“Companies are busy hunting for unicorns when they really just need to stop and look at all the squirrels around them.” Twitter: @InfoSecSherpa Tracy Z. Maleeff is an information security analyst for the New York Times Company. She earned a master of library and information science degree from the University of Pittsburgh, as well as undergraduate degrees from Temple University (BA, magna cum laude) and Pennsylvania State University (AA). Tracy holds a SANS GIAC GSEC certification. As an InfoSecSherpa, Tracy is an active member of the InfoSec community and frequently shares her expert knowledge through her OSINT blog and InfoSec newsletter, in addition to Twitter. Tracy is a frequent presenter on a variety of topics and has given talks at DEF CON's Recon Village, DerbyCon, and several BSides events. In her past career as a librarian, Tracy earned the honor of being named a Fellow of the Special Libraries Association and has won the Dow Jones Innovate Award and the Wolters Kluwer Innovations in Law Librarianship Award. A native of the Philadelphia area, she lives and dies with its sports teams. Do you believe there is a massive shortage of career cybersecurity professionals? No, I don't believe that there is a shortage of cybersecurity professionals. Rather, the shortage is in companies who are willing to train people or develop talent. I personally have been fortunate that my current and most recent past employers very much embraced training and talent development. There are many career changers like myself who came to cybersecurity with a polished skill set from another industry. I was a librarian who made a career change into information security. I had a master of library and information science degree as well as a hard work ethic and transferrable skills. As was said to me during the interview for my first information security job, “We can teach you the tech. We can't teach someone all these other skills you already have that complement the job.” I understand the argument that cybersecurity isn't necessarily an entry-level job. However, every other headline these days screams about how this shortage of professionals is becoming its own security risk and crisis levels. Employers aren't helping themselves by placing unrealistic job requirements on their open cybersecurity positions. A Tier 1 SOC analyst does not need a CISSP to do that job. Yet, it's not uncommon to see cybersecurity job requirements that don't match the actual skill set needed or are appropriate for the job. Companies are busy hunting for unicorns when they really just need to stop and look at all the squirrels around them. Desperate times call for more creative hiring and training. Whether it's a new graduate or a seasoned professional from another industry, employers need to think creatively about the best person for the job based on their aptitude, their willingness to learn, and their desire to do the job. The HR firewalls that companies put up to filter people are not configured correctly for cybersecurity jobs. Many smart people who are passionate about security are getting stonewalled and frustrated. Many move on to something else eventually. No, there's no shortage of cybersecurity professionals—there's a shortage of good hiring and training practices among employers. The HR firewalls that companies put up to filter people are not configured correctly for cybersecurity jobs. What are your communication tips for interacting with executive leadership? Be bold. Be brief. Be gone.
Michael Cooper has great information about communicating with specific brain types. I highly recommend that people check out his Innovators and Influencers site to get more information about communicating with different brain types. Do you have any favorite books to recommend for people who want to lead cybersecurity teams? I like to defer to the Cybersecurity Canon for books related to the industry. Those books are vetted by industry professionals and are recommended for information security practitioners, including management books.
Choose books that inspire and motivate you and then take those lessons and apply them to leadership.
3.16.147.124