编者按: ISACA welcomed cybersecurity expert 拿俄米Buckwalter for an Ask Me Anything (AMA) session on ISACA’s Engage platform 30 October–3 November. Buckwalter is the Director of Product Security for Contrast Security, founder and Executive Director of the nonprofit 网络安全破闸者基金会, 也是LinkedIn课程的作者, “培训 today for tomorrow's solutions—Building the Next Generation of 网络安全 Professionals.” This AMA session led to an engaging community discussion of topics around common concerns of hiring entry-level professionals, what the ideal candidate looks like and how to go about hiring them. 请看下面这个帖子的亮点, 以及更多的见解和对话, 完整的线程可以找到 在这里.
网络安全 can be a difficult and intimidating field to break into. 在必要的证书问题上不断争论, education and training—in addition to ever-evolving legislations, standards and protocols to keep up with—many professionals do not know when or w在这里 they can begin their career.
Fortunately, leaders in the cybersecurity field are always looking for new talent. 拿俄米Buckwalter is one outspoken advocate for hiring entry-level cybersecurity professionals—so much so, 事实上, that she posts relevant job listings on her LinkedIn every week specifically targeted toward these less experienced professionals.
Common hesitations when hiring entry-level cybersecurity professionals include the time it takes to educate and train them, budgeting for this additional guidance and teaching them the specific tools the organization uses. Buckwalter承认, 是的, 你需要花时间来教育这个新人, but she argues that it is often a shorter time commitment than one might think.
“例如, how much training would you expect someone to need in order to create and maintain an asset inventory? Or follow standard procedures for tasks like identity and access management or password resets?巴克沃尔特写道. “我会说,根本没有多少时间. 人都很聪明, and many of these entry-level tasks don’t need technical skills or years of experience to do. You do need to have good documentation and processes in place for entry-level folks to follow, 这是真的. But it should also be true that good documentation and processes are in place regardless.”
Buckwalter goes on to list free and inexpensive resources that entry-level professionals can learn from at home, 包括许多组织使用的工具, keeping the financial side of the hiring process in good shape. (Coursera, Udemy, Google, Cybrary, ACloudGuru and Black Hills Information Security, to name a few.)所讨论的专业人员只需要一台电脑, 能上网,有学习的欲望.
除了这些技术技能, the ideal “soft skills” that a candidate might have include critical thinking, 强烈的职业道德, 职业精神和强烈的诚信意识. 根据ISACA的规定 《澳门赌场官方下载》沟通技巧也是关键. Buckwalter maintains that these professionals must not be satisfied with simply following a framework—they must take it upon themselves to ask, “为什么?以及“这件事还有更好的办法吗??”
就领导力而言, Buckwalter suggests creating a solid business case for all roles, 不仅仅是入门级的. “做一个可靠的商业案例. Say that you need to focus on the fundamentals of information security, 包括资产管理, 配置管理, 变更管理, 访问控制. Your entry-level hires can be trained to do this work,” she writes. “You wouldn't want to have your senior people doing this work—they'd be quite bored and overpaid! You want your senior folks to [focus] on the complicated tasks and security architectural decisions, which DO require years of experience in order to do well.”
After identifying what skills are needed and securing leadership’s approval, the next step is actually hiring these qualified professionals. Buckwalter is “cautiously optimistic” about the future state of entry-level hiring in cybersecurity and shares her hopes that hiring will have settled into a more reasonable state in five years’ time. 她的非营利组织, 网络安全破闸者基金会, is on a mission to convince hiring managers of the value of trusting professionals without previous cybersecurity experience, 给别人一个机会是可以的.
“My suggestion is to look around you and see potential in EVERYONE. Anyone that you are speaking with knows something that you might not know,巴克沃尔特写道. “任何人都可以成为你的老师! You just have to open your mind to that fact—that t在这里 is potential in everyone. It’s actually quite amazing—you start to see the beauty in humanity!”
