My good friend has a tech savvy son graduating from college this spring who is really interested in cybersecurity but is currently doing social media marketing as an intern (no option to stay on).

He was originally in a cybersecurity program at his school, but he switched to marketing... but he's still interested in cyber.

She was asking me my thoughts on the chances of him landing a job in cyber and I wasn't even sure what to say. As much as we need people in cyber, I didn't want her to have any false expectation that it would be easy for him to land a job, as I've seen so many students who actually have completed cybersecurity programs struggle to find work too.

But I don't want to discourage him either, because the need for people in tech is great, and he's a super smart kid.

What do you tell ppl in these situations? What advice is best?

#cybersecurity #cybersecurityprofessional

"This WiCyS strategic partner webinar with Dell Technologies will provide a case study for application of tools provided in the Harvard School of Public Health article entitled, “Leading Outside Your Authority” by Erica Hersh (https://www.hsph.harvard.edu/ecpe/leading-outside-your-authority/)."

https://www.brighttalk.com/webcast/17216/594162

#cybersecurity #cybersecurityprofessional #informationsecurity #leadership

Question for small business cybersecurity friends... for assessments and audits, are you seeing a lot of guidance and information regarding newer AI tech (like chatbots, unmanned vestibules, blah blah etc) and standards the small business should be adhering to?

What guidance/framework are you following/referencing when implementing this kind of tech, and how useful is it for small business specifically?

What role in your org is responsible for ensuring standards are met, or remediating audit findings pertaining to this?

(When I say small business for the purposes of this question I mean under 1k employees.)

#AI #cybersecurity #informationsecurity #informationtechnology #audit #riskassessment #cybersecurityprofessional

I've found that no matter how much an org tries to encourage and foster open communication - i.e, talking honestly directly with your co-worker when you have an issue with them, it still doesn't work a lot of the time.

I think a big part of the problem is we focus a lot on how to give feedback to others, but now how to receive feedback.

There are people in my org I never give feedback to, because I know they won't take it well, and will make my job even more difficult than if I don't speak up in the first place.

We should in equal part teach people how to receive and process feedback if we want staff to freely provide it directly to each other.

imo.

#cybersecurity #cybersecurityprofessional #informationsecurity #informationtechnology

I had a conversation with my boss yesterday and I was mentioning that after taking Project Management I'm glad to understand it better, but also glad to realize I will always want to be on the "doing" side of tech, not the "managing" side.

He told me that as VP of IT he desperately misses actually doing the tech work and does next to none these days.

I always saw my goals as leading toward being a CISO someday, but now I'm not sure I want that... CISOs of Mastodon, what are your thoughts? Do you get to do any technical work or is it mostly management? Do you like where you landed? Is being a CISO fun?

#informationsecurity #informationtechnology #cybersecurity #cybersecurityprofessional #CISO

If you're in the position to - ask at tabletops and DR recovery practice what the policy should be or is for talking about breaches at your company. I asked the question of my leadership, and it took them by surprise. They were curious to know why I was asking, and it gave me a chance to talk to them about why keeping it under wraps does not necessarily help in the grand scheme.

You may get nowhere, you may get over ridden, they may ultimately tell you in the moment of crisis not to say anything... but it may also be that they simply don't know why it's important to speak up, especially in a small business setting - don't underestimate your subject matter expertise.

It's worth the conversation.

https://www.infosecurity-magazine.com/news/twofifths-it-pros-told-keep/

#securityprofessionals #informationsecurity #cybersecurity #cybersecurityprofessional

Dear #ISC2 ... so, you want a "safe and secure cyber world"? You want to be relevant to cybersecurity practitioners?

1) Be available on Mastodon where the bulk of the practitioners have gone to.
2) Fix your web site. Regardless of the browser I use I always get an error initially when I try to connect. And, the cookie banner at the top has a tendency to reload itself after one clicks on the OK button. I've had it pop up as many as two more times after the initial reload.
3) Sometimes when I log into my.isc2.org and then try to access the CPE portal on cpe.isc2.org, I have to log in again.

One wonders if you are aware of how many practitioners are considering not renewing their certifications with you. #cybersecuritycertifications #cybersecurityprofessional