Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the Blog Category

Skills in demand: Information security analyst

Overview of the Information Security Analyst

As global organizations work to stay ahead of cyber attacks, they require information security analysts to help steer them through risk assessment, vulnerability assessment and defense planning. The role of information security analyst is growing and can provide a strong path for upward mobility.

Read more

Cyber Candidates Say: You Snooze, You Lose!!

Increase Your Success Rate of Hiring Infosec Candidates

Okay, we all get it, it’s a tight labor market and information security and the demand for infosec talent is far outstripping the supply of information security professionals available.  This is causing a huge shift in mindset for many HR departments round the globe.  No longer can you run a candidate through 5 interviews over 2 months and expect them to be sitting on the sidelines patiently waiting for you to make a decision.

Smart companies are making BIG changes.  After losing top tier candidates to competitors, one company decided to speed up the process and take more risks in order to hire more, better candidates.  What had been at least a three-month interview process with a consensus hiring posture involving four different Directors, has become a two-week process from interview to offer.

In this case, one Director is in charge of the process and the timing is closely monitored by the CEO, who is deeply invested in making hiring work.  Once a candidate is presented to the Director, the clock starts.  Initial interviews are held within days, an onsite interview is scheduled for the next week and the offer is prepared and available for delivery at the time of the second interview with the hope that there is mutual interest.

Here is the skinny on what makes this work:

  • Executive buy-in (this cannot be stressed enough)
  • Flexibility in HR process
  • Risk tolerance
  • Team participation
  • Candidates are prepped for a swift hiring decision
  • Firing decisions with “bad hires” are handled swiftly

Without all pieces in place, this process does not work.  Leadership MUST take the lead in a cultural/process shift of this nature.  Everyone in the organization must know that the risk of losing top tier talent is far more caustic than the possibility of a making a bad hire. Most of us have policies in place that afford us the ability to remove bad hires from our organizations, yet we are loathe to utilize them.

Take a risk.  Your competition is starting to get the hint and you might get left behind!

Hiring in information security

In this tough information security market, many organizations make the mistake of approaching talent the same way they approach all other organizational hiring. The truth is, you can’t hire quality information security talent the same way you hire customer service reps. If you just run an ad pulled from the job description HR gave you, don’t be surprised when the top talent you’re searching for is not interested.

Read more

Staffing Industry Analysts Credits Domini Clark with Quote of the Week about the Best Cybersecurity Professionals

Blackmere founder Domini Clark was credited with the Quote of the Week from Staffing Industry Analysts (SIA).


“The best cybersecurity professionals think like criminals,” Domini Clark, an Idaho-based recruiter at the recruiting company Decision Toolbox, told The San Diego Union-Tribune in a story about unfilled cybersecurity jobs. “The joke in the industry is that superstars have an ‘evil bit’ in the code of their personalities. They know better than to have a high-profile online presence. ‘Paranoid’ is too strong a word, but they tend to be hyper-cautious and some take pride in operating in ‘stealth mode.’”

Blackmere’s Erin Hanson to Speak at ISSA Webinar: How to Recruit and Retain Cybersecurity Professionals

How To Recruit and Retain Cybersecurity Professionals


2-Hour Live Event: Tuesday, October 25, 2016
Start Time: 9:00 a.m. US-Pacific/ 12:00 p.m. US-Eastern/ 5:00 p.m. London

Click here to register.


We have all heard the term “Cybersecurity talent shortage.” With information security rising as one of the quickest growing industries, there are more jobs than there are qualified candidates. This creates a difficult HR environment and tends to lead to a high level of turnover. How can businesses recruit, but just as importantly, retain, key cybersecurity personnel?

In this two hour ISSA International web event, industry professionals will share their experiences and provide real world feedback regarding one of the most challenging issues facing the information security field. Additionally, we will explore the results of a comprehensive employment study performed by ISSA and ESG earlier this year. What does the data collected in the survey tell us about the current and future security job markets, and how can you apply these findings to your business operations?



Erin Hanson, Director of Client Experience, InfoSec Connect

Erin has been involved in people analytics and professional recruiting for federal government contractors for over 20 years. Erin’s experience includes recruitment of highly specialized doctorate level skill sets in support of energy research positions including life sciences, physical sciences, IT/Cyber and specialized engineering fields. Additionally, Erin has experience in business analytics, proposal writing, program development/administration, and business development roles. Her experience offers demonstrated abilities in managing and developing solution oriented proposals and programs.

Erin is a graduate of University of Idaho with a Bachelors in General Studies with an emphasis in Industrial Technology. She is certified as a Global Professional in Human Resources. Erin’s degree emphasis in industrial technology and broad experience in technical recruiting provides her with a strong technical terminology and understanding of skill sets in multiple science, technology, engineering, and math fields.


Candy Alexander

Candy has nearly 30 years in the security industry working for companies such as Digital Equipment, Compaq Computer Corporation, and Symantec. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed Corporate Security Programs. She is now working as a Virtual CISO and Cyber Security consultant.

Candy is the chief architect for the Cyber Security Career Lifecycle for the ISSA (Information Systems Security Association), and until recently she served a Director for 14 years on the International Board. She is also the past President and current Board Member of the ISSA Education and Research Foundation. Candy has also served as Vice President of Education and Vice President of International Relations for the ISSA. She remains a loyal member at the local level with the New England Chapter and the ISSA – New Hampshire Chapter.

Candy has received numerous awards and recognition, including that of Distinguished Fellow of the ISSA, ranking her as one of the top 1% in the association, and she was inducted into the ISSA Hall of Fame in 2014. She also had the opportunity to be a featured speaker for the IT Security Symposium at the United Nations, and even received an invitation to the Offices of the White House to speak on the importance of security awareness to the President’s “Cyber-Czar” staff.


Kim Jones

Kim L. Jones is Director, Cybersecurity Education Consortium, Arizona State University and has been an intelligence, security, and risk professional for over 25 years. A sought-after speaker and industry thought leader, Jones has built, refined, and/or managed security programs in the financial services, healthcare, manufacturing, outsourcing and defense industries.

Jones has a bachelor’s degree in computer science from the U.S. Military Academy at West Point, a master’s degree in information assurance from Norwich University and holds the CISM, CISSP, and CRISC certifications. He is a member of the CISO Advisory Council for ISSA International.


ISSA International Web Conferences occur on a monthly basis and provide CPE credits for continuing education. For more information and to see the upcoming schedule, click here.

Recorded ISSA Webinar: Internships – Do They Really Work?

Information Systems Security Association (ISSA) recently hosted a webinar Internships: Do They Really Work?  InfoSec Connect’s Domini Clark and Erin Hansen were on hand as panelists to lend their perspectives about internships in the information security field.

Internships can be a great way to test drive a career in cybersecurity and get a sense of the typical day in the life of a practitioner. Learn from the experts about what it’s really like to intern in the cybersecurity field and what it’s like to apply lessons learned in a real world environment.

View a recording of the webinar on YouTube here.

U.S. Government Cyber Internships

Federal agencies have been consistently rated highly rated as “ideal employers” by Universum’s study of 81,707 computer science students.  For instance, the Federal Bureau of Investigation, National Institutes of Health, Peace Corps, Department of State, and NSA have been ranked highly in the study.  The enormous talent gap in information security is driving the need for government entities to up the ante as they compete against the private sector for top student talent.  Thankfully, this competition has resulted in a few little known benefits to cyber security students: Read more

The Top 100 Chief Information Security Officer 2017


Adam Williams CISO Sentry Insurance

Adam Williams,   CISO                     Sentry Insurance


Adrian Asher CISO LSE Group

Adrian Asher,        CISO
LSE Group

Al Tarasiuk CISO Deutsche Bank

Al Tarasiuk,           CISO
Deutsche Bank

Alden Sutherland CISO AmerisourceBergen

Alden Sutherland, CISO

Alejandro Ramos CISO Telefonica

Alejandro Ramos, CISO

Alex Stamos CSO Facebook

Alex Stamos

Anoop Chopra CISO Maersk

Anoop Chopra

Anthony Belfiore SVP, CISO Aon

Anthony Belfiore

Anuprita Daga CISO Reliance Capital

Anuprita Daga
Reliance Capital

Arlan McMillan CISO Kirkland & Ellis

Arlan McMillan
Kirkland & Ellis

Bernie Cowens CSO PG&E

Bernie Cowens

Blake Pelletier CISO Redding Bank of Commerce

Blake Pelletier
Redding Bank of Commerce

Brad Maiorino CISO Target

Brad Maiorino

Bret Arsenault CISO Microsoft

Bret Arsenault

Brian Brackenborough CISO Channel 4

Brian Brackenborough
Channel 4

Bryan Littlefair Global CISO Aviva

Bryan Littlefair
Global CISO

Chandra McMahon CISO Verizon

Chandra McMahon

Chris Bitner CISO Bloomin' Brands

Chris Bitner
Bloomin’ Brands

Chris Lugo CISO Danaher

Chris Lugo

Christian Hamer CISO Harvard University

Christian Hamer
Harvard University

Christopher Porter CISO Fannie Mae

Christopher Porter
Fannie Mae

Clive Reeves CISO Telstra

Clive Reeves

Colin Anderson CISO Levi Strauss

Colin Anderson
Levi Strauss

Craig Froelich CISO Bank of America

Craig Froelich
Bank of America

Dale Drew SVP & CSO Level3

Dale Drew

Damon Morris CISO EdF Energy

Damon Morris
EdF Energy

Dan Bowden CISO Sentara Healthcare

Dan Bowden
Sentara Healthcare

Dane Warren CISO Intertek

Dane Warren

Darren Argyle Group CISO Qantas

Darren Argyle
Group CISO

Dave Estlick CISO Starbucks

Dave Estlick

David Galas CISO VeriFone

David Galas

David Gracey CISO Rio Tinto

David Gracey
Rio Tinto

David Hahn CISO Hearst

David Hahn

Deneen DeFiore Chief information Security & Technology Risk Officer GE

Deneen DeFiore
Chief information Security & Technology Risk Officer

Derek Benz CISO Ford

Derek Benz

Ewa Pilat CTSO Vodafone

Ewa Pilat

Forrest Smith CISO Nissan

Forrest Smith

Gary Payne CISO BBC

Gary Payne

Gerhard Eschelbeck VP Security & Privacy Engineering Google

Gerhard Eschelbeck
VP Security & Privacy Engineering

Greg Dakin CISO Interserve

Greg Dakin

Henning Christiansen CISO Axel Springer SE

Henning Christiansen
Axel Springer SE

Ian Rathie
Goldman Sachs Bank

Irwan Tjan CISO Expedia

Irwan Tjan

James Shira Global CISO PwC

James Shira
Global CISO

Jamil Farschchi CISO The Home Depot

Jamil Farschchi
The Home Depot

Cyber Internships: Where Should I Start?

You may be one of the few students out there that already has a clear picture of where your career will take you and what you want to do with your next four years.  If so, you probably already have your first, second, and third year cyber internships selected.  Most students, on the other hand, are still searching and a little unsure about what the next step will be.  This is EXACTLY why internships are important!  An internship will allow you to test drive a career and see what fits you best in the real world.  Now, where to start? Read more

Do Information Security Internships Really Work?

Without question, one of the best ways to get experience outside of school is to land an information security internship. Internships give you:

  1. Critical, on-the-job experience
  2. The ability to see first-hand if you and the work are a good match
  3. Valuable connections and references following a positive internship experience

Read more