Firstly I want to give a clear warning about this article, this is going to be a bit broody as I am very disappointed in our progress, actually, lack of progress is a better way to put it. Over the last six months, I have had a lot of the same conversations and although I believe as an individual I have started to make some progress, as an industry I think we haven’t really progressed at all (Deep sigh moment).
I have done several articles over the last 6 months that argued for collaboration and better recruitment ideas that will help make our industry a much better place. I have been to conferences where I have heard many presentations on how we can all work together, do better but honestly, I think we are failing. Look I don’t mean to be a pessimist and be all negative because we are doing some great things in the industry.
There are some good people and companies that are putting their hands up and really getting involved but at this stage, we aren't really making much of a difference and that's a little upsetting. I thought we would be starting to turn the tide by now but everywhere I look I see another breach or some form of malicious cyber activity. I regularly get told that great people are being turned away for entry-level security jobs because they don't have years of experience or a mountain of industry certifications. Seriously people, what are we doing?
Let's just stop and really think about this for a minute, as an industry we have more open jobs than people to fill them and that's if we stopped all of these stupid biases that we are doing with positions requirements. What about these ridiculously sized egos that seem to pop up everywhere in which they know what is going to fix all of our problems with their new blinky light solutions. GRRR this industry of ours can be so frustrating at times but we need to stick together and not get lost in the show that some in our industry try to put on to make a bit of money.
Well Craig, What should we do? We need to forget all of the hype and blinky lights for the moment. We should do something that may be very hard for some of you to swallow and do what we should have done from the first instance.
Let’s do the boring stuff.
I hope I didn't just lose all of you with that statement. We really need to focus on getting all of the basics right like updates, access permissions, multifactor authentication, password, awareness training (this is an ongoing job not just for compliance) and obviously there is more, but you get what I am trying to say. I know none of you like to do the grunt work and get all of this running like clockwork – Let’s face it, it’s boring. Automate and then automate some more if that helps, just make sure it happens. Don't finish it there though, once it is automated don't forget about it, monitor it to ensure that it does as it is supposed too, that way you won't have any surprises.
Align your organisations with ISO27001 or NIST, ensure that you have the complete essential 8 covered. Don’t tell me you can’t, that it’s too hard. That’s just a cop out and will do nothing for you or your organisation. Yes, it might be difficult and may take some planning and some investment to get it done but it will be worth it. If your executive team isn’t on board, bring them onboard help them understand the benefits and costs if you don’t.
All the great recruiters and HR people out there set an example for the industry and hiring managers. Help change minds and help great people enter our industry. Do what you can to help me remove these roadblocks that are always thrown up in their path. It will be a benefit to you as recruiters, the companies you work for and the amazing people that you help get into the industry. Those people will breath amazing new life into the industry and will remember that helping hand they were given an, in turn, return the favour down the line when they themselves are in the position to give someone else that same gift.
That’s probably enough of my brooding for one article, I know that most of us want the same things. So please don’t let me be complaining about the same things in six month's time, I don't want that, and I am sure none of you do either. Let's, all do what we can to change our own piece of this industry for the better, do our bit and hopefully, we can all come together to make a difference (meaning you won't have another one of these in 2020).
As always let me know your thoughts, tell me I am crazy if you like and I live in a dream world where cyber security people work together to get all of the basic security ground work done and unicorns frolic in the garden behind your office buildings. Seriously though If you think we need to approach things in a different way tell me I want to hear what your opinion is. It just might be the idea that breaks through the noise.
Till next time…