Employment expectations’ mismatch and recruitment pitfalls in InfoSec

This article is considered to be a follow-up to the “Hiring your first security professional”, so if you haven’t yet, I recommend you to read it before you continue with this one.

For a last few years there wasn’t a month when I haven’t read about InfoSec professionals shortage, security skills gap and what not. To give you a proper context I’ll rant a bit about why I don’t believe in those dramatic claims and then we’ll jump into action items for organisations that want to improve their recruitment processes.

If you already have a great security team, and you don’t have any problems with hiring then awesome and I’m happy for you. However, if you’re somewhat struggling with building an InfoSec Team, then it’s likely that you’re making some of the mistakes I described below.  Continue reading “Employment expectations’ mismatch and recruitment pitfalls in InfoSec”

Hiring your first security professional

I really enjoy attending security/business conferences. But it’s not that I’m going there to learn how to do security, because if that would be the case then I’d go for DEFCON or Derbycon and learn from top hackers on the planet. I go to business conferences because I want to listen to the problems others have and observe the way they’re approaching them.
One problem I see continuously since — pretty much — ever is a struggle of starting internal security department. Is it really that hard? May be, but how do you know if you’re keeping the same approach and attitude and make the same mistakes all over again? If your approach doesn’t work, maybe give this one a shot. Continue reading “Hiring your first security professional”