Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is one our favorite InfoSec mavens, Greg van der Gaast.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, Morphisec
On this episode of Defense in Depth, you’ll learn:
- Specialization also veers towards simplifying as Greg said, “A lot of middle of the road positions are being narrowed and dumbed down in a push towards commoditization.”
- Is the collection of so many tools pushing us to more specialization? Have we created our own hiring problem?
- There are needs for specialists and generalists in cybersecurity. The issue is where do you find the balance from the creation of your toolset to your hiring?
- Too many open positions for security analysts which isn’t a defined role. Sometimes there’s an inherent laziness in hiring managers just wanting “a security person” and not understanding their environment as to what they really need.
- Greg notes that “you can often tell how broken an infosec organisation is just by looking at the job roles they’re looking to fill and the job descriptions.”
- If you’re developing a tech stack and then looking for people to manage it, that is the reverse way you should be building a security program.
- Students are eager to learn, but degrees are useless when companies are hiring for specific tools.