Monday, March 16, 2015

You’re Not Still Posting Cybersecurity Jobs On-Line Are You?


A search for the word "Security" on the Dice job board produced this result:


A search for the term "Information Security" on the Indeed board produced this result:


Yes, there is significant competition for Information Security / Cyber Security talent.
That's not what this article is all about. This article is about a deeper topic than competition. This article is about increasing risk by showing your cards.
Let's say my search result on one of the job boards mentioned above produced this job title connected to a particular company. If you or I can run a search on a job board, anybody can run the same search from anywhere in the world. That includes people who have bad intentions.
Chief Information Security Officer
Are there any hackers out there paying attention? I bet there are. Imagine this dialogue in a group of connected cyber criminals.
Check this out!
This company just posted a need for a Chief Information Security Officer. It appears that they have nobody in place who is providing strategic leadership around protecting the company’s data.
Let’s see if they have any other open Information Security Jobs or Cyber Security Jobs on the company’s website.
Bingo!
There’s an opening for an Information Security Architect. For this position, they need someone who has a strong background in hardening UNIX and LINUX servers. I bet they haven’t been keeping up with security patches. This might be low hanging fruit. Add this company to our prospect list.
There's More
This same company is also asking for someone who understands how to protect their Software Development Life-cycle. I bet they don’t have a solid plan for protecting their web applications. They want someone to come in and teach their software engineers how to write secure code.
By the time they get that figured out, we could be in and out and nobody would even know we visited.
While they don’t have any strategic leadership and they appear to have multiple holes in their cyber armor, maybe we should put this company on our target list to see what kind of damage we could do while nobody has their eye on the ball.
There’s So Much Opportunity Out There
I bet if the three of us were to spend just one hour on job boards, we’d find hundreds of potential targets for our dirty work. This is so easy. Let’s all collect data and we’ll meet here after lunch to work on our strategy.
We’ll use our research to decide which industries are the least secure. Then we’ll drill deeper to figure out which companies in those industries appear to be lacking strategic cyber security leadership.
Then we can drill really deep and figure out which companies are lacking defense in areas where we have all-star skill on our team.
This is going to be fun and maybe profitable too!
How About That Risk Idea I Started With?
You could hire a Security Recruiter to do your recruiting for you. Alternatively, you could ask an experienced and deeply skilled Security Recruiter to work with you as a consultant during the time when you need to hire Cyber Security Talent.
In an arrangement like this, the outside recruiter could manage your job postings for you and could post jobs without your company's name attached. You could tap into this recruiter's highly specialized expertise to involve them in your candidate screening and interview process.
There are many ways to attract Cyber Security talent without letting the world know that you have holes in your armor.

Jeff Snyder, @SecruityRecruit, SecurityRecruiter.com, Coaching Technology Professionals To Greater Results, Public Speaker. 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog