Defense in Depth: Starting Pay for Cyber Staff

What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them?

Subscribe to CISO Series Podcasts - Defense in Depth

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest Dan Walsh (@danwalshciso), CISO, VillageMD.

Got feedback? Join the conversation on LinkedIn.

Thanks to our sponsor, AppOmni

AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who – and what – has access to your SaaS data.

Full transcript

David Spark

What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them?

Voiceover

You’re listening to Defense in Depth.

David Spark

Welcome to Defense in Depth. My name is David Spark, producer of the CISO Series, and my guest co-host for this very episode is Naomi Buckwalter, director of information security and IT, over at Beam Technologies. Naomi, let’s hear the sound of your voice.

Naomi Buckwalter

David, I love being here with you. Thank you for having me.

David Spark

Thank you. That’s the sound of her voice. Not nearly as deep as mine. We have an awesome sponsor for this episode. It is AppOmni. If you are using SaaS applications and you’ve got security issues, you want to hear what AppOmni has to say later in the show, so stay tuned for that. But first, today’s discussion is based on an explosive post you had, Naomi, about a $15 an hour job offer for an entry level position. It was actually posted as an internship, and one of your followers forwarded a job post that they applied for and said they were rejected. The reason was, someone was more qualified for the role, even though this person already had good education and training, making them more than qualified. Now, my first reaction to this was, well, it was a pure supply and demand issue. The company got lots more qualified candidates willing to take the position at this pay. I don’t believe this was a looking for a unicorn issue. The market just decided that this is acceptable pay for an entry level cyber person, specifically an internship. But it’s way more involved than just saying that, isn’t it, Naomi?

Naomi Buckwalter

Oh, it totally is. There’s so many layers to this. I don’t want to get really political here, although I am a big fan of livable wages. We do have to have a bigger conversation, David, about what is an entry level position? What are companies really asking for when they say, “We’d like to hire an entry level professional”? Because what I’m not seeing is proof of that. I’m seeing job descriptions that require five years of experience, a CISSP, a Master’s Degree. And, as you know, David, I did the data analysis myself and I analyzed a thousand job posts on LinkedIn, so I know the status is true. So, I’m seeing just the false equivalence of people asking for more than the entry level requirements for entry level jobs. So, we can talk about that. We can also talk about why mid-level professionals are applying for entry level positions. There’s a lot we can talk about here, David.

David Spark

And not only that, one issue I want to address is the truth of some of these postings as well. How truthful they are. Joining us in this conversation is a guest we’ve had on many times in the past. He’s always awesome and I knew he’d be great for this conversation. It’s Dan Walsh, CISO for VillageMD. Dan, thank you so much for joining us.

Dan Walsh

Thanks for having me. I appreciate it.

Why is this relevant?

00:02:59:24

David Spark

Ehren Williamson said, quote, “This job description isn’t exploiting anybody, it’s offering what the market will pay.” My initial response in the beginning. And Lawrence Stanton of Shentel said, “There are jobs that do half the work with less educational expectation that make that same amount of money or more.” And Joshua Copeland of Pinnacle Group said, “It isn’t that he isn’t qualified, just that others that are more qualified actually applied for the same position.” So, Naomi, what say you to that? This is a situation where someone says the market’s deciding, the other says, hey, you can get better paid with less experience. And last, it’s like, hey, it’s just that better people applied, so sorry for your friend.

Naomi Buckwalter

Everyone here has a great argument and I don’t disagree with anyone. I think what the company is asking for, and what they’re hiring for, are two different things. So, in the job description, it says, “Hey, start your cybersecurity career. You can be an entry level person and we’ll train you up the way you need to be trained up.” But at the same time, they’re excluding the people who could actually benefit from the training and mentor-ship. Instead, they’re hiring people with the experience already, where they can just jump in and have immediate return on investment. And that’s where I fundamentally disagree. If the company truly wants to hire entry level professionals, exclude people who already have the experience. Really try to bring up the next generation of cybersecurity professionals and train them up the way that they should be trained.

David Spark

That’s a really good point. Now, I think there’s a danger of bringing someone in who is too qualified for something like this. You’re going to lose them pretty quickly and then you’re going to be back at square one, Dan, yes?

Dan Walsh

Yes. And I would also say that if you hire someone who’s qualified for this job, and I did look at the job… I don’t remember the details, but I remember reading it and a couple of things jumped out at me… one, is it seemed like it’s very high stress. Two, it seemed like they were asking for way more than what the market would bear for $15 an hour. That sounds ridiculous. You could double that at least, with everything they’re asking for. And so, to me, that’s a job that you’re going to give to someone who might be in desperate need of a job, that’s mid-career, but then once they find another job, they’re going to ditch that, which could be in a couple of weeks. Or, if you have someone with a lot of experience, they may not want to learn the way that you want to train them. They might have a lot of experience in a certain SIM tool and if you want to train them this way, they’re like, “Well, I don’t want to learn that, I already have this, and this is better.” And so, it’s not always better to bring in someone that has more experience in these situations.

David Spark

I want to address the issue about the pay. I am someone who took a couple of internships when I was younger, not in tech at the time, and I got paid exactly zero. But I got college credit for these internships that I did. They don’t speak to college credit here, but if I got paid minimum wage, $15 an hour back then, or whatever… minimum wage was a lot less for me, when I was in college, and even high school, when I took another internship, I would have been beyond ecstatic. But there is also the cost to training and so, to me, if you’re truly getting trained, and getting an education, which you would often have to pay for, then a low salary, or maybe even none for an internship, may be perfectly fine. What do you think about that, Naomi?

Naomi Buckwalter

Well, I would love that, if it were true, but I know more to this story. It turns out that the people they hired ended up paying for their own training. About 70% of their training was out of their own pocket. So I did understand the story behind this post, it wasn’t just, like, “Oh, I wonder why they only pay $15 an hour?” I knew the full story. But in general, if you’re going to hire a student and you’re going to train them, well, first of all, you’re not going to put them on the night shift. Like, who is willing to train someone, working until three AM in the morning, over holidays and weekends too? So, I kind of doubt that the person being hired is actually being trained and mentored the way that they should be. So, my doubts there are, I think, pretty valid. But if you are a student and you are being paid $15 an hour, I think that’s pretty decent. Like, you currently have a course load of work and you want to get experience on the side, I think $15 is absolutely fine. I think the problem here is the company is not hiring students, and they’re not training them, so the disconnect, again, of who they say they want to hire, and who they actually hire, is completely off. And that’s where I get a little frustrated.

What’s going on?

00:07:32:07

David Spark

Joshua Copeland of the Pinnacle Group has two good comments. Quote, “What is the better question to ask is, why are qualified people applying for low paying entry level jobs? What factors are causing these highly qualified mid to senior folks to be applying for entry level positions?” And he goes on to say, “It really isn’t “companies” as much as it is the people settling for lower pay. Businesses are making smart choices for their businesses by trying to get the best value and ROI.” And I think that last comment is an interesting one, Dan, because I think, in this unique situation, Naomi found a lot of falsehoods in the posting. But if you’re doing this and attracting mid-level people for pay way less, it is a major damage to your employer brand. So, it may not turn out to be good for you, even though in the short run, “Hey, look what a great talented person I’m getting. I’m saving a bundle.” Yes?

Dan Walsh

Absolutely. And also, because we’ve got… I don’t know what the exact statistics are, 2.1 or 3.7, or whatever… but there’s way more job openings in security than there are people to fill them. And so, first of all, I will be curious to see if you could actually find good, qualified people that can fill these spots that would actually take a pay cut because wages for security are very high across the board generally; obviously, this post being an exception. And the other thing is that, again, I would question the type of people applying to this job, if they’ve got really robust security experience. Now, if they don’t, I completely get it because, you know, “I’m just trying to get my foot in the door and, if I can prove myself, then who knows where I could go from there? I can get a better job.” So, that is definitely very interesting. Fundamentally, we are in the business of trust here and companies need to understand you generally get what you pay for. And so, if you’re going to pay someone $15 an hour for an extremely stressful cybersecurity job, and they have to pay for the training, as Naomi pointed out, you should probably expect a lot of mistakes and that’s probably not a very good security posture.

David Spark

Good point. Naomi, what’s your experience? Because this is something I know you follow extremely closely, what’s your take on why these mid and senior level people are going after these jobs?

Naomi Buckwalter

Well, I think it just comes down to a little bit of desperation. They’re sinking thousands of dollars into their certifications and their education, and they need a return on investment. They’re probably at that point where they’re like, “I’ll take any job,” and so they start applying to hundreds of jobs. I know some applicants who have literally applied to thousands of jobs, and they only hear back from maybe point one percent, right? So, that return on the applications is very low, and they’re just essentially looking for anything that is remotely related to what they paid for in their cybersecurity education and their certifications. So, I understand it’s mostly, “Hey, I need this job now, I needed it yesterday, and I’m willing to get paid $15 an hour to get my foot in the door, and then bounce as soon as I can get a little bit of work experience, and then I go.” So, I think that’s the main reason here. I don’t think it’s because they are failing at their current jobs or anything, I think they don’t have work and they are just willing to get paid $15 an hour, or less, and suffer for a little bit.

David Spark

So, I have a question. We said mid career, or people with experience. Are these people, from your experience, people that are in a certain job, like on the help desk, or they’re in marketing, and they’ve gotten a degree in cybersecurity, or they’ve studied for a security qualification?

Naomi Buckwalter

Yes, to be sure.

David Spark

So, they’re trying to transition. Okay, I’ve got you.

Naomi Buckwalter

Yes, people with experience I would say. They’re already started their careers, they’re not brand new students. Students I get; students would be great for this role, perfect. But the fact that the company didn’t hire a student, and had the person pay for their own training that’s…

David Spark

But let’s talk in more generality, what are the things we were commenting on before we went live? By the way, I’ve never had such an intense conversation before we’ve gone to record, than before this show. There was a lot of intensity of how should we take this discussion? But one of the things that I thought was, I was saying, how ignorant I was when I first in the job market, and this kind of stuff can take a very young impressionable person, eager to get into cybersecurity, to fall for a bogus claim like this because there’s a lot of red flags on this posting. So, speak to the younger version of Dan Walsh, who maybe wasn’t as savvy as you are now… maybe you were, I don’t know and Naomi, I want you to answer this as well, but just in 20 or 30 seconds, what should you not fall for, as a young person trying to get that first job?

Dan Walsh

I mean, there’s a lot there. First of all, don’t fall for… and it’s easy to say this, but it’s hard to follow through, because I know people get desperate. I was, you know, extremely desperate to get my first corporate job. I grew up working on a farm, I did not have internships, so, my resume did not look very good, coming out of college. Now, having said that, I wouldn’t fall for jobs like this one, where it’s like, “We want you to be everything. We want you to run the entire scope of this security department.” I also wouldn’t go for a job that’s going to have me work like a dog, frankly, because, while you’re learning, you need time to rest, recovery, you need a good work-life balance, otherwise you’re not going to absorb the information, you’re not going to be fresh and you’re ultimately not going to move up. You’re just going to be trying to survive because you’re not getting the proper rest, you’re going to be overwhelmed and so, I would say probably those two things, and then finally, it would be looking at the values and the mission of the company. Maybe this company is actually a non-profit and they can’t afford to pay people very much, and need everyone to do everything. Maybe it’s like the Red Cross… I mean, I shouldn’t say specifically just non-profits…

David Spark

This is not them, by the way. [LAUGHS]

Dan Walsh

But do you really want to be in a role where you’re the person that’s responsible for everything, or do you want to go to an organization where you can have some coverage from other teammates, from a good manager, and learn? So, that would be what I would tell my younger self if I had the opportunity to go back in time.

David Spark

Good advice. Quick, Naomi, in less than 30 seconds, your tip for the younger version of Naomi.

Naomi Buckwalter

Yes, I agree with Dan. If this job, I was surrounded by wonderful mentors and trainers, I think that would more than pay for the lack of salary here, so I agree. Do your due diligence with the company, make sure it’s in an industry that you enjoy and that you can learn from, and really grow in your career and if you know you want to do cybersecurity, great. A lot of people who start out after college, they don’t really know what they want to do. I definitely pivoted from software engineering into cybersecurity, so I had those moments where I didn’t really know what I wanted to do. But once I got in, I knew cybersecurity was for me. But most people probably don’t, so if you’re still figuring out what you want to do, ask those questions, see who you want to be like, and then follow in their footsteps.

Sponsor – AppOmni

00:14:38:11

Steve Prentice

Brenden O’Connor is CEO and co-founder of AppOmni, a leader in the security posture management space. He spoke to us recently about Gardiner’s predictions around the cloud and how this reveals just how much more there is left to be done to keep pace with threat actors of all sizes.

Brendan O’Connor

When we look at the rapid adoption of new cloud technologies and Gardiner had a statistic that, in 2021, they believe 95% of all new software purchases are going to be cloud based, which makes sense. People aren’t really building or buying on premise software anymore. But we also find that 99% of the time there’s a breach in the cloud, it’s the customer’s fault.

Steve Prentice

One of the many examples he pulls from both Gardiner and the Verizon data breach report is how, as a result of insufficient resources and awareness, people can invite error through simple misconfiguration.

Brendan O’Connor

So misconfiguration by people. Good people with good intentions, making mistakes by misconfiguring an application. Not locking it down correctly, or maybe opening things up too broadly, was a significant cause of data breaches.

Steve Prentice

He points out that security posture management is an ongoing challenge. It’s not just about reaching a certain point. It’s about continually moving forward.

Brendan O’Connor

Budgets, tooling visibility technology has not kept up and we need to enable our defenders with the same level of technology and automation that the bad guys are using to come after us. Because right now, I think that we’re losing the arms race.

Steve Prentice

For more information, visit AppOmni.com

What aspects haven’t been considered?

00:16:15:06

David Spark

Nandini Jayakumar of Momentum Microsystems said, “If companies don’t believe in giving entry level, slash, less experienced people a chance, where should all entry level folks go to?” And Ashley White of Kelly Connect said, quote, “I completed a Masters in Cybersecurity but all the entry level jobs want someone with years of work experience. How do we get those years of experience?” Alright, excellent questions. Not the first time I’ve heard these as well, and I know you deal with this all the time, Naomi. What is your solid advice you deliver on these questions? Because, again, I’m sure you’ve said it before.

Naomi Buckwalter

Yes, I mean, the catch 22 of course, you can’t get work experience because you don’t have work experience. I think what is happening in our industry is that the people currently in cybersecurity think that cybersecurity is extremely difficult, and that their jobs are super technical, and that without years of experience you can’t do their jobs. I think that’s actually wrong. I think our jobs are difficult, but our jobs are difficult because we need to constantly balance the needs of the business with security. I don’t think cybersecurity is difficult to learn at all. I think that anyone can learn cybersecurity if they have the right mindset. I always say if you have the right students in the right environment, along with the right teacher, magic can happen.

David Spark

Dan, what do you say to the person who goes, “Everyone says I need experience. Where do I get the experience?”

Dan Walsh

Yes, it’s definitely a chicken and the egg situation, but I’ll go back to what I said earlier, which is we’re in the business of trust. As a hiring manager I have to trust you, and so if I look and I see that you just went and you got a cybersecurity Masters, but I don’t see you really applying that anywhere, that’s a lower level of trust than if I see someone else who has a GitHub repoand they’ve worked on some security projects. Or they have some hands on, even if it’s just, “Hey, I did this security project on my computer at my house”. I’ve been in a situation where I hired somebody who was a customer service representative answering telephones, because I found out she sacrificed to pay her way to go to a security conference, she was learning Python on her own. She reached out to me and asked, “What can I do to learn more about security?” and I was, like, “Wow, this woman is invested in this career and she caught my attention, and now she’s gaining my trust.” Also, I would say, network with people. Network with people when you’re not looking for a job. I know that’s really hard to say that. It’s like, well, what do I do now? But just build up those relationships and build the trust that way, and people can see that you are seriously minded about this, they will reach out, they will give you a hand. You have to be patient, because the other thing is in the back of a lot of leader’s minds, it’s wages are going through the roof. Last year, I think I saw one survey that said it was 12% that they went up, year on year. So, are people chasing the money, or do they really want to get into it because they feel like there’s a calling and because they want to do good work? So, there’s a lot there, but I do believe that we do have a responsibility to train folks, to prepare the next generation of leaders and so, I think that security should keep that in mind as well.

Whose issue is this?

00:19:22:18

David Spark

Matthew Kligerman of Lockheed Martin said, quote, “It appears to be an internship targeted towards students at the very beginning of their academic careers.” Now, I’m going to take it aside and say, in this case, it was not, but let’s assume it’s an internship, for argument’s sake here. “How much value 

does the intern bring to the job, and how much do they learn? How profitable is it for the company?” So, let me throw this to you, again assuming we’re dealing with a true internship here, Naomi, what’s the value that an intern can bring to a cybersecurity career? And we actually did a whole other episode on junior cyber people, which I’ll link to on this episode, that you were also on. And how much can they learn? What kind of training can you give them on the job, and what value would you see for the company?

Naomi Buckwalter

Well, I have an intern right now and I think she’s fabulous. She has no technical experience, she actually came from opera, no technical degree at all. But what she did was, she taught herself how to code,she figured out she wants to at least try cybersecurity, so I gave her the job and she’s knocking it out of the park. She’s a great technical writer and she’s already created some security play books for us.

David Spark

What made you hire her?

Naomi Buckwalter

Because she’s got a thirst for knowledge, critical thinking skills, great communication, great empathy and emotional intelligence.

David Spark

How did you see that, because I’m assuming other people applied as well?

Naomi Buckwalter

Yes, I had about 13 applicants. We didn’t open it up to the public. Ended up with four in the finalist round and chose her, because of her excellent emotional intelligence skills, so, her ability to empathize and relate. And we have a very thorough interview process, where we align with our core values, we have projects, and it was just a very clear decision, very easy to choose her. But she is knocking it out of the park because, honestly, she’s just smart enough, there’s nothing really difficult to learn about it. She’s currently studying for her Security Plus, she’s writing our security play books for IT security. It’s really not that difficult to find ways to have the intern actually provide ROI,you just have to be creative.

David Spark

Dan, do you currently have an intern, or have you had an intern in the past?

Dan Walsh

We don’t have any interns now, we have had in the past. I like them a lot because it’s a low risk proposition. We bring an intern in, we want to evaluate their work ethic, right, are they going to work hard? Their attitude, are they smart, can the get the job? I don’t think we’ve ever had an intern with a cybersecurity degree, so it’s really all about can they grow into this role? And then, if they can, then we love to extend and offer them a full time job when they graduate.

David Spark

And do you feel that you get value from the intern? More importantly, and here’s the thing, there is the cost. You say, oh, it’s low risk, but you do have to give that intern a certain percentage of your time and your time is the thing that’s valuable. So, can you do it, is it worth it, all of the above?

Dan Walsh

I’d love to hear Naomi’s thoughts on this. I think if you are a security team of, like, two, an intern is probably not for you, because the amount of time you have to invest in that person over the summer is going to take you away from your day job. When we did it, we had a team of 30 plus, so it was very easy to say, “Hey, spend an hour with so-and-so, let them show you how we think about alerting monitoring. Spend an hour with this individual, let’s think about how we think about security policies, or how we think about applications security and pen testing.” And so, it gives them a more well rounded approach and then, from there, you can say, “Okay, I think where we have a need on the team right now is a tier one soc,so we’ll have you sit down with this person, we’ll assign you some tickets from the queue and we’ll walk you through these tickets.” So, I don’t recommend it, at least for the experience I’ve had, if it’s a super tight, super small team. I think it’s extraordinarily difficult to invest the time to be fair to the person who’s going through the internship, for them to actually get value out of it. You really want to prepare them, because you only have them for, typically, three months, actually two and a half months, so you really want to invest that time in them, so they can walk away from that with a rewarding experience.

David Spark

Alright. Naomi, I ask you the same thing. What is the amount of work you have to put in to maintaining an intern?

Naomi Buckwalter

I’m glad you ask, because I actually am on a small team, I do not have team of 30, I have a team of five and, actually, this intern is just one of two full time security people, so me and her right now. But this is how much time I spend with her: I have her shadow me on all the meetings that I go to. I have her listen in, take notes, and then we spend about 15 minutes after each call, just going through what she picked up and any questions that she has. I then send her on her way to do more homework. She has AWS lab, so she works on her own time, she studies on her own time, and she writes play books on her own time. I would say, in total, I spend about two hours of my time every single week with her. And all that time, I’m also learning on my own, because every single time that I tell her something and I teach, I actually reinforce everything that I learned myself. I had to refresh myself on the OSA model and how everything works for a pack encapsulation, so it really helps reinforce some of the things that I should already know, but I can actually now say a lot easier. And not only that, but teaching using very simple terms and using analogies reinforces my knowledge also. So, I actually gain a lot out of it. It’s not just what the intern can do for the company, it’s also what the security professional can get out of that relationship.

David Spark

Alright. What we tease from the title of this episode is how much should a junior, or green, cybersecurity person be paid? So, I’m going to ask you to actually give me some numbers. If not $15 an hour… and you can give me a range… what do you think a cybersecurity person, and let’s assume some basic education, they have taken some type of training, but they have no experience whatsoever, what should that person be paid, Naomi?

Naomi Buckwalter

Well, I pay my intern $20 an hour, but she has no experience. I would say someone with that technical background, $25 an hour feels about right to me.

David Spark

For an intern, again, if I was intern and got that pay, I’d be ecstatic. [LAUGHS]

Naomi Buckwalter

But I pay 20 because she doesn’t have that technical background, so you’re torn.

David Spark

Dan, what do you think?

Dan Walsh

Well, first, I have to say I wish I was going back to college now, because when I came out of college I was making way less than $25 an hour, or $20 an hour.

David Spark

Same here. Way, way less. [LAUGHS]

Dan Walsh

Maybe that’s just because I’m old. I have a very distributed geographical team, so it’s kind of hard. What I’d pay in San Francisco would be different than what I would pay in Montana. But kind of what I’m seeing right now is, starting out, if you have a Bachelor’s degree, or the equivalent technical experience, you’ve shown some initiative, you might have a GitHub repo or something that you’re contributing to. We could put you into an entry level job, yes, probably $25 to $30 an hour seems to be what the rate is. A friend of mine, his son graduated and went to work for a defense contractor, making 85 after the Bachelor’s degree, 85K a year, which just blew my mind. But, yes, again, it goes back to you get what you pay for. Do you want longevity with that hire or not? People who are younger in their careers, tend to move round more in their careers, when they’re first starting out, because they’re trying to better themselves and get ahead, and establish their career. I certainly wouldn’t want to pay a wage that would encourage them to jump ship after two months because it’s a pain in the butt to hire people. You’ve got to get them up and running, you want to get them operational, you want to see a return on the investment. And hopefully, when they leave the company, they say good things about it, right? Like, “Oh, that company, what a bunch of cheapskates, they were going to to pay me 15 bucks an hour. And that Dan guy, what a jerk that guy was”. We don’t want any of that.

David Spark

Let’s double down on that. How often do you hear, “That Dan guy, what a jerk he is.”?

Dan Walsh

Not very often, but I’m not sure if it’s because people think I’m too sensitive. I’m just kidding.

Close

00:27:04:10

David Spark

Well, that brings us to the very end of this show, and as I always ask my co-hosts and my guests, what is your favorite quote and why. And I will start with you, Naomi. Which quote was your favorite and why?

Naomi Buckwalter

I’m still trying to find one. I suppose any one of them that just says “$15 an hour is a little too low”, because I agree with them. As long as they’re matching what I think we are worth, and I think we are worth a little more than 15 an hour. I would say 20 to $25 an hour feels about right. I think I would not have chosen this, David. If it was a $20 an hour, I would have said that’s about right. But the fact that it was so low and they were requiring so many things,that’s my impression.

David Spark

Dan, your favorite quote and why?

Dan Walsh

Ashley White, where she says “I completed a Masters in Cybersecurity but all the entry level jobs want someone with years of work experience. How do we get those years of experience?” I get it. I’ve been there, I know it’s frustrating. I know for people, as Naomi pointed out, who are trying to switch industries mid-career, it’s extraordinarily frustrating. So, what I would say is, just don’t get discouraged. Build relationships, reach out to people on LinkedIn, good things will come.

David Spark

Well, thank you very much, Naomi, thank you very much, Dan. Let me just quickly ask, Naomi, are you doing any more hiring right now?

Naomi Buckwalter

Yes, I am hiring.

David Spark

What kind of positions? All levels?

Naomi Buckwalter

Let’s see, yes, applications for security analyst or engineer or architect, depending. I’m going to hire a soc analyst or a security analyst and then one other for GRC. That is further on down the line for this year.

David Spark

Dan, are you hiring?

Dan Walsh

We don’t have any openings right now. We will be hiring later this year. We will have a soc engineer, we will have a GRC analyst, which we would absolutely consider someone trying to break into the cybersecurity space. So keep tabs on VillageMD dot com’s career site. We’ll be happy to talk to you.

David Spark

Awesome. Thank you very much, Naomi Buckwalter, thank you very much Dan Walsh, and thank you to our sponsor, AppOmni, for sponsoring this very episode of the show. And, as always, thanks to the contributors, witting and unwitting, pretty much anybody who comments on Naomi’s posts, which if you are not already following Naomi Buckwalter on LinkedIn, you should be, because she has explosive posts. This one alone had over 600 comments, which is insane. So, thank you very much to all of your followers, who just love to join in the conversation, because they make great fodder for this show as well. I appreciate you contributing and listening to Defense in Depth.

Voiceover

We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site: CISOSeries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@Cisoseries.com. Thank you for listening to Defense in Depth.

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.