Infosec is a complex area of technology- do you have the requirement to code for infosec? Do you need infrastructure and/or cloud expertise to secure that environment? I can help you staff truly complex cyber security positions. #hiring#infosec#cybersecurity#ITsecurity
It's Q2 - we're 25% of the way through the year.
That cloud security role you posted in January's applications have dried up.
The incident response candidate you liked took another offer.
The other candidate IAM candidate who was in process has stopped responding.
Is it time to bring in a specialist in your space to help with that hiring initiative? If you want to outsource the stress of that cybersecurity hire, follow the link in the comments to book in a free 15 minute consultation to see if Hampton North are the partner to help.
#SecurityHiring#CyberSecurity
New research from Infosecurity Europe from earlier this year has found that almost 70% of IT decision-makers either have or will see their cybersecurity budgets increase this year, with particular focus on cloud security and incident response, with things like email security and threat exposure management ranking at the bottom of the priority list.
Use this budget increase wisely, and hire the cloud security and cybersecurity talent you need this year with Ergonnect. Get in touch at contact@ergonnect.io#Recruitment#Hiring#Cybersecurity#CloudSecurity
Is Cyber Security Skills Gap a Myth in 2024?
I was reading the highlights of the 2024 Cloud Security Report by Fortinet, and this caught my attention as I have been hearing that the situation is sometimes quite the opposite, with some cybersecurity professionals struggling to find technical positions available:
"Cybersecurity Talent Shortage: Companies face a critical shortage of cybersecurity expertise, with 93% of respondents concerned about finding qualified professionals to protect complex multi-cloud environments. This directly affects their security posture and strategic efforts. The persistent scarcity of cloud security expertise hinders faster and more widespread adoption of multi-cloud strategies."
So, is Cyber Security Skills Gap a Myth?
Well, I found this article from StationX with some very interesting facts and stats that answer this question and can give us a better idea of where to focus, some important certifications, etc.
It's definitely worth reading!
#cybersecurity
Finding hiring in Cyber a headache? 😓
I've been able to catch up with some of my network since our Cloud Engineering insight report was released and give the low-down on what candidates are looking for.
Now it's time for Cyber. One of the fastest growing areas within the public sector recently, there's been a huge focus on making sure organisations are secure, well trained and certified against breaches.
Want to find out how to attract the top talent in the industry?
Pop over a message on here or to ahodges@understandingrecruitment.com to arrange a chat.
#cybersecurity#civilservice#localgov
Looking for a security solution that includes identity and access management, cloud-infrastructure management and identity verification? Read how professional services and technology provider Avanade found one in Microsoft Entra Verified ID. Contact a Cyber Security Consulting Ops Microsoft security expert for a deeper dive.
#MicrosoftEntra#MicrosoftSecurity
Looking for a security solution that includes identity and access management, cloud-infrastructure management and identity verification? Read how professional services and technology provider Avanade found one in Microsoft Entra Verified ID. Contact a Cyber Security Consulting Ops Microsoft security expert for a deeper dive.
#MicrosoftEntra#MicrosoftSecurity
As a cyber security professional I have dealt with this directly as well as wittiness this through interacting with other professionals. This is my take on it. Feel free to spark any conversation up about the info provided.
1.The skills gap exists because companies often hire engineer-level candidates for analyst-level positions. (Consider interviewing individuals with little to no experience for entry-level roles. For instance, a network or system admin could make a great entry-level SOC analyst, and a compliance specialist could transition into a junior GRC role with minimal additional training.)
2. Some positions advertised by companies are for market evaluation purposes only. These positions may remain unfilled unless a team member leaves.
3. Compensation is low, not just in terms of pay (which can vary depending on company), but also in terms of training budgets. This limits the ability to develop new talent. Every few years, emerging technologies require attention. How does your company support its cybersecurity professionals in updating their skills?
Cybrary, Hack The Box, Antisyphon Training are excellent resources. However, more expensive training programs often require significant commitment from the company. From a business perspective, investing in certifications raises questions about retaining talent. The key is to provide growth opportunities. Each individual has their own professional aspirations, just as companies have theirs. Aligning personal growth with professional opportunities encourages retention. This alignment may not be immediate, but it's a journey. Losing a few professionals along the way is acceptable if it means fostering an environment that cultivates strong cybersecurity professionals and retains talent within the company.
Top-Performing Account Executive 📈 | Cybersecurity | Tech | SaaS | AI enthusiast | Customer-Obsessed | Helping people make the world a safer place. ✨
Is Cyber Security Skills Gap a Myth in 2024?
I was reading the highlights of the 2024 Cloud Security Report by Fortinet, and this caught my attention as I have been hearing that the situation is sometimes quite the opposite, with some cybersecurity professionals struggling to find technical positions available:
"Cybersecurity Talent Shortage: Companies face a critical shortage of cybersecurity expertise, with 93% of respondents concerned about finding qualified professionals to protect complex multi-cloud environments. This directly affects their security posture and strategic efforts. The persistent scarcity of cloud security expertise hinders faster and more widespread adoption of multi-cloud strategies."
So, is Cyber Security Skills Gap a Myth?
Well, I found this article from StationX with some very interesting facts and stats that answer this question and can give us a better idea of where to focus, some important certifications, etc.
It's definitely worth reading!
#cybersecurity
Most cloud breaches exploit known vulnerabilities. Here are the top 5 cloud security threats to focus on:
1. Cloud Storage Attacks - Unauthenticated access to storage buckets can expose critical assets
2. Password Spraying - Targeting weak and commonly used passwords to compromise accounts
3. Social Engineering - Phishing, vishing, and smishing tactics to steal user credentials
4. Web App Attacks - Exploiting vulnerabilities like SSRF, RCE, and insecure file uploads
5. Metadata API Abuse - Leveraging instance metadata to gain unauthorized access
To defend against these threats, consider a multi-layered approach:
-- Implement strong access controls and permissions on storage containers
-- Enforce robust password policies and multi-factor authentication
-- Educate employees on social engineering tactics and implement phishing-resistant authentication
-- Follow secure coding practices and regularly test web apps for vulnerabilities
-- Disable legacy metadata API versions and restrict access to metadata endpoints
Gain visibility into your full cloud attack surface.
You can't protect what you don't know you have.
Regular red teaming, purple teaming, and penetration testing is crucial to identifying gaps before attackers do.
What steps are you taking to secure your AWS and Azure environments?
Kroll Cyber RiskJamy Casteel