Friday, April 24, 2015

Career Building Wisdom From a Top Chief Information Security Officer

A Different Drumbeat

A heart-to-heart conversation with a very successful CISO who now marches to a different drumbeat than the one he used to follow earlier in his career produced wisdom and advice that I believe other security leaders and up-and-coming security leaders should learn from.

The seasoned CISO suggested that Information Security is now a Business Risk Management Issue and not an issue of which security tool to buy next.  He suggested that to approach information security any other way is a recipe for disaster. 
"I used to think doing business was only about delivering services, winning and moving the performance bar forward and upward.  
I've learned that while those objectives are important, they're not as important as I once thought.  Achievement can't be reached at the price of someone else's dignity, embarrassment a co-worker or doing damage to relationships."

This CISO went on to tell me that for many people who are on their way up in the Cyber Security profession, if they'd just get help to move their personal approach 15 degrees to the left or to the right, they'd come across less like a blunt instrument causing significant pain to others and more like the soft touch person an effective security professional needs to become.

Time To Remove The Blinders
"Up until I experienced EQi 2.0 I would say that I was going through life not with blinders on but something similar to when my windshield wipers are unable to keep up with the rain collecting on my windshield.
Don’t get me wrong; I have been successful and able to see clearly at times out the “windshield of life” even if life is pouring down on me. However, sometimes I would ponder how is it that certain people are able to connect with so many people.
The answer is emotional intelligence. My experience taking the assessment and the coaching afterwards was amazing. Finally it all clicked for me. Emotional Intelligence is about understanding your own emotions, utilizing them to their fullest and understanding the emotions of others.
Within those few moments I began to understand that being aware of my emotional strengths and potential limiters (I don't have weaknesses) would allow me to see far more clearly out my windshield of life so that I can interact more efficiently and effectively with anyone. I am so thankful that I was introduced to EQi 2.0. I only wish it was years earlier." 
Yes, that was a powerful testimonial and it came to me from someone who at the time of our first meeting was broken and stuck.  He's not perfect now but he's a different person today than who he was when we met a while back.  The work we did wasn't easy but it was worth it.  

One last testimonial from this CISO
"Jeff, you have created a person who is no longer like most of his peers and I thank you for that."
No, I don't create people in any way shape or form.  What I am trained, certified and highly effective at helping people with is creating change.  When this CISO came to me, he was in need of many changes.  They were behavioral changes that had gotten him stuck.  

Some of my coaching training came form The Marshall Goldsmith Group.  Dr. Goldsmith wrote a very popular book called "What Got You Here Won't Get You There".  This particular CISO came to a point of realization that what got him to the position he was in a couple of years ago wasn't going to keep moving him forward.

We set out on a journey to identify this person's current state of Emotional Intelligence a couple of years back.  We built an agreed upon coaching plan that was executed over the period of 6 months. At the end of 6 months of coaching, the CISO took the same assessment again.

We were able to quantify and measure improvement in every Emotional Intelligence skill we'd set out to improve 6 months before.  

Your IQ is what likely got you to where you are now.  It is your EQ or Emotional Quotient that will get you to the next level of career and personal success.

Jeff Snyder's, Certified Emotional Intelligence Coach, Certified Leadership Coach, Security Recruiter Blog, 719.686.8810

Thursday, April 23, 2015

Your Resume: Do You Know What Matters Most?

If your resume isn't opening interview doors for the positions you want, positions you qualify for and the positions that will advance your career, you need help to learn how to create a clean, clear and logical resume. 

The mix of technical writing, business writing and creative writing that goes into an interview door-opening resume simply does not come naturally to most brilliant technology-focused professionals.  This is not a weakness. This is simply a topic that is out of your natural skill zone and it’s okay to get help.

Your Resume:  Do You Know What Matters Most?

  • The first impression your resume makes when the reviewer of your resume first views your resume. (5-15 seconds)
  • The ability for the reader of your resume to quickly determine what you’re great at, what you love to do and where you could make a contribution towards solving their problems and meeting their needs.
  • The ability for gate keepers to quickly and effortlessly check the boxes they need to check in order to have a reason to include you in the candidate pool that is shared with a hiring manager.
  • The ease with which gate keepers and hiring authorities can understand what you do without having to do any interpretation whatsoever.

Just in from a client after receiving one of my candidate’s resumes for an open position.
“By the way - I love getting a resume with your fingerprints on it. Much easier to quickly see who this person is and what they're good at.”
Your Resume Is Never For You

Your resume should always be written to meet the needs of the audience you will send your resume to.  It’s all about the next person when attempting to communicate through a resume.

No, I’m not shy about this topic.  If writing door-opening resumes is not your gift, I can help you.  This kind of personal branding and personal marketing is my gift and it falls in the center of my sweet spot.

Don’t settle for just any resume writing assistance.  Choose resume writing assistance that is backed by results, results and more results.

“Jeff, you were right about my new resume.  Within just a few weeks of working with you to create a new resume, I’ve been contacted for interviews by XXX Bank, XXX Bank, XXXX Financial Services, XXX Bank, XXX Security, XXXX Manufacturing, XXXX Power, XXXX Energy, XXXXX Insurance and XXXX.  I’m waiting for an offer already from XXXX Bank”

Just in from another client who hired a candidate who received help to build a clean, clear and logical resume that opened an interview door for the candidate's dream job.

"Great news…..we’ve received approval for hire from the drug screen and background check processes.  Now we can move forward with targeting a start date."

Are You Ready For Winning Results?

Wednesday, April 22, 2015

Know Yourself, Know Your Employees, Maximize Performance

We'll call the guy in the gray suit Bob.  There's nothing wrong with Bob.  Bob has the Futuristic strength in his Top 5 Strengths.  By default, he is always preoccupied with tomorrow.  He has the ability to see down the road more than most people.

If Bob's boss Frank invested the time to understand Bob, things might be different.  Bob has a strength called Adaptability in his Top 5 Strengths.  Adaptability contrasts with Futuristic in a big way.  Someone with Adaptability in their top 5 Strengths sees the here and now.  They don't have time to be preoccupied with tomorrow.  

As it stands, since Bob doesn't know that he is gifted with the Futuristic strength and Bob doesn't know that he is gifted with the Adaptability strength, these two will never see eye-to-eye and neither the boss or the employee in this case will ever reach peak performance.

* The strengths mentioned above are registered trademarks of the Gallup Corporation.

Tuesday, April 21, 2015

Was That an Earthquake or Was That Our Leader Who Just Left the Room?

Earthquake in Mexico,

You've just left the room.  Your behavior in the room was your normal everyday behavior based on how you are wired, how you see yourself and how you perceive your impact on others.
When they hired you, they told you to show executive presence.  What they meant is that they wanted you to be able to naturally take control of situations and make decisions.  They wanted you to deal with conflict head-on and they wanted you to be direct and persuasive.  They wanted you to build an environment of trust.  They wanted you to operate with humility and they wanted you to show empathy from time to time.
You took the executive presence comment to mean that you needed to demonstrate executive presence all the time regardless of who is in your audience. 
In the room you just left, several people are shaking and one is in tears.  While you were in the room, these people felt like an earthquake was occurring.  Even after you left the room, they still felt the aftershocks from your earthquake-like presence.  These people sure didn’t interpret your presence as their perception of executive presence.
You showed presence alright.  But, did you know that several people in the room had great ideas to share and they really wanted to be heard in today’s meeting?  Did you know that several people in the room invested several hours each into doing research to create their presentations for today’s meeting?  You know, the presentations that were never presented because you consumed all the time in today’s meeting demonstrating your executive presence?
Did you do any listening while you were demonstrating your executive presence?  Maybe if you had listened instead of continually demonstrating your executive presence, you would have known that one of your key team members just learned of their spouse’s diagnosis with a critical illness.
Had you listened and considered what your team had to contribute, you might have learned that one of your team members stayed up all night fixing a problem that would have shut down the business today had they not sacrificed a night of sleep. You could have praised this person in front of the rest of the team.
It’s great that you are wired differently than your staff and for that reason, you have been placed in a leadership role.  However, being a leader gives you more responsibility than most people around you.  People around you want you to be honest.  They want you to be a man/woman of integrity.  They want to have reason to trust you.
Your team wants you to listen.  They want you to occasionally step into their shoes and consider how they feel.  Your team wants to be acknowledged and to feel appreciated.  Making people feel this way is sometimes more important to your team members than what you pay them.
Treat your team with the utmost respect and give them the support they need to do their jobs and they’ll do great things for you as their leader.  In fact, treat your team with this kind of respect and they might even shock you with their performance.
Do you know how your executive presence is coming across to others?

Do You or Does Someone On Your Team Have “Learner” In Their Top Traits / Strengths?

First and foremost, when “Learner” is referred to as a trait or strength, it is a trademarked Gallup term.

This is one of 34 traits that according to Gallup’s Clifton StrengthsFinder assessment, we all have within us.  What’s unique and fascinating about this particular trait and the other 33 traits on Gallup’s list is that while we all have Learner somewhere on our traits list, we all have Learner showing up at a different place on our list of traits.


A person who has Learner high on their Traits / Strengths has a constant drive to learn and generally has a continuous drive to improve.

If you have Learner in your top Traits / Strengths, you need to understand how this trait works.  Learners tend to enjoy the journey of learning even more than the destination.  This person needs opportunities to be exposed to new information and new experiences with regularity.  They are comfortable on the cutting edge where all things are new.

If you’re managing someone who has Learner near the top of their Traits / Strengths, it is advisable to make sure you’re always giving this person something new to learn.  Maybe their entire job can’t be full of new things to learn but giving this person small projects that stimulate their need to learn may be the difference between keeping this person on board or seeing them leave for greener pastures.

Learners Never Want To Stop Learning

If you have someone on your team who has Learner high on their list of traits or strengths, this would be a great person to assign to security research or vulnerability research projects. Maybe this person could be assigned to doing preliminary research on new products you're considering adding to your enterprise.  This assignment will likely not feel like work to a learner.

The Learner will likely take these kinds of assignments home with them.  Learning stimulates this person rather than draining them.

Monday, April 20, 2015

Do You or Does Someone On Your Team Have “Futuristic” In Their Top Traits / Strengths?

First and foremost, when “Futuristic” is referred to as a trait or strength, it is a trademarked Gallup term.

This is one of 34 traits that according to Gallup’s Clifton StrengthsFinder assessment, we all have within us.  What’s unique and fascinating about this particular trait and the other 33 traits on Gallup’s list is that while we all have Futuristic somewhere on our traits list, we all have Futuristic showing up at a different place on our list of traits.


A person who has Futuristic high on their Traits / Strengths list loves to look down the road and into the future.  This person can naturally anticipate what might be coming next.

If you have Futuristic in your top Traits / Strengths, you need to understand how this trait works.  While you’re envisioning the future, you could be talking over other people's heads.  Not that other people aren't intelligent.  Rather, it is that you can see down the road while those on your team might only be seeing the here and now.

If you’re managing a person who has Futuristic high on their list of traits, you need to know that this person is one you can and should learn to trust when the topic is forecasting, predicting and anticipating the future.  Doing so comes naturally to this person.

Turn the Coin Over

If you have someone on your team who has Futuristic high on their list of traits or strengths and you only assign them to here and now current-day projects, this person will likely lose interest in their work.

Find out how you are uniquely built and why the way you are built matters today!

Cyber Security Vulnerability and Patch Report for the week of April 20, 2015

Cyber Security Vulnerability and Patch Report

                                        For the week of April 20, 1015

From our friends at Citadel Information Group

Important Security Updates

Adobe Flash Player: Adobe has released version to fix at least 20 extremely critical vulnerabilities. Updates are available from Adobe’s website.
AVG Free Edition: AVG has released version 2015.0.5941 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.
Dropbox: Dropbox has released version 3.4.4 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Google Chrome: Google has released Google Chrome version 42.0.2311.90 to fix at least13 highly critical vulnerabilities. Updates are available from within the browser or from Google Chrome’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 11 updates to address at least 24 vulnerabilities, some of which are highly critical and extremely critical within Windows operating systems, Internet Explorer, Office, and other Microsoft products.
Oracle Java: Oracle has released versions Java SE 8 Update 45 to fix at least 14 highly critical vulnerabilities. The update is available through Windows Control Panel or Java’s website. [See Citadel’s recommendation below]
Siber Systems RoboForm: Siber Systems has released version of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.
TechSmith Corporation SnagIt: TechSmith has released version for SnagIt. Updates are available from TechSmith’s website.
VLC Media Player: VLC has released version 2.2.1 (32-bit and 64-bit) of its Media Player. Download from the VLC website.

Current Software Versions

Adobe Flash [Windows 7: IE, Firefox, Mozilla]
Adobe Flash [Windows 8: IE]
Adobe Flash [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.10
Dropbox 3.4.4 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 37.0.1
Google Chrome 42.0.2311.90
Internet Explorer 11.0.9600.17728
Java SE 8 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Safari 5.1.7 
Safari 7.1.5 [Mac OS X]

Newly Announced Unpatched Vulnerabilities

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates and partial fixes for its Unified Communications Manager, Web Security Appliance, TelePresence TC Software, IOS XR, Secure ACS Solution Engine and others. Apply updates.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.

Sunday, April 19, 2015

Cyber Security News, Education for the Week of April 20, 2015





Securing the Village

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Crime

White Lodging Confirms Second Breach: In February 2015, KrebsOnSecurity reported that for the second time in a year, multiple financial institutions were complaining of fraud on customer credit and debit cards that were all recently used at a string of hotel properties run by hotel franchise firm White Lodging Services Corporation. The company said at the time that it had no evidence of a new breach, but last week White Lodging finally acknowledged a “suspected” breach of point-of-sale systems at 10 locations. KrebsOnSecurity, April 13, 2015
Decade-Long Cyberspy Attack Hacked Southeast Asian Targets: A sophisticated hacking group targeted governments and corporations in Southeast Asia for a decade, marking one of the longest-running and most efficient campaigns unveiled, according to security company FireEye Inc. Bloomberg, April 12, 2015

Cyber Attack

Israeli military networks breached by hackers: researchers: (Reuters) – Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc. Reuters, April 17, 2015

Cyber Privacy

Privacy Is a Business Opportunity: Technology innovation and the power of data analytics present tremendous value, but also new challenges. While a digital economy requires businesses to rethink priorities and practices, this doesn’t have to be a burden. Instead, privacy protection should be a practice as fundamental to the business as customer service. Privacy is an essential element of being a good business partner. It may take time for this idea to sink in at the highest executive levels of some companies, but the conversation is advancing rapidly after a number of recent high-profile data breaches. Harvard Business Review, April 18, 2015
As encryption spreads, U.S. grapples with clash between privacy, security:
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers? The Washington Post, April 10, 2015

Financial Cyber Security

POS Providers Feel Brunt of PoSeidon Malware: “PoSeidon,” a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud. KrebsOnSecurity, April 15, 2015
Beware ‘invoice’ email scam to steal bank details: Criminals are sending emails with attachments containing malware, used to access information stored on your computer. The Telegraph, April 12, 2015

Identity Theft

Identity Theft Poses Extra Troubles for Children: The note that arrived in the mail, dated March 25 and addressed to my grade-school-age daughter, said what we had expected and feared: Like tens of millions of other Americans, including untold numbers of children, she may have fallen victim to thieves who gained access to Social Security numbers and other personal data from the health insurance giant Anthem. The New York Times, April 17, 2015

Cyber Warning

18-Year-Old Security Flaw Allows Hackers To Steal Credentials From All Versions Of Windows: In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB). Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered a much larger vulnerability that affects at least 31 applications including Adobe Reader, iTunes, Box , and Symantec SYMC -0.25% Norton Security Scan on all versions of Windows. Forbes, April 13, 2015

Cyber Security Management

5 costly consequences of SMB cybercrime: Cybercrime doesn’t affect only big businesses — hackers are increasingly targeting vulnerable, smaller organizations, too. Learn more about how SMBs are targeted and the true costs of these crimes. CIO, April 13, 2015

Cyber Security Management – Cyber Defense

Lax Update Policies Give Hackers an Edge: Computer hackers don’t have to be cutting edge to wreak havoc online. Rather, they rely on their targets to make it easier for them by not updating buggy software, according to a report by Verizon Communications Inc. expected to be released on Tuesday. The Wall Street Journal, April 14, 2015

Cyber Security Management – Cyber Update

Critical Updates for Windows, Flash, Java: Get your patch chops on people, because chances are you’re running software from Microsoft, Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month. And Oracle has an update for its Java software that addresses at least 15 flaws, all of which are exploitable remotely without any authentication. KrebsOnSecurity, April 14, 2015

National Cyber Security

Why the Sony hack is important: Fifteen years ago, when Steve Kroft did his first story on cyberwar, the story focused on “what ifs.” What if a foreign government attacked U.S. computer systems with a cyberweapon? CBS 60 Minutes Overtime, April 12, 2015
The Attack on Sony: North Korea’s cyberattack on Sony Pictures exposed a new reality: you don’t have to be a superpower to inflict damage on U.S. corporations. Steve Kroft reports. CBS 60 Minutes, April 12, 2015

Cyber Underworld

New Dark-Web Market Is Selling Zero-Day Exploits to Hackers: HACKERS HAVE FOR years bought and sold their secrets in a de facto gray market for zero-day exploits—intrusion techniques for which no software patch exists. Now a new marketplace hopes to formalize that digital arms trade in a setting where it could flourish: under the cover of the Dark Web’s anonymity protections. Wired, April 17, 2015

Cyber Career

Cybersecurity talent: Worse than a skills shortage, it’s a critical gap: The U.S. House of Representatives next week is expected to consider important measures aimed at bulking up American cyber defenses in the wake of numerous and relentless attacks. Leaders from government and the private sector continue to reinforce that cybersecurity is everyone’s business. The problem, however, is that we don’t have the workforce needed to address the challenges before us. The Hill, April 17, 2015

Friday, April 17, 2015

Vice President of Sales leading to President, NYC, Tri-State or Nationwide

Vice President of Sales leading to President

Location: New York City, Tri-State Region or Nationwide
Compensation: $250,000  - $300,000 On Target Earnings
Education: BA/BS and/or MBA Preferred

What’s In It for You? has been engaged by an early-stage leading vendor of Cyber Security readiness solutions for Electric, Nuclear and Critical Infrastructure companies.  As this company’s Vice President of Sales, you will take on the role of a hunter to increase sales.  Current sales are in the millions.  Over time, you’ll add sales people to your team. 
This somewhat unique opportunity has a distinct path for the right candidate to become the President of our client’s company.  Experience entrepreneurs have already gotten this company off the ground.  They need your help to increase sales and ultimately to run the company as its President.

The chosen candidate will be responsible for developing new clients as well as enhancing relationships with existing clients in the following areas of compliance:  Nuclear Regulatory Commission (NRC), North American Electric Reliability Council (NERC) and Critical Infrastructure Protection (CIP) Cyber Security program. 

Our client’s current client list contains an impressive list of power companies. I’ll be happy to share this information and more when we connect.

On target earnings for this role will land in the $250,000 - 300,000 range and the package will contain equity. 

What you’ll need to bring to the table

  • You need to be a hunter sales leader whose background includes experience selling information security / cyber security software. 
  • It is preferred that you have sold GRC / Compliance technology.
  • In addition to being able to sell and being able to lead a sales team, you’ll need an additional well-rounded business skill set in order to become this company’s President.
  • This company is located in New York City. It is preferred that you live in the NYC Tri-State region.  However, if you live in another part of the United States and you have what it takes to step into this role, you will be considered.

Red Team Cyber Security Penetration Testing Job Opportunities, Seattle, Washington DC, Nationwide US (Updated)

Red Team Penetration Testing Specialist

Location: Washington, DC or Seattle, WA or Nationwide in the US
Compensation: $120,000+ Base, Bonus
Education: BA/BS preferred but not required
Certification: CISSP and others appreciated
Travel: 40% range

What's In It For You has engaged by a Cybersecurity leader we have a deep relationship with to assist his company to find the most talented security professionals in the United States.  This company is growing and you’ll like what they have to offer if you’re as talented as my contact and your colleague is!

Yes, that is a big statement and I don’t make big statements unless the statement can be lived up to.

If you have a 4-year college degree and you’ve accumulated 10 or more years of experience doing super-technical down in the weeds penetration testing work, you might want to keep reading.

In this role, you’ll be challenged to push your skills to new heights related to innovation, security research and providing clients with simulated cyber-attacks that go beyond anything they have previously been exposed to.

In addition to satisfying client needs, you’ll also be expected to contribute to the firm’s company research projects that include exploit development activities and vulnerability research.  To be specific, you’ll devote in the range of 25% of your time to company research projects.

When you join this highly talented team, you’ll execute simulated cyber-attacks in a variety of customer settings.  Customers range from high net worth individuals to large financial organizations to critical infrastructure operations.

You’ll be surrounded by peers that you’ll both learn from and enhance by sharing your knowledge and experiences. 

In the interview process for my client, you’ll be challenged to demonstrate your commitment and passion for your chosen career.  This company hires people who function at the top of the cyber security profession and people who are hungry to constantly learn more.

Required Background
  • 5-10+ years in information security / cyber security consulting
  • 5-10+ years’ experience in network penetration testing
  • 5 or more years’ experience in application security assessment work
  • 4 or more years’ experience in project management of security projects 
  • Ability to perform targeted penetration tests without use of automated tools
  • Knowledge of IDS / IPS / HIDS / HIPS evasion techniques
  • Deep experience with networking fundamentals (all OSI layers)
  • Familiarity with Internet Protocol (IP) packet structures
  • Demonstrated ability to independently research new vulnerabilities in software products
  • Understanding of application design principals
  • Experience with fundamentals of software exploitation
  • Current knowledge of common threats as they related to specific industries
  • Ability to read: C, C#, C++, Objective C, PHP, Java, X86 ASM
  • Understanding of Operating System internals…memory allocators, etc.
  • Excellent writing skills and interpersonal skills as you will write your own client reports and you will work directly with clients

Desired Background

  • Experience scoping engagements and developing technical proposals
  • Experience developing C, C++, PHP+MySQL, Java
  • Experience reverse engineering of malware, disk and memory forensics

Additional Requirements
  • Must be able to pass a seven year commercial background investigation with no major incidents
  • Must be prepared to travel up to 40% of time, both domestically and internationally

Apply for this job:'s Security Recruiter Blog