A survey found 72% of cybersecurity professionals took “creative liberties” on their resumes. Why do so many otherwise qualified professionals feel forced to spice up their resumes to get a gig?
Check out this post by Gautam ‘Gotham’ Sharma of AccessCyber for the discussion that is the basis of our conversation on this week’s episode, co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Krista Arndt, associate CISO, St. Luke’s University Health Network.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Formal
Full Transcript
Intro
0:00.000
[David Spark] A survey found that 72% of cybersecurity professionals took creative liberties, you know what that means, on their resumes. Why do so many otherwise qualified professionals feel forced to spice up their resumes to get a gig?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And joining me as my co-host for this episode, you’ve heard him before, you love him, and we fear there may be some people that don’t love him. It’s none other than Steve Zalewski. Steve, say hello to the audience.
[Steve Zalewski] Hello, audience.
[David Spark] Steve, this was a question I was asking you earlier and I’m going to ask it again. Do you have enemies, or have you had enemies?
[Steve Zalewski] I’m sure I have a couple, and they will eventually see the light of coming over from the dark side.
[David Spark] Oh, really? Because you’re always right. Right, Steve?
[Steve Zalewski] I’m right enough. How about that?
[Laughter]
[David Spark] I’ll go with that answer. Our sponsor for today’s episode is Formal – enforce least privilege on autopilot as a new way of looking at privilege access management. More on just that a little bit later in the show. Let’s get to today’s topic, Steve. It seems we’re in a vicious cycle with cybersecurity hiring. HR teams putting organizational wish lists in job postings, which only forces normally qualified applicants that feel compelled to lie on their resumes just to meet these absurd job listing standards. Some of these were like five years’ experience on like a hundred different things. We actually made a big joke about that on an old show of CISO Series Podcast, but I go on to say, and then more job listings following their lead leading to more resume inflation. So, one company sees it and sort of like the ball gets rolling.
So, Gotham Sharma of AccessCyber shared a survey that applicants who feel they can’t get past screening software without the right combination of buzzwords. So, they throw those requirements in the resume just so that they can clear that first hurdle. Steve, I will ask you, is this a fool’s errand in both parts – both sides here – and how big of an issue is this? Can we, and should we stop the cycle? That’s an important question at the end as well.
[Steve Zalewski] Yeah. And what I would say is it is a fool’s errand on both parts. It serves no purpose for either side. It’s like an arms race here that each side feels obligated for one reason or other to do it.
[David Spark] And by the way, there’s lying happening on both sides. When they say people are inflating the risk – well, you’re lying. You don’t really need five years of experience in X, Y, and Z.
[Steve Zalewski] That’s what I mean. There’s an arms race here we’re going to talk about with AI, right? Or basically with the use of the machine to do some filtering for us, and us wanting to make that machine do more than it can do. And then you say, how big is the issue? It’s been there. It comes and goes. I would say we’re definitely on a cycle of increasing. There’s a lot more capacity in the system right now as far as people available. And so, you’re seeing yet again more pressure on both sides to find the best of the best candidates for the least money, right? And the candidates themselves just trying to get through that first filter, and then can and should we stop the cycle? Yes. How? That’s a different question we’re going to talk about.
[David Spark] The how is a bit difficult because yeah, you get this sense that they’re saying like, “Well, just put it out there and see what we get.” I’m like, “Well, putting it out there is going to be a problem.” All right. Let’s get into this discussion. And I’m thrilled that we have our guest today because it’s been a long, long time since we’ve had her on the show. She is now the associate CISO for St. Luke’s University Health Network. None other than Krista Arndt. Krista, thank you so much for joining us.
[Krista Arndt] Thank you, David. Thanks, Steve. Appreciate being here.
Why does this still happen?
4:05.782
[David Spark] Mic Merritt of Merritt Collective said, “I don’t list two of my degrees because they do indeed place me into the ‘overqualified’ bucket. Simply by removing my PhD from my profile resume, I improve my callbacks by 40%. I suppose this could be a lie by omission, but I don’t list everything I’ve ever done on my resume. I target it to the role. And I’ve interviewed candidates with certs on their resumes only to learn they don’t actually have them. Even wrote a post about this subject. I now verify certs/education before scheduling an interview. The rest usually sorts itself out in the background check. It will catch you up at some point.”
And Wout Vig [Phonetic 00:04:52] of Management Consulting said, “Too many are following the advice of fake it until you make it. Cybersecurity needs to mature, and some titles linked to the sector may need to be protected by formal entrance requirements, similar to public accountants and lawyers.” So, this very, very last thing that Wout said is the idea of having some degree requirement to do the job of cybersecurity, I don’t get the sense that that’s ever going to happen, Steve. So, while that sounds interesting, we’re not going to clear that hurdle, are we?
[Steve Zalewski] You mean around having some formal…
[David Spark] Yeah, like you can’t practice cybersecurity, like you can’t practice law until you pass the bar, some equivalent to that.
[Steve Zalewski] Yeah, which is interesting that you bring that up, right? Because there is actually an organization, the Professional Association of CISOs, which started last year, and is doing exactly that. Their responsibility is to establish the attestation and accreditation process, similar to the bar or the AMA or CPA. So, what I would say is, to our credit, that appreciation is starting to become known, and we are actually taking some first steps now to describe what a CISO is in a formal capacity and a process of not passing a test but demonstrating operational expertise.
[David Spark] But let me ask you because I know of a couple of CISOs it’s been the case, where they were a security professional, essentially doing the CISO job, but they couldn’t get the CISO title until they got their CISSP, which is kind of the equivalent of that. I’m putting kind of in quotes there. It’s more that one organization was requiring it. Have you run into CISOs like that, that had to get the CISSP so they could get the title?
[Steve Zalewski] Absolutely. Absolutely. And this gets back to the cybersecurity as a practice, 25, 30 years old. CISSP, most would argue, would be kind of the first certification that was out there that would demonstrate broad-based technical expertise in the field. And I go, that’s why the CISSP, I think, continues to be looked at as a foundational certification, but it’s passing a test of knowledge. It’s not demonstrating operational expertise, but it’s the best we have.
[David Spark] Good point. All right, Krista, I throw this to you. Mic makes an interesting comment about removing stuff, so doing sort of a different kind of lying. And what we were just talking about Wout here is, do we need some kind of requirement, like the BARG or getting a medical degree to be a doctor?
[Krista Arndt] Yeah, I think we do, depending on the position. I will tell you that some of the smartest CISOs I know don’t have any certifications. I look back at my schooling. I’m a terrible test taker. I’m a great practitioner. And the fact that I’m a terrible test taker does not constitute me being a terrible CISO, or I wouldn’t be where I am today. But I think there needs to be some level setting. One of the experiences I have when looking for my first CISO position or looking for an ACISO position, every organization has a different idea of a CISO. And I’ll just say you can get yourself into positions where you think it’s a CISO, but it becomes more of a practitioner role with the CISO title, and you are prepared to be a CISO. Operationally, you have that acumen, you have the technical acumen. You can translate the technical acumen into the operational acumen, but you end up almost stonewalling yourself because you are back into a practitioner position. And you are not growing in your career, and it becomes a really difficult fit. Then you end up with a short tenure, and you end up leaving, and it hurts both you and the organization.
What kind of experience do you need?
8:34.945
[David Spark] Nicholas Stefanowich of Dauphin County Tech School said, “Honestly, I’m so frustrated, I’ve thought about it. If you’re not given the time of day for ‘entry level’ without two to three years of professional experience, where are you going to get it? I’ve only gotten doors slammed in my face for months for having no professional experience and no one wanting to teach it. Seems like the only way forward is to fabricate those years because that’s the only 12-foot ladder to this 10-foot wall I can find. I know several people that got into the space illicitly, whether it be through cybercrime or lying, and it almost feels like the field rewards those methods.” So, Chuck M. of Fortress SRM said, “Conversely, how often do companies misrepresent roles, responsibilities, titles, culture, etc.? The caveat “and other duties as assigned” is a passive way of hoodwinking prospective employees into ‘role adjustment.'” Well, role adjustment happens as well, but we said at the beginning that this is a problem on both sides, Krista. So, Nicholas says, “I don’t want to lie, but it seems others are rewarded for that.” And Chuck says the problem’s on both sides, which we agree. So, let me ask you, have you ever feared that you didn’t get a position because you didn’t lie?
[Krista Arndt] Absolutely. And let’s take the positive spin on it because I need glass half-full this week. It’s not lying, it’s social engineering.
[Laughter]
[Krista Arndt] I absolutely feel that I haven’t gotten positions because I didn’t inflate my experience. I like to play devil’s advocate is because I didn’t represent myself well. Like, do I not understand how to represent all of my acumen on a resume? And some people may think it’s lying. So, it all comes back to, yeah, there are people who are like, “Oh, yeah, I have that certification.” That’s easy to weed out, right? Like, you go and you validate that stuff. But there are people, “I have 10 years of experience in disaster recovery program composure and execution.” Okay, maybe they do, but can we get into the conversation that years of experience aren’t depth of experience? So, there’s also the understanding of how to weed that stuff out. Yeah, I think that I undersell myself, and I think that there are quite a few people who undersell themselves because they try to be overly honest and they don’t lie. And that’s fine because you learn from those situations, and I wouldn’t be here today, if I lied on my resume.
[David Spark] Let me ask you this, and I’ve heard this before, that this is more of a male trait than a female trait. Again, just shooting from the hip here, what do you think of that?
[Krista Arndt] I’ll just answer this simply. There was a quote that I saw on Instagram where 75% of males asked said that they could land a plane safely in an incident situation. And that goes to show you a lot about how the male brain thinks.
[David Spark] I’m in the 25%.
[Laughter]
[David Spark] Steve, do you think you could land a plane in an incident?
[Steve Zalewski] Let’s put it this way. If there’s no other option, I’m going to take a shot.
[David Spark] Same here. If there’s no other option, I’m not just going to…
[Steve Zalewski] So, I’m more likely to step off the cliff when I realize that the alternative has the same output, right, outcome. If I have no job, then I’ll take a shot because the worst that happens is I still have no job. I love the way Krista said that which was maybe you can argue that men are a little more self-confident that we’ll figure it out in flight, so to speak, as opposed to being confident before we take a seat in the pilot seat.
[David Spark] I like that metaphor, the figuring out in flight. I had a friend who said that because he was going for a development job and they wanted experience in this, this, and this, and he goes, “You know what? Whatever it is, I can learn whatever they want me to learn. So, I’ll just say yes. I can learn it before I get the job.” And he was successful with that.
[Steve Zalewski] So, it gets back to, right, what kind of experience do you need? The challenge you have is you can’t talk to a person for them to understand that you may have indirect experience that is perfectly valid for you to have the role. You can’t get past the paperwork process of demonstrating on a piece of paper that you have the experience. And the thing I use is a waitress. I have two sisters. My first sister became a waitress. A lot of them do. How do you get your first waitress role when you’ve never been a waitress? Well, friend of the family had a restaurant hire her. She got in because somebody knew her and said, “Oh, you’re hardworking like Krista. No problem. You’ll get the job.” Gave it to her. My younger sister then wanted a job. How did she come in? Was not a waitress, didn’t have the experience, but her older sister said she can do the job, got her in. So, you got around the paper process to be able to demonstrate that you have the life skills or you’re intelligent enough to know that you can do it without having to go through the paper process. And I think that’s where we are with cybersecurity as well.
[David Spark] So, here’s my request to employers. And this is something now we do at the CISO Series is we have a low barrier to entry question that has nothing to do with any automation at all whatsoever, and I’ll tell you a perfect example. So, the latest position we hired, production assistant, and we asked two questions, pretty low barrier. One question was go to our website, tell us what you think, which we had on previous jobs too. The second low barrier question was because we’re really obsessed with efficiency, tell me about a really difficult task you had and how you made it efficient. We received 350 resumes, only 14 actually did that. I ignored 336 resumes, and I think if we can just sidestep the automation and ask a low barrier question, we can avoid all of this. Just find the people you really want, and the people who really want to do this. Have either of you ever done this looking for someone, put a low barrier question out, Krista?
[Krista Arndt] I like to have discussions with people, and I’ll tell you some of the best resources that I’ve met are through networking, Steve, to your point, and probably one of the reasons I am here today is because I networked very well. And someone could vouch for my acumen because I’m a terrible resume writer. [Laughter] I have so many other things to focus on than writing my resume that are important when I’m currently employed. My old CISO back in the day used to ask, “What’s your favorite color and why?” And that told someone the reasoning. And you guys just gave me an idea, like a digital cyber escape room. So, you can see, if you don’t know someone, and you want to get an idea of their thought process, see how they go about solving a problem.
[Steve Zalewski] To your point here, I’ll be quick, which is I come in and my low entrance barrier is, I don’t care what you know because six months from now, it’s probably not what I need. So, what do you want to know in six months, right? I’m trying to basically get at the… You’ve got some experience maybe in cybersecurity, but where do you want to go? Let’s see how hungry you are that you’re willing to not just live on what’s your resume, but to Krista’s point, there’s that hunger to be able to say, “But here’s where I want to go. Here’s how I’ve learned to get here.” So, that simple question, right, is to be able to get a sense of who the human is, as opposed to simply what tests they’ve passed.
Sponsor – Formal
16:07.998
[David Spark] Before I go on any further, let me tell you about today’s sponsor, Formal. Now, if you’re a CISO trying to get ahead of AI risks before they explode into incidents, listen up, this is for you. So, let’s be honest. The security model for data access hasn’t really kept pace with how data is actually used – today, that is. So, AI agents, internal services, and ephemeral compute are making calls to your most sensitive systems, and the legacy perimeter is nowhere near those requests. Now, Formal gives you visibility and control where you need it most at the point of data access. So, it sits between your AI agents, services, and data stores – so Snowflake, APIs, whatever – and inspects every request in real time. So, you get deep protocol-level context, who made the call, what was requested, whether it involved PII or customer secrets, and what policy should apply.
Now, here’s what’s critical for AI governance – Formal secures the model context protocol layer, the MCP server that feeds data to AI agents. You’re not trusting a black box. You’re actually governing it, exactly what goes in and out of it. Now, you define and enforce policy, log access, stop leaks, and stay audit ready, all without slowing down engineering. This is how security leads in the AI era, not with red tape, but with infrastructure-aware enforcement. If you want to get out of reactive mode and take control of AI and data flows before your board starts asking questions, go visit their site. Visit joinformal.com where modern security starts.
Well, I guess that’s one way to solve it.
18:02.316
[David Spark] Aditya Sarangapani of WNS said, “One way people have tried to game the ATS is by putting in degrees and capabilities in the document as per the job description. Only difference is these inflated keywords are hidden. Try white font on the white background. The ATS sees the words in the ones and zeros and sends it through while the human who reads a resume does not see it.” Well, that is a hack to the system. That is a perfect example of it. And Keith Jaehnert of CXI Staffing said, “One of the things I could understand is not to lie on the resume, but as someone may be applying for a job, and you get it here on easy reply, one of the screening questions are often, ‘Did you achieve a BA or higher, yes or no?’ If someone checks yes just to get to the next stage but never adds it to the resume or lies about it in the interview, then that is a lot more understandable.” Ah. So, cross-reference the two. So, that’s kind of interesting here, Steve. So, both of these are kind of hacks to the system, if you will, and from both sides, I guess.
[Steve Zalewski] Yeah. And now we got to talk about how we’ve done it and the challenges of continuing to do this going forward. And what I mean by that is the white lettering on white background is because we understand the search engines are doing matching. Again, what we’re trying to do is get past the technology filter by gaming the system because really no harm done because all it does is it gets you to the human and you can go, “That one wasn’t a big deal.”
[David Spark] But let me also say, there are other ways to get to a human is who’s the hiring manager and working your network to finding that out.
[Steve Zalewski] See, that’s the networking part that we all continue to hammer on now, which is it’s not what you know, it’s who you know because the filtering by leveraging a piece of paper in the technology filters is the problem, right? It’s not good. And where I was going with that is, so here’s the way that we’ve done that. Well, let’s look at deepfake. Let’s look at the audio and the video. What we’re doing right now, is that being what you submit as opposed to your resume? And think about the ways that you’re able to interpret the audio and the video stream of a conversation like this to represent what you do. Because now it’s not that I take a test, it’s how good are you? Do you have the people skills? Do you have the interpersonal skills? And now that’s represented, which oftentimes is what we ultimately want, but you can’t get out of a piece of paper.
[David Spark] Krista, I think in the last segment and this segment, we’ve been talking a little bit about hacks, and the fear is that we don’t know how to universally stop the industry. So, maybe the only way to stop this is hacks. And some people think one hack is lying, but there are others that don’t involve lying, do they? Although this first one with the putting the text in white font is a form of lying there. I mean, is the answer we all just need to hack the system and from both sides?
[Krista Arndt] No, I think the answer is number one, the system is flawed, I think we all agree on that. And people are hedging their bets on AI, but generative AI is still programmed by people and people are flawed, right? Inherently flawed. So, it’s never going to be perfect. I think the hack is really a people hack, and the people hack is to socially engineer. And I mean that in a positive way, but to understand how to sell yourself and to present yourself to networks where it intrigues them and says, “Man, they’re bright, they’re capable. Their personality is awesome. We want to hire them.” Right? Everybody has a different notion of what they want to hire, and I think the entire hiring process is inherently flawed, and you almost have to rely on networking these days. I know that’s probably not the answer you wanted, [Laughter] but it’s the reality.
[David Spark] No, no, but you make a good point. But let me ask you this, and actually I was going to post this question. Do either one of you know of a single person that took one of these certifications or these classes that promise, “Oh, we’ll help you get into the career of cybersecurity,” but literally they just started from nothing, took one of these classes and then got hired. Do you know of one person like that?
[Krista Arndt] I’ll harp on this. It’s always experience. So, I went to college, right? And the only thing that I gained from college is my understanding of analytics and you use analytics. So, math and science, right? What do you want to do when you grow up? Doesn’t matter. You need to understand math and science. That’s where everything is based, and I don’t do anything remotely similar to what I went to school for, which is like pre-med. Yeah, I’m in healthcare, and it kind of helps now, so maybe down the road. But no because if you don’t have that… I know people who have their CISSP and can’t apply it. Like they can’t walk and chew gum at the same time. So, I would rather look for someone who shows progressive experience in various areas than someone who has taken a couple of classes, gotten a certification. Oh, great. You can answer questions, right?
[David Spark] But just to clarify, you don’t know of one case that someone’s actually done that. Steve, do you know of one person? Because I don’t. I don’t know of one person who’s done that.
[Steve Zalewski] No, and I’m racking my brain while you guys were having the conversation. I literally was stepping back and thinking in all of my experience in cybersecurity specifically. No, I can’t say that I’ve hired anybody that came out of a certification program.
[David Spark] And that, it’s so amazing to me. That’s how these things are sold. But no one can think of, I don’t know of anyone who can think of one.
[Krista Arndt] So, yeah. And I think that you’re seeing a change though because you see a lot of competition for internships. Internships are hard to get, and usually internships are through someone you know, networking. So, can we all just agree that the resounding [Laughter] theme here is get out and get to know people? Which is difficult for introverts, not to like single you guys out, but that shows you too, if someone recognizes you’re an introvert, then you might have the skills to get outside your box and walk outside your comfort zone to get done something that you want to get done.
[David Spark] Find your local meetup group. For those listening, if you live in San Diego, I run the San Diego cyber group meetup but find yours as well.
What else are we missing?
24:10.793
[David Spark] Seth Coleman of Microsoft said, “My resume is accurate. And my most recent job offer came with a background check as thorough as I’ve seen to verify those facts. Recently, I heard of a friend of a friend having to quit a job and accepted a new one, only to have the new offer rescinded when the resume had some holes poked in it. The truth will find you eventually. By the way, interested to know if you know of anyone who’s had an offer rescinded. And Muzammil Khan of Bahria University said, “It’s a big question on integrity, which is an essential part of security.” And I think that sums it up right there. Like why we didn’t lead with that, I don’t know. But hey, you’re lying. Wait a second. This is security. It’s about integrity. It’s about trusting people. Like if you’re lying in your resume, we’re screwed, right?
[Krista Arndt] Even non-malicious insider threat is insider threat. So, that is my favorite right there. It’s all about integrity.
[David Spark] Yeah. I mean, and we heard this, I don’t have all the quotes here, but we heard this a bunch of times of like people did check up and they did discover the lying. So, you can get caught lying. It can happen. Steve, you’re nodding your head.
[Steve Zalewski] Well, [Inaudible 00:25:30] were talking about a little earlier, which was social media. And to the degree that people are posting, right, a lot about their lives on social media, background checks used to be pretty primitive, right? What college did you say you went to? Let me ask the college. Let me make sure that you’re not a felon. But more and more now, what they’re able to do is scrape what your persona is off of all that social media, right? And cross-check it. The integrity component is becoming much more important because we’re able to do a lot more background checking in ways we couldn’t do before, and I think that’s where trouble is starting to enter. This is the rescinding, right, of offers because they go through a quick one, then they do it deeper, and they find other information that you’ve been posting. And then you’re having that argument about, “But that’s my personal life, and you can’t take into account my personal life for a professional job.”
[Krista Arndt] I have to ask you a question. So, playing devil’s advocate, if someone is able to present a different persona online, so let’s just say everything marries up to their accreditation experience and their degrees and such. Do you find it a positive or a negative, and I’m going to disclaimer this, you can’t take personal life, but you take personality into effect, right? When you hire someone because the dynamic of your team and the personality is when [Beep] hits the fan [Laughter] is really important. Do you find it a positive or a negative if you see someone present themself a little bit differently as far as their persona online versus how you perceive them in person when you interview them? Because keep in mind, we do that as well. We might present differently in situations and be chameleons. So, do you consider that lying? And do you consider that an issue with integrity? Or do you consider that a positive?
[David Spark] Would you consider it a positive? That I’d be interested to hear it, Steve.
[Steve Zalewski] So, here’s where that translates into me, right, or how I do this, which is the difference between a Boomer, Gen X, Gen Y, Gen Z, okay, which was in those 15-to-20-year generational differences, what is integrity look like? They have different social norms. So, what I say is this diversity concept is you have to understand what you think, right, integrity looks like, or how you’ve brought up with the social norms, you have to compare that to the other generations. And in a leadership style, what does your team consist of? And you want to make sure that they are compatible. And I’m going to say compatible. And that’s where I think the conversation really kind of lends itself to lead to, which was understanding that a Gen Y and the definition of integrity and social appropriateness compared to a Boomer is different. It doesn’t mean it’s right or wrong at this point, right? That’s what you heard me open with, which was, okay, it’s right enough. It’s an appreciation for it’s not my way or the highway, and that’s what we’re having some conversations with as well. When you get to the lying and integrity is, is it lying? Well, different generational expectations.
[Krista Arndt] So, maybe it’s not gaming the system. Maybe it’s hiring better leaders or promoting better leaders or training better leaders.
[David Spark] Very good point.
Closing
28:52.803
[David Spark] All right. This comes to the point of the show, Krista, where I’m going to start with you, I’m going to ask which quote was your favorite and why?
[Krista Arndt] Oh, which quote from the three of us?
[David Spark] No, no, not three. From the slew of quotes that I’ve read.
[Steve Zalewski] No, no, Krista. Yeah. Which one? The three of us. I want to know which quote between the three of us that you think… [Laughter]
[Krista Arndt] The airplane. I love, Steve, the airplane one, spot on. Because I was waiting. I just used a quote to my boss earlier about it’s like Max Verstappen, like people on your team who pull away from other people, like consistently, is like Max Verstappen winning an F1 race against everybody else. [Laughter] But like, yeah, so I would say the airplane, but the integrity quote. But hands down, that was such a good point.
[David Spark] That’s Muzammil Khan’s. All right, Steve, your favorite quote and why?
[Steve Zalewski] I’m going to go back up to Mic Merritt, which says when you fill out your resume, target the role. It’s not about everything that you’ve done. So, in his case, he’s saying, look, maybe I’m an older white guy, right? And so, therefore there’s biases there too. And so, the length of time that I’ve been in. We’re all trying to position ourselves as best for the role. And so, what I say is kind of go old school, right? Target the role, put a cover letter on, make your resume specific to that role with just enough extra, again, to address the requirements, but don’t think more is better.
[David Spark] Very, very good point. Well, that brings us to the very end of the show. I want to thank our sponsor, and that is Formal. Remember, enforce least privilege on autopilot. Go check out their website, get a demo, go to joinformal.com. Thank you very much, Krista, for joining us. Now, let me ask you a question. Are you hiring over at St. Luke’s University Health Network?
[Krista Arndt] Now, I can say we’re always looking for great people, but specifically we will have internships available. I think the postings start soon. And as you guys heard, internships are one of the most difficult things to find these days, and we have so many different areas that you could target. So, yes.
[David Spark] All right. So, if you are looking for an internship, please reach out to Krista. They can contact you directly, yes?
[Krista Arndt] Yeah, sure. Why not?
[David Spark] All right. Well, we’ll have Krista’s LinkedIn profile link on the blog post for this very episode. Thank you very much, Krista. Thank you very much, Steve. And thank you to our audience. We greatly appreciate your contributions and listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at [email protected]. Thank you for listening to Defense in Depth.