J Patrick + Associates Blog

Are You Prepared For The Next DDOS Attack?

Posted by Dylan Rivera on Thu, Feb 09, 2017 @ 01:32 PM

Virtual Threats-.png

With the recent cyber attacks against the DNS service provider Dyn, information security experts are doubling down thier effort to develop the next generation of prevention and solution methods. In other words, the demand for online security has never been greater.

What was once a luxury item has now become a necessary component for your business's online presence. When a single cyber attack can shut down half of the internet, its safe to say it’s time to thoroughly check and protect your property.

Distributed Denial of Service (DDoS) is a digital attack that attempts to disable any online service by sending an overwhelming amount of traffic from multiple sources, also known as ‘Botnets’. Though these attacks do harm, they are not intended to expose or steal any personal information, but rather overpower a hosting server, making it unavailable to users. Over 2000 DDoS attacks are observed daily with one-third of all online downtime complications resulting from DDoS bombardment.

The process of recovering from an attack can take from hours to days to weeks; all depending on the depth and breadth of the strike. All businesses should take the precaution of purchasing an anti-DDoS service to insure your IT safety.

Volumetric

In a volume-based attack (ICMP), the network/service bandwidth becomes congested with a mass amount of traffic resulting in a flood of access requests. Due to this attack all applications and services are rendered useless.

Protocol

Protocol attacks are aimed at saturating networks resources by sending open requests (Pings of Death). These attacks manipulate IP protocol by sending large IP fragments, resulting in reboot or crash.

Application

An application violation (Slowloris) targets the expected behavior of protocols (TCP. HTTP.) by tying up computational resources and preventing the user from accessing their requests. These types of attacks are very difficult to identify and defeat.

Here are our top 5 DDoS Protection Cybersecurity Providers:

The_Best_DDoS_Protection.png

 

There is just too much on the line when it comes to protecting your online assets. Always keep in mind that it only takes one single attack to compromise your business and your customers' online safety. Beat the botnets to the punch, and take immediate action by purchasing a protective service.

Better to be safe than... you know the rest.

New Call-to-action

Tags: cyber-security, ddos, cyber-threats

Cybersecurity Sales Engineers Are in High Demand

Posted by Alysa Wishingrad on Tue, Feb 07, 2017 @ 11:10 AM

Cyber Sales Engineers are in High Demand.pngAccording to projections from Cybersecurity Ventures, the cyber security sector is on track to see $1trillion in spending between 2017 and 2021. With the refocusing of malware to phones, tablets and IoT devices (the internet of things), and the growing number and severity of attacks on consumer, institutional and government institutions in 2016, these projections might even need to be revised upward.

In essence, bad news for the security of our information is good news for the industry. And where there's a boom, there's a demand for talent. One field that's feeling the full effects of this expansion is cyber sales engineers.

With a salary range between $65,ooo- $200,000/year, sales engineers in cybersecurity are in the fortunate position of not only being in demand, but able to negotiate terms. And in an environment where talent is at a premium, and the demand is outpacing the supply, candidates who are in the job market often are fielding competing offers, as well as counter-offers from their current employers.

What this means is, if you're a sales engineer you have the opportunity to really consider your career trajectory and take the offers where you feel you'll be most challenged and valued.

If you're a hiring manager charged with hiring cyber sales engineers, you already know that the competition for talent is fierce. You also know that you might have to push your budget to get the level of talent you need to keep your company's and/or your customer's data safe. And you probably also understand there's tremendous value in interviewing candidates even when you don't have an immediate opening.

But there are a few other key issues to keep in mind.

Lose The Checklist

When you're faced with a competitive market and top talent comes at a premium, you have to be willing to look beyond your check list. The best candidate may not carry all the certifications you want to see, or they might carry ones you never considered important. They might come from a different sector or not have the years experience you're looking for.

Understand the Power of Soft Skills

As the bridge between the technology and the customer, a sales engineer's ability to manage and communicate effectively with customers needs to be a prime consideration. Since they are in daily contact with customers, they are your eyes and ears in the field, and having someone who is an agile communicator about the human experience (as well as the technical experience) is invaluable to you.

Hone Your Game

And speaking of soft skills, in order to attract the best talent, you need to have a company culture in place that both values and invests in their employees. We already know that the best retention and recruiting tool is to make employees and candidates feel valued.

When you're hunting for top talent in a crowded field, always make sure that you have the best position on offer.

Are you looking to expand your team?
Let's Talk! 

Tags: HR and Hiring, cyber-security, cybersecurity

Are Women The Key To Better Cybersecurity?

Posted by Alysa Wishingrad on Tue, Jan 03, 2017 @ 12:19 PM

Are Women The Key To Better Cybersecurity?.jpgWe might not know what the new year will hold for us, but there's one thing you can count on: there will be more and more cyber attacks on businesses and individuals. DDoS attacks, Ransomware and hijacking of IoT devices are bound to double or triple in the coming months, and are projected to cost business upwards of $2 trillion by 2019. In order to defend your company and customers from (or better yet stave off) attacks, you need an agile team with a diverse set of skills and abilities. Not only does such a team allow for greater reach and a wider range of expertise, it also all but insures better employee satisfaction and retention.  

And yet, even though diversity of perspectives is key to devising innovative solutions, InfoSec currently has a big problem with lack of diversity.

To say that InfoSec is a growth industry is to grossly understate the facts. There were over 1 million openings in the Cyber security sector in 2016. More over, demand for well- qualified InfoSec professionals is set to exceed 6 million globally by 2019. What was a $75 billion industry in 2015 is set to rise to over $170 billion in 2020. There is no other sector in IT, or perhaps any other industry, that shows similar growth potential.

And still, women who comprise 51% of the US population only make up 11% of info sec workers. And the statistics for minorities are even more daunting. According the US Department of Labor only 5.2% of security analysts are hispanic, 3.2% are Asian-American, and 3% are Black/African-American.

If we expect to to meet the ever-increasing security demands, industry has to do far better. And better means not only encouraging more women to enter the field, but to stay there. (For more on attracting and retaining women in tech, read here)

Begin At The Beginning

Certainly the best place to start making meaningful changes in the make-up of the IT sector is in early education. And there have been some hopeful signs of progress in recent years. (For more innovative STEM programs, read here and here.)

But what if industry got more actively involved? What if businesses took an active role in educating, training and recruiting more women and monorities?

Well some have.

One such example of businesses getting involved in and supporting education programs is the Scholarship for Women Studying Information Security (SWSIS) sponsored by Hewlett-Packard. The program, which supports women studying the theory and practice of security, is offered by more than 60 accredited universities.

Another great example of industry offering support to girls early in their education is Dell Computer's partnership with GirlStart. This volunteer run organization is devoted to implementing innovative, high-quality STEM education to inspire girls to transform our world.

Lead From The Front

One of the most important things companies can do to encourage women and minorities to move into security is to foster a business culture where diversity is celebrated. Highlight the achievements of your entire team, and allow individuals to shine. Women and minorities need to see people like them succeeding in order to feel that they too can step in.

Hiring managers need to look past direct experience when vetting candidates and look for the dynamic range of skills that make for a good security professional. A focus on collaboration and teamwork creates an environment where more women can thrive. And where you have thriving workers, you have increased productivity, creativity and better protection for your data.

Support Networks

There are a number of professional organizations and educational institutions all geared toward fostering and supporting women in InfoSec. These networks play an important role in fostering support, encouragement and training, and business would be wise to support them.

A participant at the 2016 Women in Cybersecurity Conference said it best when she was quoted on the website as saying: “ As an information security officer for a global company, there are very few women in my peer set. It is exciting to see so many young women passionate about the field, and I believe everyone benefits when women are encouraged to pursue stem fields as, otherwise, we limit ourselves from an entire pool of potentially successful candidates and peers, simply because, as girls, we are not encouraged to pursue technical careers. ” Business can do its part by supporting these organizations and letting them know they are interested in widening

Additional resources include:

The SANS Cybertalent Immersion Academy for Women launched by SANS Cybertalent Immersion Academy in 2015 offers an accelerated training and certification program geared toward getting more women into roles in Cybersecurity.

Women's Society of Cyberjutsu is a not-for-profit organization devoted to providing training and support to women in InfoSec. Their focus is on everyone from the seasoned professional to the recent grad interested in learning more about the field.

Women in Cybersecurity brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. They are hosting organization for the Women in Cybersecurity Conference as well.

The Society for InfoManagement launched SIM Women after Kristen Lameroux, the groups founder, attended the 2006 Tri-State CIO Event and discovered that there was great need for a way to promote communication, mentorship, leadership and career development amongst the female members of SIM.

Jane Frankland is a CISO advisor who has built her own global penetrating testing firm. She writes and speaks frequently about women in cyber security, and is currently writing a book on women in InfoSec due out in 2017.

Business cannot just sit by and allow all this available talent to languish on the sidelines. Companies, recruiters, educational institutions even certifying bodies need to get involved and help create a more inclusive, collaborative industry not only for the sake of on-line security, or their bottom line, but for the health of society at large.

New Call-to-action

Tags: cyber-security, women in Cyber-security

Cybersecurity Needs More Women: Here's How To Fix The Problem

Posted by Alysa Wishingrad on Mon, Dec 05, 2016 @ 11:00 AM

Cybersecurity Needs More Women.pngOne of the cornerstones of an effective cybersecurity strategy is agility and the ability to think ahead of the curve. In order to defend against, or better yet stave off attacks you need a team with a diverse set of skills and abilities. Research conducted by Catalyst found that diversity is key to an organizations ability to inspire higher levels of performance, productivity and creativity, which in turn lead to better employee satisfaction and retention.

And yet, even though diversity of perspectives is key to devising innovative solutions, InfoSec currently has a big problem with lack of diversity.

To say that InfoSec is a growth industry is to grossly understate the facts. There were over 1 million openings in the Cyber security sector in 2016. More over, demand for well- qualified InfoSec professionals is set to exceed 6 million globally by 2019. What was a $75 billion industry in 2015 is set to rise to over $170 billion in 2020. There is no other sector in IT, or perhaps any other industry, that shows similar growth potential.

And still, women who comprise 51% of the population only make up 11% of info sec workers. And the statistics for minorities are even more daunting. According the US Department of Labor only 5.2% of security analysts are hispanic, 3.2% are Asian-American, and 3% are Black/African-American.

If we expect to to meet the demands for ever increasing security in our ever-more connected world, the industry has to do far better. And better means not only encouraging more women to enter the field, but to stay there. (For more on attracting and retaining women in tech, read here)

Begin At The Beginning

Certainly the best place to start making meaningful changes in the make-up of the IT sector is in early education. And there have been some hopeful signs of progress in recent years. (For more innovative STEM programs, read here and here.)

But what if industry got more involved?

One such example of businesses getting involved in and supporting education programs is the Scholarship for Women Studying Information Security (SWSIS) sponsored by Hewlett-Packard. The program, which supports women studying the theory and practice of security, is offered by more than 60 accredited universities.

Another great example of industry offering support to girls early in their education is Dell Computer's partnership with GirlStart. This volunteer run organization is devoted to implementing innovative, high-quality STEM education to inspire girls to transform our world.

Lead From The Front

One of the most important things companies can do to encourage women and minorities to move into security is to foster a business culture where diversity is celebrated. Highlight the achievements of your entire team, and allow individuals to shine. Women and minorities need to see people like them succeeding in order to feel that they too can step in.

Hiring managers need to look past direct experience when vetting candidates and look for the dynamic range of skills that make for a good security professional. A focus on collaboration and teamwork creates an environment where more women can thrive. And where you have thriving workers, you have increased productivity, creativity and better protection for your data.

Support Networks

There are a number of professional organizations and educational institutions all geared toward fostering and supporting women in InfoSec. These networks play an important role in fostering support, encouragement and training, and business would be wise to support them.

A participant at the 2016 Women in Cybersecurity Conference said it best when she was quoted on the website as saying: “ As an information security officer for a global company, there are very few women in my peer set. It is exciting to see so many young women passionate about the field, and I believe everyone benefits when women are encouraged to pursue stem fields as, otherwise, we limit ourselves from an entire pool of potentially successful candidates and peers, simply because, as girls, we are not encouraged to pursue technical careers. ” Business can do its part by supporting these organizations and letting them know they are interested in widening

Additional resources include:

The SANS Cybertalent Immersion Academy for Women launched by SANS Cybertalent Immersion Academy in 2015 offers an accelerated training and certification program geared toward getting more women into roles in Cybersecurity.

Women's Society of Cyberjutsu is a not-for-profit organization devoted to providing training and support to women in InfoSec. Their focus is on everyone from the seasoned professional to the recent grad interested in learning more about the field.

Women in Cybersecurity brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. They are hosting organization for the Women in Cybersecurity Conference as well.

The Society for InfoManagement launched SIM Women after Kristen Lameroux, the groups founder, attended the 2006 Tri-State CIO Event and discovered that there was great need for a way to promote communication, mentorship, leadership and career development amongst the female members of SIM.

Jane Frankland is a CISO advisor who has built her own global penetrating testing firm. She writes and speaks frequently about women in cyber security, and is currently writing a book on women in InfoSec due out in 2017.

Business cannot just sit by and allow all this available talent to languish on the sidelines. Companies, recruiters, educational institutions even certifying bodies need to get involved and help create a more inclusive, collaborative industry for the health not only of their bottom line, but for the sake of on-line security.

New Call-to-action

Tags: cyber-security

The Best Hire: 4 Reasons to Look for Cyber Security Certifications

Posted by Dylan Rivera on Thu, Dec 01, 2016 @ 11:00 AM

The Best Hire- 4 Reasons to Look for Cyber Security Certifications.png

All too often, hiring managers get caught up on their checklists, looking only for direct experience or a set number of years in the field. However, with over 1 million available jobs in the cyber security industry, it’s safe to say it’s time to think outside of the box when it comes to filling these positions.Cyber security professionals need a dynamic range of skills, so even though your job description may not stipulate certain certifications, when you come across a candidate with certs (even unrelated to your space or sector) you need to sit up and take notice as there is an important set of skills those certs are pointing to.

Here are 4 key qualities that cybersecurity certifications can tell you about a candidate.

Motivation to Succeed

There is no greater motivator than the drive to succeed. Often people will need some sort of trigger to get them inspired and motivated. However, if a person has motivated themselves to go out, study, and complete the exam, then you know you’re looking at someone who is both driven and creative. You can be assured that this individual is someone who, when they’ve set their eye on a target, will do everything they can to accomplish their goals.

Life Long Learner

In a time when technology is constantly advancing, an individual who is dedicated to always enhancing their knowledge and education is the type of person you want on your team. You need your employees to always play at the top of their game whether it be configuring new security software or managing a security breach. When you are working in a market that is constantly changing, you need people who make it their business to stay current. Pursuing certifications is a strong indicator that a candidate has both the drive and the ability to stay informed.

Agility

Most certifications exams are difficult to pass with minimal job experience. After all, the greatest learning tool is getting out and getting your hands dirty.  A study conducted by CEB Communications showed that agile employees outperform hard workers. When developing your team, you want quick learners who are swift on their feet. Agile employees are the one’s who nail down a skill and are able to pass on their newly acquired knowledge to their coworkers. They can think around corners and have the facility to think ahead to the next move. These type of individuals are ready for the unexpected and know how to work their way through difficult situations.

110%

The people that are successful are the individuals who give their all. Some of the certification exams require hundreds of hours to prepare for- and they are not the easiest of tests to pass. The type of person who will learn and provide their maximum effort is the same person you want out in the field with your team. If they have a problem, they will find a solution, and if they don't understand something, they won't let it go until they do. Former Yankee Manager and 6x World Series Champion, Don Zimmer, once said, “What you lack in talent can be made up with desire, hustle and giving 110 percent all the time.”

There will be candidates that don't meet all of your expectations, but may come equipped with certain skills or credentials that make up for the absent ones. Instead of restraining yourself and having the job description be your checklist, use it as a simple guideline. When you look beyond the norm, and look into a candidate’s skill set, you are not only opening up the range of possible hires, but you are strengthening your team in the long run.

(For information about the top 5 Cybersecurity certs to purse as a candidate, read here)

New Call-to-action

Tags: cyber-security, cybersecurity

How To Be Prepared For The Next DDoS Attack

Posted by Dylan Rivera on Fri, Nov 11, 2016 @ 02:34 PM

Virtual Threats-.png

With the recent cyber attacks against the DNS service provider Dyn, information security experts are doubling down thier effort to develop the next generation of prevention and solution methods. In other words, the demand for online security has never been greater.

What was once a luxury item has now become a necessary component for your business's online presence. When a single cyber attack can shut down half of the internet, its safe to say it’s time to thoroughly check and protect your property.

Distributed Denial of Service (DDoS) is a digital attack that attempts to disable any online service by sending an overwhelming amount of traffic from multiple sources, also known as ‘Botnets’. Though these attacks do harm, they are not intended to expose or steal any personal information, but rather overpower a hosting server, making it unavailable to users. Over 2000 DDoS attacks are observed daily with one-third of all online downtime complications resulting from DDoS bombardment.

The process of recovering from an attack can take from hours to days to weeks; all depending on the depth and breadth of the strike. All businesses should take the precaution of purchasing an anti-DDoS service to insure your IT safety.

Volumetric

In a volume-based attack (ICMP), the network/service bandwidth becomes congested with a mass amount of traffic resulting in a flood of access requests. Due to this attack all applications and services are rendered useless.

Protocol

Protocol attacks are aimed at saturating networks resources by sending open requests (Pings of Death). These attacks manipulate IP protocol by sending large IP fragments, resulting in reboot or crash.

Application

An application violation (Slowloris) targets the expected behavior of protocols (TCP. HTTP.) by tying up computational resources and preventing the user from accessing their requests. These types of attacks are very difficult to identify and defeat.

Here are our top 5 DDoS Protection Cybersecurity Providers:

The_Best_DDoS_Protection.png

 

There is just too much on the line when it comes to protecting your online assets. Always keep in mind that it only takes one single attack to compromise your business and your customers' online safety. Beat the botnets to the punch, and take immediate action by purchasing a protective service.

Better to be safe than... you know the rest.

New Call-to-action

Tags: cyber-security, ddos, cyber-threats

IoT Security: Protect Your Company and Customers

Posted by Dylan Rivera on Fri, Sep 09, 2016 @ 04:48 PM
IOT_SECURITY.jpg

Think of IoT as the gateway between the digital and physical world. Products are being created with pattern recognition and monitoring sensors providing valuable data that can be applied for the benefit of its users and producers.This market will continue to expand over the next 10 years with companies connecting more and more devices. However, with the connection of so many devices, also comes an increase in the number of entry points for potential hackers.

Since IoT is relatively new to the market, devices often lack basic security measures (Communication Encryption). Researchers have shown that many IoT device manufacturers and service providers are failing to implement common security measures in their products. Reports have surfaced exhibiting the increase in programmers hacking into products, ranging from baby monitors to self-driven cars.

Standard security technologies (SSL.SSH) are no longer enough when it comes to safeguarding your IoT devices. The only way to stay to stay ahead of the cyber terrorists is to embed integrated firewalls directly within the protocol stack at the link layer- configured with a specific set of rules on what communication is and isn't allowed.

These firewalls are necessary to stop the cyber attacks before they begin. Failing to implement a strong security protocol will result in:

Loss of Customer Trust

Customers don't want to worry about having their personal information exploited. We all remember what happened to Target.

Increase of Expenses

After being hacked, there is a mass amount of damage control to attend too. That’s a pricey expenditure.

Competition Head Start

To compete in the market, you must offer benefits that your opponents cannot. Don't let your competition leave you in the dust.

Firewall_1.png

Investment in securing IoT machinery is going to drastically increase from now till 2020. If you're in the market, it's time to check your security’s vulnerability. Don’t let those cyber bullies get the best of your IoT.

 

New Call-to-action

 

 

Tags: Information Security, cyber-security, IoT

The Danger of DDoS: Protect Your IT

Posted by Dylan Rivera on Fri, Sep 02, 2016 @ 02:30 PM

THE_DANGER_OF.jpg

The demand for online security has never been greater. What was once a luxury item has now become a necessary component for your online presence. Whether you're a company conducting business online or a consumer who stores their personal info online, there is a potential risk. With an ever widening range of online attacks, you absolutely need to protect your property.

Distributed Denial of Service (DDoS) is a digital attack that attempts to disable any online service by sending an overwhelming amount of traffic from multiple sources, also known as 'Botnets". Though these attacks do harm, they are not targeting to expose or steal any personal information, but rather to overpower a service through the hosting server, making it unavailable to it's users. Over 2000 DDoS attacks are observed daily with one-third of all online downtime complications resulting from DDoS bombardment.

These attacks can be disguised in many shapes and sizes; however, each strike falls under one of the three core categories:

Volumetric

In a volume-based attack (ICMP), the bandwidth of a network/service is affected and flooded.

Protocol

Protocol attacks are aimed at saturating networks resources by sending open requests (Pings of Death).

Application

An application violation (Slowloris) targets the hypertext transfer protocol with the conclusional outcome of crashing the server.

The process of recovering from a DDoS attack can take hours to days to weeks; all depending on the time length of the strike. All businesses and consumers should take the precaution of purchasing an anti-DDoS service to insure your IT safety.

Here are our top 5 DDoS Protection Selections:

The_Best_DDoS_Protection.png

 

There is just too much on the line when it comes to protecting your online assets. Just remember that one of these attacks has the potential to destroy all the hard work you’ve put in to your online presence. Beat the botnets to the punch, and take immediate action by purchasing a protective service.

New Call-to-action

Tags: Information Security, cyber-security

How IoT is Changing AV Sectors

Posted by Nicholas Stearns on Wed, Aug 24, 2016 @ 10:53 AM

HOW_IoT.jpg

The Internet of Things, or IoT, is the network of devices (cars/buildings/refrigerators) embedded with software, sensors, electronics etc that allow them to network and communicate and exchange data. It’s an exciting development  impacting many sectors- prime among them the AV industry.   

Cutting Costs.

Less Hardware = Less Money. With the  IoT, audio and visual information is transmitted wirelessly. It  can be run on the same cable as internet, phones, power and other devices, all which contributed to cutting down on the costs of wiring.  The number of necessary control devices also drops as one display can be used to run all of the operations. Technology such as Power over Ethernet (PoE) is just one example of this consolidation of wiring.

Easing Integration.

IoT allows for multiple devices to communicate with one another remotely. This opens a number of possibilities in AV. A conference room could have a screen that is connected to multiple devices, allowing for multiple attendees to display information with no wires. Microphones can be switched on and off from one central device, say a desktop or a smartphone. Sensors on the windows read the amount of sunlight coming in, and communicate with the lighting to adjust the overhead lights as needed. The possibilities are quite endless.

Smart Signage.

With IoT, digital signs are becoming more reactive, and therefore more effective. If, for example, a customer walks into a store they’ve shopped in previously (or have a membership to), digital signage can now offer/advertise specific items to that customer. All the sign needs is a Bluetooth connection to a customer’s phone and it can tailor offers similar to previous purchases from the customer.

Or, signage can be informative. EZ Pass gateways can time how long it takes vehicles to move between tolls, and let drivers know estimated time with current traffic conditions. Airports can read how many Bluetooth devices are in a security line, and how long it takes each one to get through. Then, they can automatically message flyers with an alert if they should arrive early due to unusually long security lines. Parking garages can sense which spaces are open, and connect to a car's satnav to direct them to the most convenient spot.

Homes with an IQ.

When it’s said that IoT can connect anything, it isn’t an exaggeration. Samsung is working to create a full line of home appliances monitored and controlled with a mobile device, such as a smartphone. Lights, the radio, even a fridge that is all monitored and controlled with your phone from anywhere.  

Eye in the Sky.

You know what’s really cool? Taking bird’s-eye-view pictures. Or Videos. And with IoT, this has become a lot easier, using drones. With the ability to take shots that would normally require much more money or setup time, drones allow companies big and small to get footage beyond comprehension. The applications of drones in AV range from landscaping advertising to sports events.

A Bright Future

All of these changes and advancements mean that the role and expectations of AV companies is changing with them. When looking for talent, a few specific skills need to be kept in mind.

1) Knowledge of IT is no longer a perk, it’s a requirement. Being able to set up a network, or test the connections between devices is important. Integration doesn’t mean just physically setting up a system, it’s making sure all of the devices are talking to each other digitally.

2) AV companies need to be looking for Information Security Analysts (read more on how to hire the best info sec analysts) With all of the new forms of connectivity available, comes a host of new ways for information to be stolen or compromised. Security has to be a prime concern when we have multiple devices talking to each other and accessing data and personal information.

Staying ahead in the AV space doesn’t only mean having the newest equipment, it also means keeping an eye on all the other infosec technologies. Integration is the name of the game if you want to stay ahead of the competition.

New Call-to-action

Tags: AV/VTC/UC, network security, cyber-security, IoT

How To Hire and Retain the Best Security Analysts

Posted by Nicholas Stearns on Thu, Jul 28, 2016 @ 03:46 PM

Infosec.jpg

 

 

 

 

 

 

 

 

 

 

 

 

The business of hiring and retaining Information Security professionals has never been more important, or more competitive. It's a candidate's market, and if you’re hiring you need every advantage you can get.

Here are some tips to keep in mind on how to get the edge in a crowded field.

Be Ready to Build.

Being afforded opportunities for ongoing education is a strong incentive for InfoSec professionals. Technology is constantly changing, becoming better, faster and more varied. In order to be effective at their job, analysts need to be up-to-date on all of the newest products and solutions. Companies that pay for, and encourage consistent training not only tend to attract higher caliber candidates, but they also suffer lower attrition rates. Here’s a list of certifications you can help your analysts achieve.

Challenge.

A survey in 2014 by ClearanceJobs found that being challenged was the number one way to retain InfoSec Professionals. Another survey found that almost 40% of professionals would move for more challenging roles, even without the promise of higher pay. Reward your security team for exploring parts of their job that they find exciting or challenging. Host Hackathons where they attempt to beat each other's systems, which, by the way, also has the added benefit of searching out any weakness in your system.

Meaning.

The ClearanceJobs survey noted that 2nd to desiring challenge is doing meaningful work. Unlike previous generations that might have been amenable to doing work for work’s sake, today’s professionals are looking to connect to their work, to know that their labor is making a difference, is useable and impactful.

Know What’s Important.

We may tend to think that  compensation would come in first when attempting to attract talent. But the ClearanceJobs survey shows that it isn’t a major priority for today’s workforce. Compensation plays second fiddle to training and engagement when looking for a new employer. But faced with a tight talent market, it is worth offering a premium to have the best talent protecting your data.

But keep in mind the actual hiring process is important too. Certainly due diligence and thorough background checks are vital, but too many companies get hung up in long and protracted interview processes. Too lengthy an interview process, poor communication with candidates and recruiters,  and taking too long to make an offer will cost you.

You have to be prepared to be decisive in order to hire A level talent.

Integrity.

Just as you are looking for candidates with the highlest level of integrity, scruples and honesty, candidates are also looking for companies that operated from the very same set of virtues. All of your employee branding materials, as well as every level of contact candidates have with your company must reflect your integrity. Remember, prospective employees are looking at you long before they apply to an open position. Your reputation is one of your best recruitment tools.

Your infosec team is vital to your company, understand what they need and want in order to attract and retain the best talent in the field.

 

New Call-to-action

Tags: network security, Information Security, HR and Hiring, cyber-security