LinkedIn, the Global Road to Everywhere!

It is always fascinating to see who stops by and visits my LinkedIn profile.  Some people I’ve talked to think LinkedIn is a waste of time.  If you don’t have a strategic plan in place for how to make use of LinkedIn, you very well could be wasting time.  Build a strategy and your results could be surprising.

LinkedIn Strategy

If you set out to use LinkedIn strategically as I did back in 2004, it most definitely does lead to business opportunity.  This morning, I shared a scheduled call with the assistant to a CEO in London, England.  The CEO is looking for someone who can recruit the right talent to help his company expand into the US market.

Where did this person find me?  On Google, where SecurityRecuiter.com sits on Page 1 for over 200 different search terms and on LinkedIn where he did further research to validate the information he found through a variety of Google searches.  At least that is what he told me when I asked.

Daily Visits From Around the Globe

Just looking at the past few days, my LinkedIn profile has been visited from the following locations:

Belgium
Canada

Ireland

Poland

Korea

Kenya, Africa

India

United Arab Emirates

Toronto, Canada

Atlanta, GA

Austin, TX

Boston, MA

Colorado Springs, CO

Columbus, OH  

Chicago, IL

Dallas, TX

Fort Pierce, FL

Fort Worth, TX

Greenville, SC

Houston, TX

Las Vegas, NV

New York City, NY

Orange County, CA

Philadelphia, PA

Phoenix, AZ
Raleigh, NC

Salt Lake City, UT

San Francisco, CA

Washington, DC

LinkedIn Doesn’t Work ?

To anybody who still isn’t convinced that LinkedIn is the world’s largest and fastest growing business network and that it has business value, I hope I’ve given you at least something to think about.  I don’t keep track of where my daily LinkedIn invitations come from.  If I did, I suspect that the list of locations I’d report would look a lot like the list of locations people have been sitting in when they visited my LinkedIn profile.

Looking Back

When I came up with the URL for SecurityRecruiter.com in 2001, I had at that time recruited nationally through a network of general IT recruiters going as far back as 1990.  The idea that SecurityRecruiter.com would someday be known in places such as Ireland, England, India, Africa, Korea and beyond never crossed my mind.

In 2004, when another recruiter was kind enough to introduce me to LinkedIn, like many of you, I wasn’t quite sure what to do with it. 

Building a LinkedIn Strategy

I was on LinkedIn for a few months before I carved out time to actually pay attention to the resource.  Between Christmas and New Year’s when business traditionally slows down a bit, I decided to make a project out of clicking everything there was to click on LinkedIn. I took notes and formulated a strategy for how I would approach LinkedIn as a branding tool, a business development tool and a recruiting tool.

When I launched SecurityRecruiter.com on-line in January of 2006, I tied it at the hip so to speak with my LinkedIn profile.  I didn’t know what this effort would or wouldn’t be worth but it turns out that it was worth a lot. 

If you’re going to invest time to build a LinkedIn profile, do so with a strategy in mind.  If you’re not sure what that might look like, I can help.  Since 2004, I’ve built relationships by way of LinkedIn.  I’ve found people to recruit on LinkedIn.  I’ve been found by people who are seeking new security jobs on LinkedIn.  Companies that have security jobs to fill have found me on LinkedIn.

My work on LinkedIn includes both B2B and B2C success.  I can teach you.

I’m an OpenNetworker so feel free to send a LinkedIn invitation if you’d like to join my 26,000+ direct connection network.

Jeff Snyder, SecurityRecruiter.com 719.686.8810

Social Media for Job Search, LinkedIn Job Search Strategies

Today, I read an article about social networking and job search that suggested it might be impossible to keep one’s job search confidential if the individual is using social networking to find a new job.  Difficult...perhaps.  Impossible...not so.

Some don’ts to consider when using Social Media for job search:

·         Tweeting to tell friends about your latest interview probably isn’t the best idea.

·         Updating your Facebook status to tell your friends about your latest interview probably isn’t the best idea.

·         Updating your LinkedIn status with an announcement that you’ll be out of the office this afternoon because you have an interview probably isn’t the best move you could make.

·         Placing your resume on-line just to draw attention to it and then trying to explain to your employer that you’re not looking for a job probably isn’t the best idea.

Some ideas to consider when searching for a job:

·         Sending your resume to a reputable recruiter who is specialized in recruiting your skill set for the purpose of building a relationship that gets you onto that recruiter’s radar screen when new searches hit their desk is a very good idea.

·         Building out your LinkedIn profile and keeping it built out all the time, not just when you’re in a job search mode is a good idea.  If you only beef up your LinkedIn presence when you’re looking for a job, you’ll likely get caught.  Build a complete professional profile and keep it up-to-date all the time.  Nobody will know when you’re actually open to making a professional change.

·         You don’t have to check the box at the bottom of your LinkedIn profile suggesting that you’re open to Career Opportunities.  A true recruiter, one who recruits and builds relationships rather than an e-cruiter, one who only searches the Internet for resumes will call on you whether your LinkedIn profile indicates that you’re open to Career Opportunities or not.  This is a good!  A recruiter won’t necessarily call on you however if you’re profile doesn’t do a great job in differentiating you from the 135M and growing LinkedIn crowd.

·       There are opinions that accepting invitations to connect on Social Networks when they come from recruiters is bad.  Become an OpenNetworker where you connect to anyone in the business community, particularly on LinkedIn, the world's largest and fastest growing business network.  Then, when a recruiter invitation arrives in your Inbox, it isn’t a big deal.  You accept all invitations to connect whether you’re in an active job search mode or not.

·        Why not just send highly specialized recruiters intivitations to connect on LinkedIn?  If you connect to recruiters when you're not in a job search mode, who's going to know when you are in a job search mode?

Advanced ideas to consider when searching for a job:

·        Build a LinkedIn network proactively so that when you need to tap into the network, it is already there.  Don’t wait until your ship is taking on water and you’re about to drown to become an active networker.

·         Seek out recruiters who specialize in placing your skill set.  Get to know these recruiters before you need them and invest time periodically to foster these relationships so when you need a particular recruiter, a relationship is already established.  Think of a recruiter relatinoship like a cactus.  It doesn't require constant attention but a little water here and there is good to keep the cactus or the recruiter relationship alive.

·         Build a LinkedIn profile that is search engine optimized.  Build a LinkedIn profile that is loaded with keywords and buzzwords that point to your skills. Build a LinkedIn profile that is loaded with accomplishments, value and contribution so the person who reads your profile can tell that you’re a producer in your professional life.   Again, don’t do this just at the time when you’re searching for a job or your HR department may be calling you to find out why you’re looking.

·       If you need security resume writing help, help is available.  If you need help to understand how to optimize your LinkedIn profile for business, help is available from someone who has been using LinkedIn since 2004, someone whose network exceeds 26,000 direct connections and someone who provides enough value to generate B2B and B2C business on LinkedIn every day.

·        If you need help to understand how to leverage LinkedIn for business, help is available.  If you need Security Career Consulting, help is available.  If you need longer term Security Career Executive Leadership Coaching, help is available.

Call Jeff Snyder for Recruiting Help, Security Resume Writing Help, LinkedIn Profile Optimization Help, Security Career Consulting Help, Security Executive Leadership Coaching Help and Security Career Public Speaking.

Jeff Snyder, SecurityRecruiter.com 719.686.8810

LinkedIn: 26,000+ Direct Connections for SecurityRecruiter.com

Busy Months For LinkedIn Network Growth

Over the past few months, my LinkedIn network has been growing like a weed.  When I was in Los Angeles to speak to the ISSA-LA and CISO Forum in September, I remember Stan Stahl PhD, President of ISSA-LA, making a big deal in front of the audience about my LinkedIn network hitting 22,000 that night.  Someone in the ISSA audience was my 22,000^th connection.

LinkedIn For Business Training

When I provided a LinkedIn For Business training to a group of technology sales professionals in Denver, CO back in December, one of the attendees in the audience was my 24,000^th connection.  This is what one person in the audience of technology sales professionals had to say about the LinkedIn For Business training I brought to their office in December of 2011.

“Jeff is a proven leader in the IT industry, and specifically the area of security and coaching. I have had the opportunity to get to know Jeff the past 5 years, and he has provided valuable insight to me as an IT professional. Having over 20yrs of IT and business experience myself, I have rarely met anyone with the knowledge and experience Jeff has and the ability to deliver this information to his audience. Jeff recently presented to our group of professionals an overview of using LinkedIn as a business tool.  Incredible knowledge and depth of not only the tool but provided specific uses as it related to our industry. Jeff has a strong business background and outstanding presentation skills. I would highly recommend bringing Jeff in as a speaker for your group for coaching or the use of industry tools like LinkedIn to help your professionals.”  December 19, 2011

1^st Mark Rodholm, Acct. Exec., Sirius Computer Solutions

Today, my network surpassed the 26,000 direct connection mark.  Why does this matter?

·         A Network of Security Professionals:  I am likely sitting on the world’s largest network of security professionals.  The companies that call on SecurityRecruiter.com looking for security talent to hire benefit from my ability to reach out to so many highly skilled security professionals through direct recruiting.

·         Unlimited Resources:  When security professionals reach out to me for information, I’m usually only one phone call away from getting to the information I need to help my clients.  This includes the companies that turn to me to fill security jobs as well as security professionals who turn to me for security career consulting services.

·         Business Intelligence:  As I teach professionals how to leverage LinkedIn for Business, I’m able to demonstrate on the spot my ability to get to business intelligence.  If you are in a job search, you could benefit from having more business intelligence.  If you’re in sales, marketing or business development of any kind, you could benefit from business intelligence.

·         Direct Sales:  LinkedIn has enabled me to put my brand and experience in front of companies that need help with their security recruiting.  What I can tell these perspective clients about my experience is one thing but what others have been so kind to share about their experiences working with my by way of LinkedIn Recommendations has been helpful in ways that I can’t measure.

Observation

I’ve recently sat in on presentations, watched videos and have read articles, newsletters, blogs and books written by “LinkedIn Experts” who have been using LinkedIn for half as long as I have and whose networks are less than half the size of my network. 

I’m not sure what constitutes one as a “LinkedIn Expert” but it seems to me that an expert should have a deeper than average understanding of the various functions of LinkedIn. 

A “LinkedIn Expert” would likely be an early-adopter who jumped into LinkedIn in the 2004-2005 time-frame before LinkedIn was a popular networking platform and has learned through trial and error what works and what doesn’t work so well within the LinkedIn networking environment. 

A “LinkedIn Expert” would very likely be someone who has figured out how to leverage the power of LinkedIn for branding, marketing and profit.  Profit in a B2B format rather than just B2C profit from selling books, videos and seminars to show individuals how to build a LinkedIn profile.

Get LinkedIn Training

As an individual, if you wonder how to leverage the power of LinkedIn to grow and advance your career, I have a solution.

If you are the person in a company who is responsible for the growth of your company’s sales or perhaps you’re responsible for finding channel partners, I can show you how to tap into the power of LinkedIn in a proactive and professional way to:

·         Identify Key Decision Makers

·         Gather Business Intelligence

·         Reach Key Decision Makers

·         Exchange Value and Make Money

To learn more about how you too could be leveraging LinkedIn For Business, call Jeff Snyder at 719 686 8810.

One more thing, if you've reached a point where you want to build your LinkedIn network, this technique worked for me and it just worked for the person who wrote this recommendation.

"So I’m at 936 connections and leveraging LinkedIn as much as possible.  When we met for lunch back in November (ish) I was approaching 200.   Seems like I should celebrate when I hit the first 1000!"  (This message came to me last week.  John followed my advice and look where he is today.  Click John's name below and send him an invite if you wish.  He is an Open Networker)

John followed my advice and used Open Networker as one of the techniques to build his LinkedIn network.  Though I can't tell you exactly how fast your network will grow, I can tell you that 3.5 years ago, my network was at 7,000 direct connections and today, I surpassed 26,000 direct connections.  In early December, John's network was at 200 and it is now approaching 1,000 direct connections.  This system works! 

“Jeff is well known within the IT industry and has an impeccable reputation as a senior security recruiter for cyber and corporate security. That said, my experience with Jeff started when I attended one of his speaking engagements on the topic of social media and specifically LinkedIn. Jeff has been using and evaluating social media as it develops and had the foresight several years ago to recognize the value of LinkedIn and became an early adopter. If you have not yet leveraged LinkedIn or need to understand more about its capabilities and how to use it in conjunction with other formats I would highly recommend attending one of Jeff's session. He is an excellent public speaker and subject matter expert on LinkedIn who ignores the temptation to work from a script and as a result you are likely to learn a great deal more than you anticipate. I highly recommend Jeff and a speaker or mentor on the topic of social media as it pertains to the business environment and specifically LinkedIn.” December 8, 2011 

1^st John Belcher, Senior Sales Executive, Sirius Computer Solutions

SecurityRecruiter.com’s Security Recruiter Blog

Vulnerability and Patch Report for January 23, 2012

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Reader and Acrobat 10.1.2: Adobe has released an update to patch several highly critical vulnerabilities. For users who cannot upgrade to version X, Adobe has also released version 9.5. Updates are available through the program. 

 

Apple iTunes 10.5.3: Apple has released an update to patch several minor issues, including security.

Current Software Versions

Adobe Flash 11.1.102.55 [Warning; see below]

Adobe Reader 10.1.2

Apple QuickTime 7.7.1

Apple Safari 5.1.2  [Warning; see below]

Google Chrome 16.0.912.75

Internet Explorer 9.0.8112.16421

Java SE 6 Update 30

Mozilla Firefox 9.0.1 [Warning; see below]

Newly Announced Unpatched Vulnerabilities

McAfee SaaS: Secunia reports a highly critical vulnerability in McAfee SaaS Endpoint Protection. No patch is available at this time.

For Your IT Department

McAfee GroupShield: Secunia reports a highly critical vulnerability in McAfee GroupShield. No patch is available at this time. The vulnerability is reported in version 7.0.716.101. Other versions may also be affected.

Oracle: US-CERT reports Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. Several of these are highly critical.

Sonicwall: Secunia reports a less-critical vulnerability in Sonicwall AntiSpam & EMail security. The vulnerability is reported in version 7.3.1 and 7.3.4.5725. Other versions may also be affected. No patch is available at this time.

 

Important Unpatched Vulnerabilities

ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12. We alerted readers to a second vulnerability in FotoSlate in Weekend Vulnerability and Patch Report, September 18.

ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user's system. Users should not view un-trusted CDR files. Readers should refrain from opening un-trusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.

Adobe Flash: The highly critical vulnerability we reported in Weekend Vulnerability and Patch Report, December 11 remains unpatched. We recommend users disable the Flash player in their browsers.

Android Browser: Secunia reports a vulnerability in the Android browser that can be exploited to trick a user into believing he is connected to a trusted site by including the trusted site in an iframe. The vulnerability is confirmed in Browser version 2.3.3 included in Android version 2.3.3 and Browser version 3.2 included in Android version 3.2. Other versions may also be affected. Users are cautioned to not rely on displayed certificate information. We first alerted readers to a this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

Apple Safari: Secunia reports a non-critical un-patched vulnerability in Safari 5.1.2. Other versions may also be affected. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.  

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain un-patched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.

HTC Touch2: The highly critical 0-day vulnerability in the HTC Touch2 VideoPlayer remains un-patched. Users are advised to not open files from un-trusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, December 18, 2011.

Microsoft Windows: Secunia reports a highly critical unpatched vulnerability in Windows 7 Professional 64-bit. Other versions may also be affected. We first alerted readers to a this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening un-trusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.

Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user's computer. Security updates are currently unavailable. Readers should refrain from opening un-trusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains un-patched.  Readers should refrain from opening un-trusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.

Mozilla Firefox: Secunia reports a less critical vulnerability in Mozilla Firefox. The vulnerability is confirmed in Mozilla 9.0.1. Other versions may also be affected. No patch is available at this time. Users should exercise extra caution on un-trusted websites.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain un-patched. Readers should refrain from opening un-trusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.

Photoshop Elements: Adobe versions 1 - 8 contain a highly critical unpatched vulnerability. The vulnerability is confirmed in version 8.0 20090905.r.605812 and Adobe reports that the vulnerability affects versions 8.0 and earlier. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 9, 2011.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user's system. Users should not view un-trusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.

VLC Media Player: VLC has released an advisory regarding a highly critical un-patched vulnerability in versions 0.9.0 through 1.1.12. VLC has announced that media player 1.1.13 will address the issue. We first alerted readers to a this vulnerability in Weekend Vulnerability and Patch Report, December 25, 2011.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week's important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

SecurityRecruiter.com’s Security Recruiter Blog

Cyber Security News for the Week of January 23, 2012

From our friends at Citadel Information Group

News of the Week Summary - Cybergeddon?

Zappo's reported that it had been hacked, exposing the personal information of 24 million customers. Anonymous brought down the Justice Department's website and several websites associated with the entertainment industry in response to the Feds bringing down MegaUpload, a large pirate site.  America's critical infrastructure, including water and power, as well as our manufacturing base was put at greater risk with the public release of exploits that target vulnerabilities in industrial control systems. Cyber criminals are targeting our children by installing malicious software (malware) on popular child-focused sites. Israel, Palestine and hacktivists in Saudi Arabia seem locked in cyber war. Adding insult to injury, security vendor McAfee was caught with it's pants down as a vulnerability in one of its products allowed cyber criminals to send spam from supposedly protected PCs.

The New York Times reports again on how difficult it is even for large companies to protect their sensitive information while PC World once again documents several challenges every organization faces in securing information outside the corporate perimeter, whether in the Cloud, in employee's homes, on laptops, on iPads and other tablets, etc. Meanwhile bank regulators are pushing financial institutions to do more to protect their customers from online bank fraud.

Want to know how cyber crime might impact your organization? Want to better understand your exposure to cyber crime? We encourage you to contact us.

Threats and Warnings

Email, Personal Information on PlayBook Left Vulnerable to Hackers: Research in Motion may have improved its overall experience on the PlayBook with its recent update, but security researchers recently revealed that the device leaves corporate email and user information open to potential hackers. Researchers Zach Lenier and Ben Nell of Intrepidus Group uncovered a vulnerability in the PlayBook's Bridge application that leaves the authentication token for the Bridge application somewhere anyone could dig it up. PCWorld, January 17, 2012

Cyber Crime

Hackers Steal $6.7 Million in Cyber Bank Robbery: The first major cybercrime of 2012 has taken place in South Africa, with hackers made off with about $6.7 million from Postbank, which is state-owned and part of the South African post office. PCWorld, January 18, 2012

Zappos hacked, 24 million accounts accessed: NEW YORK (CNNMoney) - Online shoe store Zappos has been hacked, exposing the names, e-mail addresses, addresses, phone numbers and partial credit card numbers of its 24 million customers, the company said late Sunday night. CNN, January 16, 2012

Internet Badlands

Megaupload Founder Kim Dotcom, By the Numbers: When news of the international raid on Megaupload broke Thursday in the U.S., Internet aficionados got a glimpse at the man behind of the largest file-sharing websites in the world. And it turns out the site's founder, Kim Dotcom, was rich, large, and most certainly in charge. He currently sits in a New Zealand prison awaiting trial, while we attempt to dissect the man who (formerly) controlled the online media empire. Time, January 21, 2012

Megaupload Execs Had Thing For Bling, Indictment Shows: The Justice Department Thursday unsealed an indictment in Virginia charging seven executives at file-sharing site Megaupload.com with copyright violations, racketeering, and money laundering. Four of the people charged, including 37-year-old Megaupload CEO and founder Kim Dotcom (aka Kim Tim Jim Vestor, aka Kim Schmitz), were arrested by New Zealand authorities, while the others remain at large. InformationWeek, January 20, 2012

Anonymous tricked people into joining Web site attacks: If you clicked a link distributed by Anonymous yesterday, you may have unwittingly helped the online activists in their attacks against U.S. government and entertainment industry sites that were organized to protest proposed antipiracy legislation. Cnet, January 20, 2012

New Report Shows Malware 'Sleeps' on Computer for Average of 8 Months, Collecting Data: In a new investigative report from Daily Safety Check ™, the average time before 'activation' of malware before committing cyber crimes - such as bank transfers, fraud and information theft - is 8 months. SFGate, January 18, 2012

Facebook exposes hackers behind Koobface worm: As expected, Facebook today started to release information about the Koobface worm (its name is an anagram of "Facebook") and those behind it. The update comes almost a year since Facebook's last post about the infamous piece of malware. After more than three years and numerous hours of working closely with industry leaders, the security community, and law enforcement, Facebook has announced its social network has been free of the virus for over nine months. ZDNet, January 17, 2012

Web Gang Operating in the Open: Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks - and pocketing several million dollars from online schemes - are hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook and several independent computer security researchers. The New York Times, January 16, 2012

Cyber Security Management

Clamor for Cloud Apps Increases Corporate Data Breach Risk: Employees bringing in their own devices and choosing their own application services is significantly increasing the risk to enterprise data. PC World, January 17, 2012

Regulators push banks to improve online security: According to a report in the New York Times , the Federal Deposit Insurance Corporation wants financial institutions to add a new security layer that detects unusual patterns of online activity - such as a volley of transfers to an account in Russia - in real time, starting this month. However, the Financial Times reported that a poll by a bank technology firm in November suggested that 40 percent of banks weren't even aware that regulators want them to adopt new measures. Atm Marketplace, January 17, 2012

Even Big Companies Cannot Protect Their Data: Barbara Scott just hit the trifecta of computer security breaches. Since the New Year, Ms. Scott has been a victim of three separate cyberattacks. Two weeks ago, the online auction site eBay said in an e-mail to her that there had been suspicious activity on her account. On Monday, she received an e-mail from Zappos and another from 6PM, two online shoe retailers owned by Amazon. Both messages alerted her that - once again - her information had been compromised. The New York Times, January 17, 2012

Kids and Families Cyber Security

Hackers Target Children as Adults Wise Up to Spam: Hackers are targeting websites aimed at children, by embedding malicious software in free gaming sites, praying on the young as adults grow wise to their strategies. Forbes, January 19, 2012

Hackers spread malware via children's gaming websites: Hackers are increasingly targeting child-focused gaming websites, according to a leading anti-virus firm. BBC, January 16, 2012

Hactivism

'Anonymous' hackers attack Brazilian websites: RIO DE JANEIRO - The computer hacker group Anonymous attacked websites of Brazil's federal district Saturday as well as one belonging to a Brazilian singer to protest the forced closure of Megaupload.com. AFP, January 21, 2012

Hackers disrupt websites of Israel's stock exchange, national air carrier: JERUSALEM - A hacker network that claims to be based in Saudi Arabia paralyzed the websites of Israel's stock exchange and national airline on Monday, escalating an international cyber war that has jolted this security-obsessed country. The Washington Post, January 16, 2012

Critical Infrastructure Security

Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software: MIAMI, Florida - A group of researchers has discovered serious security holes in six top industrial control systems used in critical infrastructure and manufacturing facilities and, thanks to exploit modules they released on Thursday, have also made it easy for hackers to attack the systems before they're patched or taken offline. Wired, January 19, 2012

Cyber War - The Middle East

Israel in the frame after rapid rise in cybercrime: There has been a huge and sudden rise in online attacks in the region that seem to originate in Israel, a major anti-virus company warns. The National, January 22, 2012

Israeli and Palestinian hackers trade DDoS attacks in rising cyber-gang war: Pro-Palestinian and pro-Israeli hackers are waging a cyber street-fight in a tit-for-tat exchange of posturing, threats of mass credit card exposures, and denial-of-service attacks. As Hamas has egged on hackers in recent weeks, promoting more "hacktivist" attacks against Israeli targets, pro-Israel hackers have responded in kind, today taking down the websites of stock exchanges in Saudi Arabia and the United Arab Emirates. Both sites appear to be back online. ars technica, January 17, 2012

Cyber Irony

PSA: McAfee computer security patches flaw: are you fixed?: Earlier this week, the McAfee group began sending out a fix to stopper up a flaw which turned their protection service into a hijacked spam festival. The flaw, they say, was allowing hackers to attach themselves to your computer specifically and shoot spam throughout your machine - hijacking that which was supposed to be protected using a flaw in the system that was supposed to be doing the protecting. The exploit was reported earlier this week by two customers who were taken aback by the flaw earlier this week, McAfee responding with a fix now here at the end of it. SlashGear, January 20, 2012

Ray of Sunshine

Alleged Muscovite cybercrime daddy hauled in to face US court: A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland. The Register, January 18, 2012

SecurityRecruiter.com's Security Recruiter Blog

Jeff Snyder Interviewed by SecurityInfoWatch.com

Opportunities Flat, Compensation Up In The Corporate Security Industry

My thoughts are squeezed in at the bottom of page 2 in this article.  Since I was interviewed by a magazine editor, I did not get to pick and choose which of my comments ended up in the final article.  And, I had no idea that my comments would be bundled with those of several other recruiters and/or industry analysts. 

Here is part of what I had to say if you don’t feel like reading the entire article:

So, what is the key characteristic for a security executive looking to advance or get a raise? According to Jeff Snyder, president of securityrecruiter.com, the most important thing a security executive can do for advancement is contribute to the business' bottom line – that means understanding the business and the risk landscape – and being able to communicate with the C-level executives in the organization.

  

"Companies are asking me for business people," Snyder says. "When a company calls me (looking for a recruit), they are looking for someone who has 5-10 years business experience at least, and they frequently ask for an MBA — not necessarily for a CPP.

"Those who want to advance need to do some remedial work on their communications skills," Snyder continues. "You can't do it all with a bucket of just technical skills — security has evolved and the people who get the good jobs are enterprise risk management experts, not technology experts.

I have no argument with what the writer used to quote me although there are definitely positions out there that require technology experts and there are positions that require finely tuned business understanding and business acumen. 

Security Recruiting Requirements

Companies that call on me to recruit both cyber security and corporate security leaders call at the moment they realize there is a highly strategic position in their organization to fill.  They call me before doing anything else because they recognize the importance of having their search conducted in a precise manner.

Other companies call on me when they’ve had a highly strategic search open for 6-18 months and they simply can’t seem to find the candidates they really want to interview.  The first step when this kind of call arrives is to determine WHY the job has been open for 6-18 months.  More often than not, there is a gap between what hiring decision makers are expecting and what they're actually seeing in the security job candidates they interview.

In my experience, organizations most frequently struggle to find security professionals who understand business and security professionals whose communication skills are advanced to the level where they’ll be successful as part of an organization’s “C” suite of executives.

The good news is that various aspects of how a business operates can be learned.  Some of this learning happens on the job and some of this learning can be gained through an MBA program.

Communication skills, soft skills can be coached, developed and improved upon.

A Wikipedia definition of Soft Skills reads like this:

“Soft skills is a sociological term relating to a person's "EQ" (Emotional Intelligence Quotient), the cluster of personality traits, social graces, communication, language, personal habits, friendliness, and optimism that characterize relationships with other people.^[1] Soft skills complement hard skills (part of a person's IQ), which are the occupational requirements of a job and many other activities.”

There is a Gap

The reason most companies need outside help with their security recruiting is that they’re looking for certain subject matter expert skills, a certain amount of business skill or a candidate’s ability to understand the business and a certain level of soft skill development that matches well with the company’s culture.

When companies set an expectation for the various skills, traits and characteristics they expect to see in security job candidates and then fail to find candidates who match their expectations, there is a gap.

Identifying the Gap

In coming months, I’ll be taking a deep dive with business leaders to identify precisely what business leaders across many different industries are expecting security professionals to deliver to their organizations.

I’ll turn the findings of this research into blogs and articles that will be designed to help security professionals see the gap between what they’re currently delivering to the business and what the business is expecting from security professionals.

Eliminating the Gap

As the gap is identified, I suspect that the solutions to eliminating the gap will include a mix of hard skill development, education, training, certification and coaching.

SecurityRecruiter.com’s Security Recruiter Blog

More Discussion: Transitioning to a Corporate Security Career

Another article was pushed in my direction by a direct LinkedIn connection.  The ideas Dan shared with me were intelligent, well-written and professionally delivered. 

Dan challenged the blog I wrote earlier today where I shared some of the thoughts shared with me by a VP of Corporate Security regarding a recent article addressing “Shifting Trends in the Public to Private Transition”

Dan Wrote:

I saw your post on LinkedIn referencing the article that Jerry Brennan wrote. Because of my extensive corporate background (I’ve been in the private sector my entire career) I do quite a bit of work with people transitioning from the public sector to the private sector through my consulting entity Fraud Solutions. In fact, I’m currently working with several senior federal agents on their career transitions right now. I’m also in the process of designing some transition training that I hope to roll out to several agencies because there really is none offered to them other than to talk about their retirement benefits. I understand the comments being made by the person you went to and there is some real truth to that… however on the other hand I’ve also been fortunate enough to work with some  people at very high levels of government agencies (public sector) that could (and have) made the transition to very large (private sector) organizations very successfully and the companies significantly benefitted from their public sector expertise.
 So, the truth of the matter in my mind about whether a public sector employee makes a good private sector employee is a qualified…it depends on the individual, their background, skill sets, planning, preparation, education, training and experience. I do not see it as fair to say that because the government is inefficient… the employees who work for it are as well and that doesn’t make them good  private sector employees. Do public sector employees have challenges making this transition, some do, absolutely but if they bring the right attitude and approach, they can make for very good employees in Corporate America. That’s my .02 worth on the topic. I can clearly see both sides of this fence and recognize that there is not a one size fits all, right or wrong opinion to this issue.
 Hope you are well and happy new year!

Because of the way Dan positioned his well-written ideas,  after reading his email and reading the article he brought to my attention, I immediately picked up the phone and shared a highly invigorating conversation.

Here is Dan’s article entitled ” The Top Ten Steps Law Enforcement Personnel Should Take to Ensure Success When Transitioning to the Private Sector”. 

In the article, Dan provides sound ideas for what Law Enforcement professionals should do in preparation for retirement.  I find Dan’s recommendations to be sound and full of good advice.

Dan makes the following three suggestions when a law enforcement is in pre-retirement mode:

•  Prepare For Success
• Get A Professionally Prepared Resume 
• Consult With Industry Sources

 I’m not here to take anything away from Dan’s article so I suggest that you read it (Link Posted Above)

Dan offers more advice in his article: 

Post Hire: Once You Land The New Job…

• Don’t Be A Silo
• Learn The Regulatory/Compliance Lingo
• Understand The Bottom Line
• Learn to operate within the “C Suite”
• Adapt Your Communication Styles To Fit
• Seek Additional Training And Professional Development
• Learn the Culture

Dan believes that one size does not fit everybody when it comes to professionals transitioning from government / law enforcement or federal agency employment to the corporate sector.  I agree with Dan 100%. 

There is definitely a transition from the aforementioned first careers to corporate security.  With the right preparation, understanding, mentoring, coaching, training and mindset, great opportunities exist in the corporate security sector.

Thanks to Dan for sharing his point of view in such a clear way.

SecurityRecruiter.com’s Security Recruiter Blog