Three Years Experience Required for Sub-Entry Level Positions
CISO Series Podcast - A podcast by David Spark, Mike Johnson, and Andy Ellis - Marți
Categories:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/three-years-experience-required-for-sub-entry-level-positions/) Our motto for hiring: We never give up on our unreasonable expectations. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest is Brandon Traffanstedt, global director of systems engineering, CyberArk. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. Are we making the situation better or worse? On LinkedIn, Gabriel Friedlander of Wizer asked, "Should we be doing home risk assessments?" Could we create bigger problems if we do that? Gabriel's post generated a debate on what actions can significantly reduce risk. Is there value in a home risk assessment and if so, what's it going to reveal? It’s time for “Ask a CISO” On reddit, crossfire14 asks, "Why are helpdesk roles requiring 2-3 years experience? I thought they were entry level friendly? Im trying to start at lower positions to work my way into infosec yet I cant seem to qualify for any helpdesk roles because of exp?" I looked and actually these entry level positions are often asking for 3-5 years experience. Is this required? If not, what IS required for an entry level help desk role and what's the best way to show that? "What's Worse?!" Two horrible company debilitating options that have happened in real life. How would you survive either one? Please, Enough. No, More Our topic is Privileged Access Management, or PAM. What have Mike and Brandon heard enough about with PAM, and what would they like to hear a lot more? The great CISO challenge Outsider attacks, insider attacks, your assets, networks, people, and controls - what DOESN'T always change in security? If we assume that consistency is synonymous with simplicity, is it always an uphill battle to try to keep security simple especially if we're expanding into new services and cloud environments? Could this be why the foundations are still a struggle for everyone?