of cyber workers: Domini Clark to San Diego Union-Tribune

InfoSec Connect founder and cybersecurity recruiting expert Domini Clark weighed in on a recent San Diego Union-Tribune article about how the shortage of cyber workers is hurting the fight against hackers.

Excerpt from the article:

At the very moment hacking is expanding exponentially, analysts said, there are hundreds of thousands of cybersecurity jobs left unfilled in the U.S. The extent of this problem is the subject of debate; the estimated tally of vacancies ranges from 100,000 to 350,000, with as many as 45,000 in California.

While the staffing estimates vary, analysts agree on the huge need for qualified workers in the cyber industry.

Northeastern University’s Agarwal estimates there are 100,000 of these unfilled jobs nationwide. Peninsula Press, a journalism program at Stanford University, puts the figure at 209,000. Cyber Seek, an industry-government coalition, said the number could be about 350,000 when including positions that require at least some cyber abilities.

The job descriptions range from security analysts to network engineers to software developers to risk managers. Some lower-level positions pay as much as $70,000 per year, and management positions can hit $235,000 or higher.

Experts are eager to see the applicant pool widen, and they’re looking for specific types of candidates.

“The best cybersecurity professionals think like criminals,” said Domini Clark, an Idaho-based recruiter at the recruiting company Decision Toolbox. “The joke in the industry is that superstars have an ‘evil bit’ in the code of  their personalities. They know better than to have a high-profile online presence. ‘Paranoid’ is too strong a word, but they tend to be hyper-cautious and some take pride in operating in ‘stealth mode.’”

Those people tend to be coveted, so low-ball employment offers just don’t work.

“(Some) companies are doing lip service, not willing to fund the important roles that are necessary for the growing security issues,” said Kirsten Bay, chief executive of the firm Cyber adAPT in Half Moon Bay.  “There is a desperate need for technologists who can speak at both the engineering and board levels, candidates who can understand technology and yet speak to the business case for security.”

Clark at Decision Toolbox agrees, noting: “About half of cybersecurity professionals are contacted by a recruiter at least once a week. If you post a standard H.R. job description of duties and requirements, it will wash out among all the other background noise … (Candidates) want to do intriguing work that is varied and unique. Let them use their devious creativity to your company’s advantage.”

Read the full article here.

Domini Clark of Blackmere Consulting accepted into Forbes Human Resources Council

Forbes Human Resources Council is an Invitation-Only Community for HR Executives Across All Industries

Domini Clark, Founder and CEO, Blackmere Consulting, an executive search firm specializing in the cybersecurity industry, has been accepted into Forbes Human Resources Council, an invitation-only community for HR executives across all industries.

Clark was vetted and selected by a review committee based on the depth and diversity of her experience. Criteria for acceptance include a track record of successfully impacting business growth metrics, as well as personal and professional achievements and honors.

“We are honored to welcome Domini Clark into the community,” said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Human Resources Council. “Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world.”

As an accepted member of the Council, Domini has access to a variety of exclusive opportunities designed to help her reach peak professional influence. She will connect and collaborate with other respected local leaders in a private forum. Domini will also be invited to work with a professional editorial team to share her expert insights in original business articles on, and to contribute to published Q&A panels alongside other experts.

Finally, Clark will benefit from exclusive access to vetted business service partners, membership-branded marketing collateral, and the high-touch support of the Forbes Councils member concierge team.

“I am honored to be invited into this community of professionals. The foundation of my business is based on meaningful relationships, mutual respect and trust.  The basis of the Forbes Human Resources Council is a logical fit for my organization and for my continuing leadership development,” said Domini Clark.


Forbes Councils is a collective of invitation-only communities created in partnership with Forbes and the expert community builders who founded Young Entrepreneur Council (YEC). In Forbes Councils, exceptional business owners and leaders come together with the people and resources that can help them thrive. The

For more information about Forbes Human Resources Council, visit To learn more about Forbes Councils, visit


Blackmere Consulting is a Technical and Executive Recruiting firm dedicated to Cybersecurity and Information Technology.  From Fortune 100 companies to emerging growth organizations, our focus is to pair talented professionals with companies who value them.

For more information about Blackmere Consulting, visit

Talent Mapping, Staying Ahead Of The Game

By Guest Blogger: Natalya Kazim, Ph.D

Similar to a map of the world, talent maps are a visual guide to help us understand our competition by drawing out their landscape. It can be defined as a form of competitive intelligence that combines both an aspect of sourcing and pipelining. Talent mapping serves as proactive scouting of candidates within a particular industry sector and for us to understand what talent is the best of the best.

In a new age of recruitment, the good ole days of post and pray no longer exists. Over the last several years, talent mapping has evolved as a way to stay ahead of the game.

Identify gaps:  A complete assessment of current talent pool within the organization. It is important to see where gaps may exist prior to mapping. Also in consideration should be succession planning and what gap this will present in the future. Once these gaps are identified, sourcers can hone in on the desired and targeted skill sets early on. What are the key elements of the organization’s long-term goals and business strategy?

Create your World Map:  Talent mapping will visually show us side by side comparisons of competitor employees within an organization or particular functional group and how they are connected within their teams. After identifying competitors that have a similar role within the particular industry and particular functional group, you begin piecing your map together. For example a detailed talent map for a vice president of managed services within the human resources consulting space would list the VP’s name but then build his organization out levels deep to include the directors and managers within his team. Additionally, salary and geographic location would be included. Additional insights on industry trends or information on any specific benefits offered that may incentivize them would be listed.

Use Your Map: Research studies have shown that mapping helps to improve candidate quality and how quickly jobs can be filled. Mapping begins prior to recruitment, defining the best talent within the industry so that once there is an active role, engagement can begin immediately. Instead of being in reactive mode, mapping gives us all of the information at our fingertips. Reaching out and engaging with “right fit” candidates at the inception of a search will speed up the process of getting a hire which in turn leads to organizational cost savings. Your map can also be used to as a visual to demonstrate to hiring leaders the talent climate within the industry.


Linkedin: This is of course the obvious.  There is much to be found by simply following competitor pages such as recent promotions, new hires and those that have left.

Glassdoor: This is a great tool to research jobs and understand salaries at a competitor.

Twitter:  Provides great insights on industry trends and news about what changes are happening at competitors.

Slideshare:  Who within competitor is presenting.

Owler: Create lists to receive automatic emails and information on competitors that you are keeping your eye on.

I challenge you, on your next executive role, develop a talent map and see how priceless this information is. Use your visual map to show your managers what exists and what doesn’t. Stay ahead of the game and have your top industry candidates ready for engagement as soon as your roles are opened for active recruitment.


Republished with permission from Natalya Kazim

Natalya Kazim is a Sourcing Consultant with 15+ years of experience in the Recruitment world. She has had the opportunity to work in several Fortune 500 companies to help lead the initiative to develop their sourcing function.  Natalya is passionate about learning new, innovative, and efficient ways deliver the best quality results.  She has served as both a Mentor and Trainer sharing her wealth of information to help others succeed. She has a strong background in advanced sourcing, competitive intel research, organizational charting, market analysis, candidate information retrieval, and passive candidate engagement . Natalya resides in the Washington, DC Metro Area.

Domini Clark to GoodCall: California Needs More than 45,000 Cybersecurity Professionals; What About Your State?

InfoSec Connect founder and cybersecurity recruiting expert Domini Clark shared her insights into the cybersecurity talent shortage with GoodCall in a recent article.

Excerpts from the article:

That there is a shortage of information technology professionals is no secret. Any list of most in-demand jobs and hardest to fill positions will include IT workers. That’s why these workers enjoy some of the highest starting salaries and job offer rates. However, the specific need for cybersecurity professionals has reached a fever pitch.

High profile breaches and the recent election cyber threats have actually spurred interest in cybersecurity careers, and according to Domini Clark, director of strategy at InfoSec Connect and senior recruiter at national recruiting firm Decision Toolbox, cyber breaches are increasing in quantity and impact. “The most recent Ponemon Institute Breach Report indicates that the average cost per breach over a period of three years for U.S. organizations has reached an all-time high of $7 million in 2016,” Clark says.

As these breaches are exposed to the public, companies are taking a hit. “The same report indicates that U.S. businesses suffered the greatest business losses — $3.97 million — due to higher than global average customer turnover and reputation losses post-breach,” Clark says.


Another reason for the high demand is that various types of companies need cybersecurity professionals. “If an organization is connected to the internet – which nearly all of them are – then they need to keep cybersecurity in mind,” Yuan warns.

While he believes that companies with sensitive information – such as healthcare organizations and also those in the industrial fields that have the ability to affect large segments of the populations – have a particular need for cybersecurity, Yuan says,  “Almost all types of businesses and organizations need to staff cybersecurity professionals to protect their business operations.”

Clark agrees that both large and small companies need these experts. “While large businesses often have more to protect, they also have stronger defenses in place, and this has created a ‘low hanging fruit’ situation for many small to medium-sized businesses with fewer internal security resources,” Clark says.

In fact, hackers tend to consider these types of organizations easier targets, assuming they won’t have the best defense mechanisms in place. “Phishing campaigns targeted small businesses 43 percent of the time, up 9 percent from the year before,” Clark reveals. And while small and mid-sized companies expect managed security providers to defend them, Clark says these providers are often experiencing the same talent shortages as everyone else.


As indicated in the report most companies want employees with a bachelor’s degree, but since the talent gap is growing, Clark says some of them may have to relax their standards. She warns that companies may miss out on qualified talent if they’re too rigid in their educational requirements. “Many cyber professionals have chosen to skip the university track all together and are finding new ways to get hacking experience,” Clark says.

Certifications are also important to employers, and there are a lot of certifications that cybersecurity professionals can obtain. “The most common, including the CISSP (Certified Information Systems Security Professional), are offered through (ICS)2,” Clark says. According to the report, other certifications popular among employers include Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), SECURITY+, and Certified Information Privacy Professional (CIPP).

Read the full article here.

5 Ways The IoT Will Help Reshape Information Security Protocols

By Featured Guest Blogger:
“Lock and Security Expert, Ralph Goodman”

Information security protocols, or cybersecurity protocols, have been in place since it became apparent that the transmission of data could be targeted and exploited. These protocols are meant to guard the integrity of data that is being transmitted over several different networks, and they have probably never been more important than they are now.

The increasing popularity of the Internet of Things has led to a much more critical light being shone on information security protocols. These protocols go hand in hand with the IoT because of how much the IoT relies on the transmission of data. Homeowners are some of the leading users of the IoT because they love the efficiency that comes with it, however, many of them are not big fans of its inherent security flaws.

The need for better security is one of the main reasons why the IoT will undoubtedly help shape the type of information security protocols that we have now. And it will pave the way for the security protocols we will be using in the future. The security flaws and triumphs of the IoT will act as a bridge that helps lead to better information security protocols. Let’s take a look at some of the ways this will be accomplished:

  1. Stronger Authentication

One thing that the IoT has highlighted is the increased need for more stringent authentication methods between networks, network devices, and users. There is a lot of information that is shared between these elements, and it is important that none of these access points is left vulnerable. The key thing to keep in mind is that any access point can also be used as an intrusion point, so it is necessary to make sure that this does not happen. The future of information security protocols will most likely see an increased use of two factor authentication as well as multi-factor authentication. These authentication methods, as well as any others that might be modeled after them, make use of various elements in order to ensure a higher level of security.

  1. Closing Open Ports

The IoT is one of the main driving factors behind the current state of home automation. The Internet of things, and the home automation devices that work with it, tend to make use of Universal plug and play protocols. This feature allows different devices to discover themselves on a network, and then allows them to communicate and transmit data. However, due to the welcoming nature of this protocol, security is more lax when they are in use. This could very easily lead to hackers exploiting open ports to launch cyber attacks. The IoT has helped show how much a weak link this can be, and it will help information security protocols close off open ports across networks, preventing any of them from being exploited.

  1. Avoiding Proprietary Encryption Protocols

Encryption protocols have been one of the most popular ways to ensure that data transmission is kept secure. The reason behind its popularity is that, in most cases, it tends to work. However, with the advent of things like IoT and with the ever increasing amount of data that is shared on a daily basis, general proprietary encryption protocols are no longer the most secure way to protect data transmissions. Instead, information security protocols should focus on using proven encryption methods that can be applied to several different devices. And use them in conjunction with stringent authentication methods to provide more secure data transmission.

  1. Increased Cloud Interface Security

One aspect of information security protocol that has not been discussed, until recently, is the cloud. Cloud computing is primarily internet based, and this in itself poses many problems to the way in which information security protocols function. There are many more access points, and many more users that have to be factored in when you begin to talk about cloud interface security. This is even more important when it comes to the IoT. If hackers are able to exploit users cloud interfaces, they can gain access to troves of private information on both clients and service providers. Furthermore, there has always been some concern about the privacy issues that the cloud brings. This problem, coupled with the increased use and access of the IoT, will lead to much more stringent cloud interface security.

  1. Responsive Security Protocols

This measure is not as clear cut as some of the others. However, it is equally important. One of the biggest issues that the IoT has to deal with is the way that it handles necessary updates and firmware additions. These updates are necessary to ensure that the automation devices on the IoT network run smoothly. When it comes to information security protocol, it is important to fashion measures that are able to adapt to changes as time goes along. For instance, if someone suffers a DDoS attack on their home, which prevents them from operating their smart locks, it is important that they have some security measures in place to actively root out the cause of the intrusion. Essentially, the aim is to model security protocols after firmware updates. These responsive security protocols should ideally be delivered much in the same way that updates are, and they should be coupled with end-to-end authentication to ensure that hackers do not exploit it.


The Internet of Things has an amazing amount of potential, which is still yet to be fully tapped. Although, if it makes people take a closer look at the way in which Information Security protocol works, then it is already doing an amazing job. These security measures are extremely necessary because of how much data and information they help safeguard. If these protocols were not in place, privacy and data security would be compromised. In order for them to exist in the future, adequate changes have to be made in order to reshape information security protocols.

Drawing Underrepresented Groups from the Shadows To Build the Cybersecurity Talent Pool

If you’ve been following this series, it should be clear by now that cybersecurity talent represents one of the biggest needs in IT but also one of the smallest talent pools. In Parts 1 and 2 I shared advice for attracting cybersecurity professionals to fill those right-now needs. Taking a longer term view, the demand will continue to grow, and it is in everyone’s interest to promote growth on the supply side as well.

Women and other underrepresented groups comprise a large, untapped talent pool. According to the National Cybersecurity institute, the U.S. Department of Labor’s 2015 population survey indicates that women hold only 19.7% of cybersecurity jobs, while African Americans, Asian Americans and Latinos combined hold only 12%. Women alone represent more than half of the U.S. population, so the potential numbers are out there.

Adjourn the Good ‘Ol Boys Clubs for Good

Discrimination is only one factor. For example, women continue to choose careers in traditional areas such as education, healthcare and social work. Just the same, lack of diversity can make cybersecurity departments look like good ol’ boys clubs, further discouraging members of underrepresented groups from pursuing careers in this space. Those who do often feel like the “odd stepchild” of a team or department. People in these situations report feeling as though their voice is not heard.

Leaders in the field need to make a point of integrating and welcoming women and other underrepresented groups, ensuring that they are engaged, contributing members of the team. One way to do this is to hire and/or develop members of underrepresented groups into your leadership ranks in IT and, ideally, cybersecurity. “Women at the senior level are beacons for other women,” says Elizabeth Ames, of the Anita Borg Institute for Women in Technology. Undoubtedly this is true for people of color as well.

Proactive Engagement

Another strategy is to implement targeted outreach programs. According to the Wall Street Journal, big banks like J.P. Morgan Chase and Citigroup are getting results by hosting events and programs targeting different groups. Some have even started “re-entry” programs to attract women who took a career break to start families.

Post openings on job boards of associations and magazines like the National Black MBA Association, Ascend Pan-Asian Leaders, National Association of Professional Women, Association of Latino Professionals for America, and others. For entry-level roles, recruit from colleges and universities that have large numbers of students from underrepresented groups.

Diversify Your Employment Brand

Members of underrepresented groups can promote their own interests by getting involved with organizations like the Women in Security special interest group within ISSA, Women in Technology (WIT), Blacks in Technology (BIT), the International Consortium of Minority Cybersecurity Professionals (ICMCP), and others. If your company is serious about attracting diverse talent, you should get involved in organizations like these — establish a reputation for supporting diversity in the cyberspace profession.

According to Sharon Florentine of, two other big issues are access to and the cost of training. A one-week class can cost $5,000. However, organizations like and SANS CyberAces are fighting this by offering free online courses. As I suggested in Part 2, companies can enhance their employment brand by providing training in general — combine that with targeted recruiting, and your company could become recognized for being a trailblazer.

Most commenters on this topic agree that women and underrepresented groups should be encouraged to explore cybersecurity careers at a young age. Melinda Gates, for example, recently launched a new initiative to attract and retain women in tech fields, citing a “leaky pipeline” in education as a key issue. Your company should attend career events at high schools and middle schools, ideally sending employees who represent the target demographics.

This post only scratches the surface of a large and challenging issue. If you have strategies that working for you, please share them, below.