Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the Blog Category

Skills in demand: Information Security Architects

An Overview of the Role of Information Security Architects

Information Security Architects are the backbone of the design and strategy for strong information security organizations. While they can be focused in specific areas like application security or infrastructure security within very large companies, they often oversee the overall security strategy and determine delivery and implementation of security solutions. This is not only a subject matter expert with strong knowledge of many facets of information security programs, it is also a highly visible role within leadership and will often report directly into the CISO or CIO.

What it takes

Security architects often rise out of hands on engineering positions which gives them in-depth knowledge of implementation and configuration of security tools and best practices. The ability to utilize hands-on technical knowledge and translate that information into long-term security strategy is critical, as is the ability to collaborate and communicate effectively with senior leadership.

Compensation

Base compensation can range from $120K to $175K, often with additional incentives. Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the March 2016 Issue of SCMagazine

Malware Evolution and the Cyber Talent Gap

InfoSec Connect founder Domini Clark contributed a feature article to the April 2016 edition of the Information Systems Security Association (ISSA) Journal.

In “Malware Evolution and the Cyber Talent Gap,” Domini delves into:

  • The origination and evolution of malware
  • The cost of malware breaches
  • The cost of attempted malware containment
  • Projections for the demand growth in the global cyber workforce
  • The current and future talent gap for cyber professionals
  • The impact on cyber salaries and the top five IT security salaries
  • The impact on women in cybersecurity
  • Tips for those considering a career in cybersecurity

To read the article, check out the PDF here.

This article by InfoSec Connect Founder Domini Clark originally appeared in the April 2016 ISSA Journal.  A PDF of the article is linked here with permission.

Skills in demand: Security engineer, identity management

An Overview of the Role of Security engineer, identity management

Understanding who your users are and what, exactly, they have access to within your system is critical for any enterprise. Identity and access management (IAM) engineers must have a strong understanding of the complex work flow within a system. In these roles, business acumen is just as important as technical acumen due to the interrelationship between the technology, business needs and overall corporate policy. This is a subject matter expert with strong knowledge of IT systems architecture, web security, identity and access management, public key infrastructure (PKI), single sign on (SSO), federating identity to cloud services as well as threats and vulnerabilities.

What it takes

Solid experience in configuration, administration and troubleshooting IAM technologies along with strong communication skills and the ability to work with internal and external customers. These roles often have a strong strategic component due to the ever changing tools, corporate policies and industry specific regulations.

Compensation

Base compensation can range from $120K to $175K, often with additional incentives. Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the October 2015 Issue of SCMagazine

 

Skills in Demand: Incident Response Manager

An Overview of the Role of Incident Response Manager

Cybersecurity incidents are on the rise around the world and the need for experienced incident response professionals is outstripping the available supply of talent. The incident response manager role is responsible for managing high-impact incidents on a large, often global, scale. Responsibilities include developing IT security incident response process, collaborating with key stakeholders and finding unique security solutions for critical vulnerabilities. This is a technical expert, an intelligence expert and someone who has the ability to influence immediate change within an organization in the midst of high pressure situations. Read more

Skills in demand: Pen Tester

Recent breaches have highlighted the need for talented pen-tester technologists with the ability to assess vulnerabilities long before they are under attack.

Read more

Standing Out and Fitting in at DefCon

DefCon is a crazy and unique experience and, admittedly, it’s not extremely welcoming to the outsider.  The Vegas regulars whisper about all of the hackers as if they’d just walked into a band of terrorists and in one day, the inside of the Paris hotel turns from a sampling of middle America into a sea of black t-shirts, mohawks and tattoos.

To be honest, my first DefCon a few years ago was super intimidating.  I was new-ish to the industry and feeling the pressure of being the least knowledgeable person in a room of BRILLIANT people.  This year, several DefCons in, I had a notably different experience:  I was overwhelmed by an incredible sense of inclusion and community. This is my tribe.

Just to paint the picture since most of you haven’t met me already, I’m a corn-fed, mid-western girl who sort of hovers in some strange space between preppie and hippie – I’ve never even gotten a tattoo.  I’m not your typical DefCon attendee and my mainstream vibe sticks out like a sore thumb in certain circles.  In fact, my first mentor told me that no one would talk to me at DefCon if I dressed so much like a corporate mom.

Fast forward several years later to a personally challenging year which has changed my world view dramatically. Instead of donning my black shirt and pulling my hair back in a tight ponytail so that I fit in better, I decided to go au natural.  Not the way you’re thinking – get your mind out of the gutter.  Instead, the first morning, I pulled on my navy capris and corporate mom top and headed out the door with a smile.

The strangest things happened.  As I started talking to people I would have been intimidated to approach five years ago, people smiled and talked back! It soon became clear that Defcon is like everything else.  Most of us are a little self-conscious about what we don’t know and whether we’re fitting in – even when we’re amongst a group of professed individualists!  The more I shared my authentic, if not traditional DefCon self, the more fun I had.  I was open about what I don’t know, confident about what I do know, and others were far more comfortable creating a true connection with me in return.

Through all of the incredible technical talks, challenges, networking events, and crazy parties, the best thing I learned this year is that we are one.  We are one community coming together to solve some of the world’s most challenging problems.  We all bring our different talents, styles and ideas to the table in one hot soup of messy humans.  That is what DefCon is to me and I can’t wait for next year!!

Skills in demand: Information security analyst

Overview of the Information Security Analyst

As global organizations work to stay ahead of cyber attacks, they require information security analysts to help steer them through risk assessment, vulnerability assessment and defense planning. The role of information security analyst is growing and can provide a strong path for upward mobility.

Read more

Cyber Candidates Say: You Snooze, You Lose!!

Increase Your Success Rate of Hiring Infosec Candidates

Okay, we all get it, it’s a tight labor market and information security and the demand for infosec talent is far outstripping the supply of information security professionals available.  This is causing a huge shift in mindset for many HR departments round the globe.  No longer can you run a candidate through 5 interviews over 2 months and expect them to be sitting on the sidelines patiently waiting for you to make a decision.

Smart companies are making BIG changes.  After losing top tier candidates to competitors, one company decided to speed up the process and take more risks in order to hire more, better candidates.  What had been at least a three-month interview process with a consensus hiring posture involving four different Directors, has become a two-week process from interview to offer.

In this case, one Director is in charge of the process and the timing is closely monitored by the CEO, who is deeply invested in making hiring work.  Once a candidate is presented to the Director, the clock starts.  Initial interviews are held within days, an onsite interview is scheduled for the next week and the offer is prepared and available for delivery at the time of the second interview with the hope that there is mutual interest.

Here is the skinny on what makes this work:

  • Executive buy-in (this cannot be stressed enough)
  • Flexibility in HR process
  • Risk tolerance
  • Team participation
  • Candidates are prepped for a swift hiring decision
  • Firing decisions with “bad hires” are handled swiftly

Without all pieces in place, this process does not work.  Leadership MUST take the lead in a cultural/process shift of this nature.  Everyone in the organization must know that the risk of losing top tier talent is far more caustic than the possibility of a making a bad hire. Most of us have policies in place that afford us the ability to remove bad hires from our organizations, yet we are loathe to utilize them.

Take a risk.  Your competition is starting to get the hint and you might get left behind!

Hiring in information security

In this tough information security market, many organizations make the mistake of approaching talent the same way they approach all other organizational hiring. The truth is, you can’t hire quality information security talent the same way you hire customer service reps. If you just run an ad pulled from the job description HR gave you, don’t be surprised when the top talent you’re searching for is not interested.

Read more

Staffing Industry Analysts Credits Domini Clark with Quote of the Week about the Best Cybersecurity Professionals

Blackmere founder Domini Clark was credited with the Quote of the Week from Staffing Industry Analysts (SIA).

BEST CYBERSECURITY PROS ‘THINK LIKE CRIMINALS’ — STAFFING QUOTE OF THE WEEK

“The best cybersecurity professionals think like criminals,” Domini Clark, an Idaho-based recruiter at the recruiting company Decision Toolbox, told The San Diego Union-Tribune in a story about unfilled cybersecurity jobs. “The joke in the industry is that superstars have an ‘evil bit’ in the code of their personalities. They know better than to have a high-profile online presence. ‘Paranoid’ is too strong a word, but they tend to be hyper-cautious and some take pride in operating in ‘stealth mode.’”