Page 60 - Cyber Defense eMagazine - October 2017
P. 60
Note to HR: InfoSec Applicants are not Necessarily Mainstream
Ode to the InfoSec Personnel Paradigm Shift
by DRP; Cybersecurity Lab Engineer
They say the only constant is change. This is exceptionally applicable to the IT area and
personnel at this junction. This is representative of the new workforce as they change
with the times. The implementation of technology at early ages has had a distinct force
on the latest group of employees and potential employees. The new workforce has new
motivations, focus, and level of documentation sophistication. This new set of workforce
is clearly not the same as prior generations.
With this change has also brought challenges to the Human Resources area of
business operations. There is a distinct lack of personnel in InfoSec. The HR
Department is tasked with adding persons to the IT and InfoSec Departments, yet there
is a limited number of personnel. This is due to a number of drivers at this time,
including the number of University and College programs, availability of training
programs, etc. The personnel moving into these positions, backfilling others who have
left due to retirement or lateral movements, are from a new generation which are vastly
different than the prior ones.
Next Generation for InfoSec Staffing
The new source for staffing IT have their own manner of carrying themselves. With this
change of focus and other attributes, there are new behaviors which naturally follow
this.
InfoSec adds an entirely new layer of complexity to the vetting and hiring process. The
HR staff have not yet gained an appreciation for this new focus. To further the
complexity, the average InfoSec member is not like the mainstream IT person.
We tend to be a bit more curious than the other mainstream IT personnel. We are
always looking at the environment and thinking about this, connections within this, and
other attributes. This is not simply taken for granted. We look at a process, dissecting it
and analyzing how the pieces work together. We don’t think the app or process is fine.
There certainly may be better ways for this to process the material or data, and we think
about how this is so. The InfoSec person may look at what it is also connected and look
for a data flow process diagrams.
The InfoSec staff member tends to be suspicious. The person may look for the loose
string to pull, waiting for the remainder of the garment to unravel. Seemingly this is not
applicable or a benefit to InfoSec. This actually is beneficial in that the InfoSec person
does not simply look at the entirety of a project, app, or module to review or test and
state this is fine. The qualified, motivated person will look for a vulnerability. Once this is
found, by extension the person will continue to look for further issues associated with
this, until the issue is tracked all the way until there is not an issue noted. Once there
are no further areas to review, the effort will slow down.
60 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
