fbpx
713.893.3940

 

Company

Title

Fortune 500 Rank

Biographical Info

City

State

10 Ways AI can Accelerate your Job Search

Finding a new job in the field of cybersecurity can be a challenging task, but AI can definitely assist in various ways. Here’s a comprehensive list of 10 ways AI can be used to help cybersecurity experts find a new job, along with descriptions and examples of AI technologies for each:

1.  Resume Optimization: AI can analyze your existing resume and recommend improvements to highlight relevant skills and experiences for cybersecurity roles.

  • ResyMatch: ResyMatch is an AI-powered tool that analyzes your resume and provides suggestions for improvement. It highlights keywords, skills, and experiences relevant to the cybersecurity job market, enhancing your chances of getting noticed by recruiters.
  • RezScore: RezScore evaluates your resume’s content and structure using AI algorithms. It identifies areas for improvement, such as readability, keywords, and formatting, to help you create a more impactful resume.
  • SkillSyncer: scans your resume and job descriptions to ensure that your skills align with the requirements of cybersecurity positions. It provides recommendations to enhance your resume’s relevance to specific job roles.

2. Job Matching: AI algorithms can match your skills and preferences to suitable job openings in the cybersecurity sector.

  • Jobscan: Jobscan is a tool that compares your resume against job descriptions using AI. It identifies matches and suggests adjustments to your resume to better align with the specific requirements of cybersecurity job listings.
  • ZapInfo: ZapInfo (now Indeed) uses AI to match your skills and preferences with available job openings. It gathers information from various job boards and recommends positions that closely match your cybersecurity background.

3. Skill Gap Analysis: AI can assess your skill set and identify areas where you might need to upskill or acquire new knowledge.

  • Skillometer: Skillometer uses AI-driven assessments to evaluate your current skill set against industry-specific benchmarks for cybersecurity roles. It then offers recommendations for improving any identified skill gaps.
  • Degreed: Degreed’s AI platform maps your existing skills and experiences to cybersecurity roles and identifies areas where you can expand your capabilities through personalized learning pathways.

4. Interview Preparation: AI-powered tools can simulate job interviews, offering practice and feedback to improve your interview skills.

  • InterviewBuddy: InterviewBuddy offers AI-enabled mock interview sessions. It provides real-time feedback on your answers, body language, and presentation, helping you refine your interview skills for cybersecurity roles.
  • Interviewing.io: Interviewing.io provides anonymous, AI-powered practice interviews with experienced technical professionals. It offers insights into your performance and helps improve your communication skills for cybersecurity interviews.

5. Company & Prospect Research: AI can gather and summarize information about potential employers, aiding your understanding of their cybersecurity practices.

  • Crystal Knows: Crystal analyzes online profiles and communication patterns to provide insights into individuals’ personalities. This information helps you tailor your networking approaches for effective connections in the cybersecurity industry.
  • ZoomInfo: ZoomInfo’s AI technology collects data from online sources to create comprehensive company profiles. It assists in researching potential employers’ cybersecurity initiatives, market presence, and key decision-makers.

6. Customized Cover Letters: AI can generate personalized cover letters for each job application, highlighting your relevant experience.

  • Text Blaze: Text Blaze is an AI-powered text expansion tool that helps you create personalized cover letters efficiently. It saves time by generating customizable templates for your cybersecurity job applications.
  • GrammarlyGo: Grammarly’s AI-powered writing and voice assistant ensures your cover letters are error-free and well-structured. It suggests improvements to your writing, enhancing the quality of your job application materials.
  • WriteSonic: WriteSonic is an AI copywriting tool that helps you craft engaging and tailored cover letters and blog articles. It generates content based on input and provides options for customization to suit various cybersecurity blog articles and topics.

7. Salary Negotiation: AI can provide insights into salary ranges for specific roles and locations, helping you negotiate better offers. 

  • PayScale: PayScale’s AI-driven salary data helps you benchmark cybersecurity roles’ compensation. It provides insights into salary ranges based on factors such as experience, location, and specific job roles.
  • Glassdoor’s Know Your Worth: Glassdoor’s tool uses AI to estimate your market value based on your skills, experience, and the current job market trends in the cybersecurity sector.
  • Salary.com: Salary.com offers AI-powered compensation data for various industries, including cybersecurity. It helps you understand fair salary ranges for different cybersecurity job positions.

8. Personal Branding: AI tools can assist in developing your online presence, curating content, and positioning you as a cybersecurity thought leader.

  • SocialBee: SocialBee uses AI to curate and schedule social media content that aligns with your cybersecurity expertise. It helps maintain a consistent online presence, positioning you as a thought leader in the industry.
  • BrandYourself: BrandYourself’s AI-driven platform helps manage your online reputation. It identifies potential negative content and provides guidance on creating positive online branding for yourself.
  • DrumUp: DrumUp uses AI to discover and suggest relevant content for sharing on your social media channels. It assists in building your personal brand by sharing valuable insights and articles within the cybersecurity domain.

9. Skill Development Pathways: AI can recommend learning paths and courses tailored to your career goals within cybersecurity.

  • Pluralsight IQ: Pluralsight IQ uses AI to assess your cybersecurity skills and knowledge. It then suggests personalized learning paths to help you develop specific competencies required for your desired job roles.
  • Udemy’s Learning Paths: Udemy offers learning paths curated by AI for different cybersecurity career trajectories. These paths include relevant courses to help you build skills progressively.
  • LinkedIn Learning’s Learning Paths: LinkedIn Learning uses AI to recommend learning paths based on your career goals within AI & cybersecurity. It guides you through a series of courses to develop expertise in targeted areas.

10. Personality and Culture Fit Analysis: AI can assess your personality traits and match them with company cultures for better fit. 

  • Birkman Behavior and Occupation Assessment: The Birkman assesses personality and behavior traits across over 5M profiles to evaluate how you stack up on certain communication traits. It helps you tailor your communication style to match the preferences of those you’re interacting with.
  • Plum: Plum’s AI-driven platform measures personality traits and matches them to company cultures. It ensures you align well with the organizations you’re considering.

These AI technologies, combined with your own expertise and effort, can greatly enhance your job search journey as a cybersecurity expert. Remember that while AI tools offer valuable assistance, they should be used in conjunction with human judgment and careful consideration.

Job Hunting Tips:

Finding Job Opportunities:

Attracting Hiring Managers:

Interview Prep: 

Job hunting is a full-time job itself and companies are hiring.  Within these articles, you will find ways to be more strategic and productive, than just applying on-line.  We hope you find this helpful.  Your diligence and technique will outperform your luck.  Good hunting.

About Tim Howard

Tim Howard is the founder of 5 technology firms including Fortify Experts which helps companies hire the Best Cyber Talent on the Planet as well as provides expert consulting and NIST based security assessments

In addition, he has a passion for helping CISO’s develop Higher Performing Teams through coaching, by creating interactive CISO Forums and by helping them create highly-effective team cultures.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the cybersecurity industry.

Tim has been leading technology staffing teams for over 20 years and has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward

Did the Target on the CISO Back Just Get Bigger?

Why the SEC Ruling could make it more difficult for CISOs.

After a year of speculation, the SEC finally ruled on its new cybersecurity initiative.  Many security leaders are extremely disappointed with the watered-down ruling.  There was hope that the SEC would dictate that each public board must have a named director who would be responsible for overseeing cyber risks.  

While the ruling fell short of requiring a “named” director, instead, it loosely outlined that the board needs to have cyber awareness on the board and to have a plan for addressing cyber risks.

Security Leaders (i.e. CISOs) had been campaigning for the named director to give them an ally in the board room.  Too often the board lacks the knowledge and desire to address cyber risks to the level a CISO feels is adequate to protect the company. 

I’ve always contended that the CISO role is the most difficult executive position because of its breadth of responsibility, and the lack of executive support.  

Often, the lack of boardroom understanding about cyber risks makes it difficult to garner the support and budget to adequately protect the firm.  But yet, CISOs are still seen as the ones to blame if a cyber event happens.  

This causes frustration with both the CISO and the Board which is a core reason the average tenure of a CISO is only 24 months. This is the shortest tenure of any of the CXOs.

So will the new regulation improve or hurt the CISO position? I think both. 

It will elevate the awareness of cybersecurity in the boardroom as it requires there to be:

  • Cyber Risk Knowledgeable Board Oversight 
  • Defined Cyber Risk Processes
  • Timely Disclosure of Breaches (4 days)

With the SEC monitoring over 12,000 public entities, Boards can no longer ignore cybersecurity.  Investors and consumers will be more informed about the cyber health of public companies. 

Therefore, the target on the CISOs back just got bigger and more visible.

Learn how to hire a great CISO with our Insider’s Guide.

Download Now!
 

They will need to develop public-facing cyber policies that the board will need to agree to and adhere too.  Boards will add CISO oversight as a watchdog and for compliance to cyber policies and reporting. 

In addition, CISOs will be held accountable for quickly discerning the impact of cyber events and the information which needs to be disclosed, plus how and when it is reported and communicated. 

In the short term, the CISO position will be burdened with establishing new processes and procedures to meet SEC expectations. They will also have to communicate it and get buy-in across the organization. 

In the long term, the new SEC requirements should provide additional visibility that CISOs need.  Maybe it will help the rest of the executive team take cyber risks as seriously as the CISO does.

Conclusion

At Fortify Experts, we understand the challenge of finding and hiring a CISO that fits your company’s goals. That’s why we’re committed to helping executive leadership teams find the right CISO for their organization and have developed a step-by-step guide on how to hire a great CISO who meets your firm’s expectations.


Request your free copy of How to Hire a Great CISO by Fortify Experts today and take the first step towards establishing a strong security program for your organization.

Verizon 2023 Data Breach Report – Key Stats

Here are the key stats in the recently published Verizon 2023 Data Breach Report. It contains crucial information that can help safeguard your company. The report is available for viewing at the link provided below.

So whether you are an executive or a security leader protecting against cybersecurity threats is imperative.

We summarize 14 practical actions you can take now to improve your ability to fortify your defenses and prevent potential breaches.

Don’t hesitate to reach out to Fortify Experts if you need any assistance in bolstering your cybersecurity. We’re here to help!

To view the full report:
https://www.verizon.com/business/resources/T5f1/reports/dbir/2022-data-breach-investigations-report-dbir.pdf

5 Reasons Why a BoD Should Hire a Cybersecurity Advisor

The impact of a cyber attack can be devastating to a business.  Even if your firm has a competent Chief Information Security Officer (CISO), who is watching them?  Rarely does the Board of Directors (BoD) have sufficient knowledge to ensure the security program is delivering an appropriate level of security that properly balances the company’s risk tolerance with adequate protection. 

  • According to a 2022 study by IBM, the average cost of a data breach in the U.S. was $9.44 million. This cost includes direct costs such as investigation, remediation, and legal fees, as well as indirect costs such as lost revenue and reputational damage.
  • The FBI’s 2022 Cyber Crime Report found that the financial impact of cybercrime has dramatically increased from $6.9B in 2021 to $10.3B in 2022.  
  • In March 2022, the SEC proposed a mandatory cybersecurity disclosure to be added to Form 8-K as Item 1.05 to disclose any material cybersecurity incidents within 4-days of discovery.
  • As of March 2023, the SEC has also started taking cyber vulnerabilities much more seriously than it has in the past. They recently fined Blackbaud, a South Carolina tech company $3 million for making “misleading disclosures” about a 2020 ransomware attack.
  • 73% of customers would consider leaving a company after a data breach.

Do you have a cyber security advisor or expert on your Board of Directors? 

Here’s why you should.

The criticality of protecting a company’s digital assets and reputation elevates the need for oversight.  Public companies can significantly benefit from hiring an experienced cybersecurity board advisor to oversee and evaluate the security program and its leadership. Just as the Board of Directors provides financial and operational oversight, it should also provide risk and security oversight.

The trend to hire cyber experts on the BoD is on the rise as shown in the 2022 Audit Committee Transparency Barometer survey but most BoDs are still lacking in the expertise to oversee a critical area of risk.

https://thecaqprod.wpenginepowered.com/wp-content/uploads/2022/11/caq_2022-ac-barometer_2022-11.pdf

5 Reasons to Hire an Experienced Cybersecurity Advisor as a Board Member

1. Provide strategic direction and oversight

An experienced cybersecurity advisor as a board member can help public companies develop a comprehensive cybersecurity strategy that aligns with the company’s overall business strategy. They can also provide oversight to ensure that the company’s cybersecurity measures are effective and in line with industry best practices. According to a report by the National Association of Corporate Directors (NACD), “the board’s role in cybersecurity governance includes ensuring that the company has an effective cybersecurity program in place and providing oversight of management’s efforts to manage cyber risk.”

2. Define the Appropriate Level of Risk Tolerance

Every business has a different appetite for risk. Aligning the cost of a cybersecurity program with the firm’s risk tolerance is a delicate balance. An advisor can oversee the effectiveness of the company’s cybersecurity practices, such as regulatory compliance, vulnerability assessments, penetration testing, and employee training programs to assure they align with the desires of the BoD.

3. Increase stakeholder confidence

Cybersecurity breaches can significantly impact a company’s reputation and financial performance. When a company suffers a data breach, stakeholders, including customers, investors, and employees, may lose confidence in the company’s ability to protect its data. Hiring an experienced cybersecurity advisor as a board member can help increase stakeholder confidence in the company’s cybersecurity measures.

4. Improved decision-making

By having an experienced cybersecurity advisor on the board, the company can make better-informed decisions regarding cybersecurity matters. The cybersecurity advisor can provide the board with valuable insights into the current threat landscape and help the board understand the potential impact of cyber-attacks on the company’s operations and reputation. This can help the board make informed decisions regarding the allocation of resources toward cybersecurity measures.

5. Reduced cyber risk

An experienced cybersecurity advisor can help the company identify and address potential cybersecurity risks, reducing the likelihood of a cyber-attack. An advisor can be a welcomed sounding board for the security leader to ensure they are implementing cybersecurity best practices and staying ahead of emerging threats. The partnering between the advisor and security leader can accelerate improvements in the firm’s cybersecurity posture and reduce the risk of a data breach. 

The security advisor can improve the strategy, confidence, and reputation of both the security program and the firm. Thereby, resulting in significant cost savings in breach avoidance, plus, allowing the BoD the ability to sleep better at night knowing vital employee, product, and client data is properly protected.

Identifying a board-level security advisor is challenging.  Fortify Experts hosts CISO Forums and works with security advisors every day.  Download our new ebook on How to Hire a Great CISO.

Learn how to hire a great CISO with our Insider’s Guide.

Download Now!

 

About Tim Howard

Tim Howard is the founder of 4 technology firms including Fortify Experts which helps companies hire the Best Cyber Talent on the Planet as well as providing expert consulting and NIST-based security assessments

In addition, he has a passion for helping CISOs develop higher-performing teams through coaching, creating topic-rich CISO Forums, and by helping them create highly-effective team cultures.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the cybersecurity industry.

Tim has been leading technology staffing teams for over 20 years and has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward

FBI Internet Crime Report 2022

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has published the Annual Internet Crime Report 2022.

Download Report

The IC3 received a total of 800,944 complaints in 2022, with losses exceeding $10.3 billion. Phishing schemes were the number one crime type with 300,497 complaints, and for the first time, Investment schemes, reported the highest losses to victims, totaling over $3.3 billion. In 2022, the IC3 received 88,262 complaints from victims over the age of 60 with losses in excess of $3.1 billion, as result of the significant impact of scams targeting the elderly, IC3 is planning to release its third annual report focusing entirely on Elder Fraud within the next few weeks.

Besides focus on crime types, International and State statistics, the Threat overviews for 2022 include:

  • BEC complaints ranked the second largest dollar losses reported to IC3 at over $2.7 billion. Highlights of the continued success of the Recovery Asset Team, assisting in freezing over $433 million in funds for victims who made transfers to US accounts under fraudulent pretenses.

  • Crypto-investment scams saw unprecedented increases in the number of victims and the dollar losses to these investors. In 2022, investment scam losses were the most (common or dollar amount) scheme reported to the IC3. Investment fraud complaints increased from $1.45 billion in 2021 to $3.31 billion in 2022, which is a 127%. Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 billion in 2022, an increase of 183%.

  • Ransomware incidents, although smaller reporting numbers with 2,385 complaints identified as ransomware, the adjusted losses were more than $34.3 million. The IC3 received 870 complaints that indicated organizations belonging to a critical infrastructure sector were victims of a ransomware attack. Of the 16 critical infrastructure sectors, IC3 reporting indicated 14 sectors had at least 1 member that fell victim to a ransomware attack in 2022. The three top ransomware variants reported to the IC3 that victimized a member of a critical infrastructure sector were Lock bit, ALPHV/Blackcoats, and Hive.

  • Illegal call centers defraud thousands of victims each year. Two categories of fraud reported to the IC3, Tech/Customer Support and Government Impersonation, are responsible for over $1 billion in losses to victims. Almost half the victims report to be over 60 (46%), and experience 69% of the losses (over $724 million).

FBI Internet Crime Report 2022 (gasa.org)

5 way to get over the grief of losing your job

Laid Off? Fired? Here are 5 ways to get over the Grief of Losing your Job.

If you are one of the many who have recently been impacted by a layoff or forced to separate from your employer, this can be an emotional and mentally challenging time. Suffering a loss like this can actually result in a grieving process similar to when we lose a loved one. It is a natural response to loss. Accepting that grief is part of the healing process can help someone pick back up and move forward.

Grief is a complex process that we all experience at some point in our lives.   The stages of grief are commonly referred to as the Kübler-Ross model, named after psychiatrist Elisabeth Kübler-Ross, who first proposed them in her book “On Death and Dying.” The model consists of five stages: denial, anger, bargaining, depression, and acceptance.

  1. Denial:  The first stage of grief is denial. It is a defense mechanism that helps us cope with the shock of the loss. When someone is laid off from their job, they may initially refuse to accept that it has happened. They may believe that there has been a mistake or that they will be able to return to their job soon.
  2. Anger:  The second stage of grief is anger. It is a normal response to the loss of control and the feeling of being wronged. When someone is laid off from their job, they may become angry at their employer, the company, or even themselves. They may feel like they have been unfairly treated or that they have been let down by people they trusted.
  3. Bargaining:  The third stage of grief is bargaining. It is a way of trying to regain control and find a solution to the loss. When someone is laid off from their job, they may start to bargain with themselves or their employer. They may ask themselves if they could have done something differently or if there is anything they can do to get their job back.
  4. Depression:  The fourth stage of grief is depression. It is a natural response to the sadness and loss that comes with the experience. When someone is laid off from their job, they may become depressed and experience feelings of hopelessness, helplessness, and worthlessness. They may feel like they have lost their purpose and identity.
  5. Acceptance:  The final stage of grief is acceptance. It is the stage where we begin to come to terms with the loss and find a way to move forward. When someone is laid off from their job, they may eventually come to accept that they have lost their job and that they need to find a new path forward. They may start to explore new opportunities or consider a career change.

Recovering mentally from a job loss can take time and effort, but there are some things that can help.

  1. Allow Time to Grieve:  First and foremost, it’s important to take care of yourself during this time. Take a few days or a week to work through the stages of grief.  Allow yourself some time to mentally decompress.  This might mean taking time off to focus on your mental health or engaging in activities that you enjoy.
  2. Reach Out:  It’s important to reach out for support, whether that’s from friends, family, or a mental health professional. This is different than networking.  That will come later.  Locate those nearest to you who can provide emotional and mental support.  Talking through the event can speed up the healing process and be the first step to recovery.
  3. Acknowledge your Emotions:  One way to help yourself move through the stages of grief is to acknowledge and work through your emotions. This might mean journaling about your feelings or talking to someone about what you’re going through. It’s important to remember that everyone’s grief journey is unique, so it’s okay if you don’t feel like you’re progressing through the stages of grief in a linear way.
  4. Set Goals:  Another way to help yourself recover mentally from a layoff is to set goals for the future. This might mean exploring new job opportunities, starting a new hobby, or making plans for the future. By focusing on what’s next, you can help yourself move on from the past.
  5. Use Prayer, Meditation even or even Mind Control:  Calming your mind to help you make better decisions during this time can be hugely beneficial. Try spending some alone time in prayer or in meditation asking for direction.  If you want to go even deeper, consider learning techniques like the Silva Mind Control Method to strengthening your mindset and open up mentally creative avenues.

While the experience of being laid off from a job may not be the same as losing a loved one, it can still be a significant loss that triggers a range of emotions. By understanding the stages of grief and recognizing where we are in the process, we can begin to work through our emotions and find a way to move forward with some determination and focus.

I hope this help you in your job search.  If we can be of assistance, please reach out.  Below you will find many additional job hunting and interviewing tips.  If you know someone who would benefit from these, please share them.

Recovering From a Job Loss:

Finding Job Opportunities:

Attracting Hiring Managers:

Interview Prep: 

Job hunting is a full-time job itself and companies are hiring.  Within these articles, you will find ways to be more strategic and productive, than just applying on-line.  We hope you find this helpful.  Your diligence and technique will outperform your luck.  Good hunting.

About Tim Howard

Tim Howard is the founder of 4 technology firms including Fortify Experts which helps companies hire the Best Cyber Talent on the Planet as well as provides expert consulting and NIST based security assessments

In addition, he has a passion for helping CISO’s develop Higher Performing Teams through coaching, by creating interactive CISO Forums and by helping them create highly-effective team cultures.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the cybersecurity industry.

Tim has been leading technology staffing teams for over 20 years and has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward

Creating Diversity in Cybersecurity

Fortify Experts analyzed over 90,000 cybersecurity profiles on LinkedIn to get an accurate understanding of the diversity within cybersecurity. We segmented profiles into the following categories:

  • Women
  • Veteran
  • Hispanic
  • Asian
  • African American

Our analysis aimed to determine if there was a significant under representation of each group relative to its percentage of the U.S. population.

Similar to many STEM fields, women, African-Americans and Hispanics are underrepresented in cybersecurity. The gap is the largest for women, who make up 56.7% of the overall workforce according to the BLS. In cybersecurity, they are only 22% of the workforce. This is lower than general IT roles, where women comprise 30% of the workforce. In some biomedical fields, women make up the majority of the workforce.

The veteran and Asian communities are traditionally considered diversity candidates, but both groups are well-represented in cybersecurity. In fact, as a result of military training, veterans are overrepresented in the cybersecurity workforce, making up 9.2% of the cybersecurity workforce when they are only 5.5% of the population.

How Much Diversity is in Cybersecurity?
Similar diversity gaps are present across different cybersecurity positions. We analyzed the diversity across the following roles: security analyst/engineer, auditors, security architects, and CISO.

The largest gap among women is in the highly technical roles. For example, women represent less than 7% of the security architects.

The African-American community is well-represented among auditor roles, but under represented in all other security positions.  Hispanics are consistently underrepresented in every role.

Why Should Teams Seek Diversity?
Diversity is an asset to cybersecurity teams. A diverse workforce produces better results for businesses. In cybersecurity, diversity can mean many things: diverse race, gender, veteran status, professional background, disabilities, and personality.

Companies with diverse teams see tangible business results through increased innovation, better communication and better cooperation. Diversity can make companies more profitable too.  A BCG study of more than 1,600 companies analyzed the most diverse companies and saw a 19-percentage point increase in revenue from innovation alone.

Fortify Experts coaches security teams to focus on diversity of thought. This purposeful method of designing a team of people with different perspectives naturally leads to more diverse teams.

Leaders can create more productive and creative teams by balancing out behavioral strengths. A balanced combination of thinkers, doers, analysts, and communicators is ideal. Thinkers
bring the big ideas and innovations, while doers are task-oriented.

Analysts dive deep into the data and the communicators help the cybersecurity team sell their mission and purpose. With the right mix, teams will be more inclusive, collaborative, and
communicate better.

Creating Diversity
Diversity won’t happen on its own. Companies have to be proactive to gain the benefit from it. From our diversity research and coaching experience, we have identified six steps companies can take to attract, build and retain diverse teams.

  • Build diverse leadership: Diversity starts at the top. Diverse leaders will attract employees from a variety of backgrounds, creating diverse teams.
  • Promote social relevance: Cybersecurity is critical to prevent attacks and keep society functioning. By highlighting the societal need for cybersecurity,
    companies can bring in a wide range of passionate candidates.
  • Reduce intimidation: Big egos are common in an industry full of experts but can be intimidating for new and diverse hires. Companies should address
    those who are intolerant of employees from diverse backgrounds and create a welcoming and inclusive environment for all.
  • Create mentorships: Fostering mentorships between experienced leaders and younger or diverse works is beneficial for everyone. Junior members can
    learn technical skills and gain confidence by having a trusted advisor and mentor they can lean on. Working with a mentor improves soft skills and
    leaderships skills, which could lead to future promotions.
  • Leverage collaboration and social skills: A fun work environment is attractive. Social team activities can be a selling point for candidates from
    other specialties or non-technical backgrounds.
  • Provide personalized training: Train employees according to their individual needs. Leaders should evaluate their team members’ individual weaknesses
    and determine where they can build them up. Individualized training will help each employee develop the skills they need.

In a recent trend to push women into cybersecurity, CIODIVE found that women who expressed an interest in cybersecurity could move from an IT management position to a cybersecurity leadership position in less than two years.

To help rebalance the gender inequity in cybersecurity, Fortify Experts has funded Cybersecurity Divas. This organization promotes the accomplishments of women in cybersecurity and provides mentoring.  Learn more about Cybersecurity Divas.

This is an excerpt from Fortify Experts’ annual Cybersecurity Employment Trends Report. To read the report in its entirety, go to the 2021 Cybersecurity Employment Trends Report

About Tim Howard

Tim Howard is the founder of Fortify Experts (www.fortifyexperts.com) which helps companies hire and deploy Best on the Planet talent through executive search perm placement and expert consulting. 

In addition, he has a passion for simplifying the hiring of security experts, as well as, simplifying how companies assess and plan for improving their security programs.

Tim conducts monthly CISO Round Tables which provides security leaders a forum to discuss best practices around relevant topics.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the industry.

Tim has been leading technology staffing teams for over 20 years and is the founder of three other technology firms. He has degrees from Texas A&M University in Industrial Distribution and Marketing.  

What is the current number of cybersecurity job openings?

The number of cybersecurity job openings have been reported to be over 3.5 million as recently as 2021. Having been in the cybersecurity executive search business for over 5 years, I had significant doubts that the gap was this large.

Therefore in mid 2021, my team set out to analyze the number of job postings across all the globe using major job boards, including Dice, LinkedIn, Monster, CareerBuilder, Indeed, Clearance Jobs plus, job boards such as Seek, Recruit, and Jobsite.  

LinkedIn was the primary source for job postings. No other job board we analyzed had more than 3,000 cybersecurity positions and most had fewer than 1,000. The most accurate results we could identify were U.S. based, as some job boards like Indeed, CareerBuilder and Monster block international job postings from U.S. based domains such as mine.

As the global leader in job postings, LinkedIn does not block international postings. We found that the U.S. represented about 60% of the global demand for cyber talent. We used this observation to extrapolate additional global demand for other job boards.

In our analysis, we specifically chose the major job boards but excluded job board aggregators other than Indeed. Indeed is the first and best aggregator and has the most sophisticated bots. Indeed’s bots crawl all major corporate websites and aggregate their job postings, while skipping third-party recruiting firms to avoid duplication.  

However, if a firm posts their positions to multiple major job boards, those positions are duplicated in the numbers. For example, at the time of our analysis, Dell had 300 cybersecurity positions posted on their corporate website. If they do not post those positions to any third-party sites, Indeed will still pick them up. If Dell does post their positions on LinkedIn (at the time of this analysis there were 800 Dell cybersecurity job postings on LinkedIn), those 300 positions on Indeed would be duplicated in our numbers, as our analysis includes all LinkedIn job postings.

Our analysis counted any position with a skill or title that included the following search terms: cybersecurity, cyber security, network security or any combination of the three. While this may not include every role within the cybersecurity community, it does include positions which are not primarily within the cybersecurity industry but still reference one of the keywords.

However, our numbers could be inflated because we counted people in non-cybersecurity roles if they reference these terms. Examples include a developer who needs to know network security; an attorney who needs to know cybersecurity privacy; and a bank teller who needs to have cybersecurity awareness. 

We found that most of the job boards had a relatively high degree of accuracy (>90%) in identifying relevant job postings.  

Potential Flaws in the Numbers:
The following may result in an overestimation of job openings:

  • Firms posting positions on multiple job boards. If a firm posted on LinkedIn, CareerBuilder  and Monster, those positions could be triple counted.
  • Inactive or fake job postings. In our experience, these account for 25% to 40% of all open positions. Firms frequently leave postings up to collect resumes even though they are not actively recruiting for the positions.

The following may result in an underestimation of job openings:

  • Positions at firms that are not aggregated by Indeed or posted on other major job boards.
  • Cybersecurity positions that do not explicitly call out cybersecurity, cyber security or network security. For example, IT auditors or IAM developers might be considered ‘cybersecurity’ but it may not be mentioned in their job description.
  • The net of these statistical errors should provide some balance. However, we still, we believe our calculations are likely overestimating the true current demand for cyber talent.
  • Our analysis shows there are roughly 265,000 cybersecurity job openings in the U.S. and approximately 450,000 worldwide.  

The net of these statistical errors should provide some balance. However, we still, we believe our calculations are likely overestimating the true current demand for cyber talent.
Our analysis shows there are roughly 265,000 cybersecurity job openings in the U.S. and approximately 450,000 worldwide.

The reason for overestimation is likely media or vendor driven sensationalism to push more subscriptions, advertising, automation tools and cybersecurity solutions.

Providing an accurate estimate of job demand is critical for several reasons because it:
Sets correct expectations across the cybersecurity industry

  • Avoids a “gold rush” for jobs that don’t exist
  • Avoids false expectations at the university level where cybersecurity programs have popped up across the country
  • Allows the industry to accurately scale job training programs

With an average growth rate of 9.9% CAGR, we project that the number of open positions could increase to 425,000 in the U.S. and 725,000 worldwide in the next five years. However, this will only be an accurate assumption if new cybersecurity automation systems fail to reduce the need for cybersecurity talent, and if there is a lack of sufficient training to feed the demand for talent in the meantime.

While the capacity of the current workforce is severely understaffed for the number of current openings, it is not anywhere near the gap of 3.5M as several sources have reported.

This is an excerpt from Fortify Experts annual Cybersecurity Employment Trends Report. To read the report in its entirety, go to the 2021 Cybersecurity Employment Trends Report

About Tim Howard

Tim Howard is the founder of Fortify Experts (www.fortifyexperts.com) which helps companies hire and deploy Best on the Planet talent through executive search perm placement and expert consulting. 

In addition, he has a passion for simplifying the hiring of security experts, as well as, simplifying how companies assess and plan for improving their security programs.

Tim conducts monthly CISO Round Tables which provides security leaders a forum to discuss best practices around relevant topics.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the industry.

Tim has been leading technology staffing teams for over 20 years and is the founder of three other technology firms. He has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward

Personas of a CISO

Th Hiring of a CISO is the most difficult and complex hiring decision a company can make.

Here’s why…..

6 Critical Questions to Ask a Cybersecurity Search Firm Before you Hire Them

As a generalist technology executive search firm owner for almost 15 years and now having run a specialized cybersecurity search firm for the past 5 years, I have found there are critical differences between the two areas. I hope to shed some light on those differences here.

As a hiring manager or talent acquisition leader, it is essential to properly qualify search firms upfront, otherwise, search firms can waste a tremendous amount of your time, and it may result in a mishire of a security expert which can be extremely painful and costly to replace. Plus, it could put your company and your company’s data at risk.

As you may know, finding the right security talent is not easy. There are a lot of ‘wannabe security folks” out there who try to pass themselves off as security experts. They know common buzzwords that can trick many recruiters who are not intimately familiar with security. Most often, when a search firm is engaged, you are looking to hire a person with existing skills who can “hit the ground running.” A security-focused recruiter can dig deeper to uncover if candidates have the appropriate practical and proven experience for that specific position.

“It’s not who’s looking for you, it’s who you are looking for.”

Therefore, here are some questions you should be asking any search firm before you hire them to work on critical security roles:

  1. How many security engineers, architects or executives have they placed in the past 6 months?  If this is a larger search or staffing firm, ask who would be assigned to your recruiting effort and then ask how many security professionals has that person placed? Just because a national firm has placed security professionals, it does not mean the person assigned to you will know anything about the security domains which are important to your company. Also, ask for references from their clients and talk to the security professionals they have placed. Did the candidate and the client enjoy the experience? How responsive was the firm? Did they help elevate the reputation of the hiring company during the search?
  2. Are they active members of any security organizations such as ISSA, ISACA, InfraGard, CSA, etc.?  Security professionals often avoid posting their details to LinkedIn, job boards, and social networks. In fact, I would be leary of those security professionals who post too many details on the internet. To find the highly desired, embedded security candidates, a search firm must actively participate and build trust within the security community.
  3. Is the search firm actively involved in making a difference within the cybersecurity community?  Security professionals are inherently suspicious, otherwise, they wouldn’t be good at what they do. They work with people whom they know and trust. A search firm that is recognized, influential, and a trusted insider will be able to attract those passive or embedded candidates and leverage a strong referral network within the community. Does the firm host events such as CISO Forums? Are they publishing useful security-related content? Are they improving the industry by leading efforts such as diversity initiatives (i.e. Cybersecurity DIVAS) or hack-a-thons.
  4. Do they recruit off of a job description, or do they take the time to understand the gap which needs to be filled? When interviewing a search firm, listen to the questions they ask. Are they only interested in the ‘skills’ they can search on, or do they understand the functions of the role?  Are they asking probing questions about how a new hire can make a bigger impact on the team?  Whether it be a SOC Analyst or a Cloud Security Architect, knowing the normal day to day challenges within that role allows a search executive to evaluate the candidates more thoroughly and accurately.
  5. How do they qualify security candidates? Ask the search firm or recruiter what qualification questions they would ask for a variety of security domains. If they say they need to get back to you, you know they are scrambling or Googling for those questions. Qualifying firewall engineers, threat analysts, SIEM developers, and Cloud Security Architects is very different. Evaluating a CISO across all the 12 main security domains can be very challenging. A search executive who can’t speak the language or properly qualify the talent will waste your time and not be able to attract the talent you want to hire.
  6. How many current security positions are they recruiting for now? Are they a “wannabe” security recruiter? Do they have a current queue of security professionals they are working with or will they start this search from scratch?  Their website job postings will tell the real story. Review their existing posted positions. Are they a generalist or are they really focused on security roles?

As described, recruiting security experts is a very different process than hiring IT support or development personnel. Most recruiters rely heavily on in bound candidates from job postings listed on LinkedIn, Monster, Career Builder, Indeed, ZipRecruiter, etc. It is extremely rare for great security candidates to come in through job postings.

Case in Point: Over a one year period, our firm received over 10,000 resumes from one of those above sources (out of respect I won’t name which one). We only placed one “inbound” candidate after reviewing those 10,000 resumes and that person was released in under three months which was a blemish on our reputation. This is why our motto continues to be, “It’s not who’s looking for you, it’s who you are looking for.”

Security candidates who do have extensive LinkedIn profiles will continue to be pursued heavily even after they are hired.

Really good cybersecurity professionals don’t need to respond to a job posting. They often receive 10-20 recruiting calls and emails every day. Rarely will they respond to an unknown recruiter as they know they are in extremely high demand. If they want a new position, they most often leverage their trusted security network.

More and more security professionals are reducing their social footprint on LinkedIn and other social platforms. Security candidates who do have extensive LinkedIn profiles will continue to be pursued heavily even after they are hired. This leads to a higher turnover rate, salary demand, and a lower return on investment. Therefore, those professionals may not be the ones you want to target. This is why it may be a big advantage to hire a firm who has already built a deep and trusted network within the industry.

To conduct a successful security search, search professionals must know this domain well, leverage trusted relationships, and be influential in the industry to be able to attract those highly valuable embedded candidates.

About Tim Howard

Tim Howard is the founder of Energy Sourcing (www.energysourcing.com) and Fortify Experts (www.fortifyexperts.com) which helps companies hire and deploy exceptional “Embedded” talent through executive search perm placement and expert consulting. 

In addition, he has a passion for helping companies develop Higher Performing Teams by working with them to increase effective communications, improve non-productive behaviors and on-board faster by providing clients with “Employee Operating Manuals“.

He has teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help increase encourage and support more diversity within the industry.

He has been leading technology staffing teams for over 15 years and is the founder of three other technology firms. He has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward