decrypting myths
Tim Bandos , CISO at Digital Guardian
beneficial – and is highly recommended – it can ’ t replace the knowledge gained from researching and responding to incidents within a real world enterprise . It becomes even more difficult when trying to find qualified candidates with experience in responding to statesponsored attacks . Understanding a threat actor ’ s tradecraft and knowing what to look for as it relates to TTPs ( Tactics , Techniques and Procedures ) is an incredibly valuable and sometimes a rarely acquired skill .
Cast recruitment nets wide – you never know what you might find
One mistake a lot of businesses make in their attempts to fill all kinds of cybersecurity positions is using the same old recruitment channels . Rather than posting up ads and hiring expensive recruitment firms , look within your own networks , as well as in less conventional places . Some of the best and most qualified job candidates I ’ ve come across were people I met at security conferences , threat intelligence forums and , ironically , even Twitter .
Conventional job postings and recruitment firms definitely have a place , but in my experience , while they throw up a large number of candidates , few tend to have the necessary skills or experience needed for the advertised position . As such , looking elsewhere can be a much more fruitful way to find the right people for your business .
Retraining existing employees can be just as effective as hiring new ones
Sometimes the right person can be right in front of you but you just don ’ t realise it . Retraining employees rather than hiring new ones can yield several positive outcomes . It gives that employee new skills and possibly lights a new fire to keep them motivated . It also avoids having to spend time and money finding new candidates that may or may not work out . Additionally , current employees are already familiar with the company and culture , so
One mistake a lot of businesses make in their attempts to fill all kinds of cybersecurity positions is using the same old recruitment channels .
68 www . intelligentciso . com