Nov 21, 2019
All links and images for this episode can be found on CISO
What if every candidate interviewed was tested on their
cybersecurity competency? How would that affect hiring and how
would that affect your company's security?
Check out this post for the discussion that is the basis
of our conversation on this week’s episode co-hosted by
Spark (@dspark), the
creator of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
guest for this episode is Greg van der
Gaast, head of information security, University of Salford.
Thanks to this week’s podcast sponsor,
Enzoic is an enterprise-focused cybersecurity company
committed to preventing account takeover and fraud through
compromised credential detection. Organizations can use Enzoic
solutions to screen customer and employee accounts for exposed
username and password combinations to identity accounts at risk and
mitigate unauthorized access.
Learn more about Enzoic.
On this episode of Defense in Depth, you’ll learn:
- For all candidates, whether in cybersecurity or not, gauge
their current level of cybersecurity awareness.
- There was a time we put knowledge of Microsoft Word and Excel
on our resumes. Now you never see it because it's common knowledge.
Security knowledge is not common. At this stage it would be seen as
a valuable bonus to have it on your resume.
- There are always small things that hiring managers look for to
tip the scales in a candidates favor. Cybersecurity skills should
be one of them.
- For candidates who would have the most to gain from
cybersecurity awareness, bring in the CISO to ask one or two
questions during the hiring process.
- Different departments bounce candidates off each other even if
they're not going to be working in a specific department. They want
to know how well a person will or won't interface with your
- There's a strong fear that adding cybersecurity into the hiring
criteria will greatly slow down the hiring process which could
damage business productivity.
- There was much debate around seemingly great candidates, such
as an accountant with 20 years of experience, who fails miserably
on cyber awareness. Would that raise a red flag?