Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
How Diversity Can Bridge The Talent Gap
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
 User Rank: Ninja
8/31/2016 | 9:22:15 PM
Re: Additional exacerbation
@Dr.T: So what is your company like in that respect?  What is the process for drafting a job description and job requirements for postings?
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
 User Rank: Strategist
8/31/2016 | 12:31:13 PM
Re: By the way...
To clarify, DiGiovanni's findings are for his training effort--to tap those inherent skillsets for trainees, who obviously get the hands-on hacking training via the DoD program.
GonzSTL
50%
50%
GonzSTL,
 User Rank: Ninja
8/31/2016 | 12:28:49 PM
Re: By the way...

Although I agree that STEM skills are just part of qualifiers, the notion that STEM is not one of the top skills should not be a universal principle. I can see how the DoD would feel that way, since that is a very large organization. Smaller outfits though do not have the luxury of hiring many people for their InfoSec (or just IT period) teams. These organizations are the ones who will look at IT skills first, and then soft skills, during their hiring process. This is why encouragement at a young age and mentoring really is critical in expanding the IT workforce to include women and minorities.

Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
 User Rank: Strategist
8/31/2016 | 12:16:03 PM
Re: By the way...
I disagree, @InReality01. Diversity brings more perspective, insight, and a broader range of skills. When you have people of different backgrounds, socioeconomic roots, and life experiences, you have a more balanced and insightful organization. I agree that hires must be qualified--no one is saying otherwise--but sometimes there are skills that employers aren't considering that are extremely valuable. 

Here's a good example of how skills are more than STEM: a DoD official, Frank DiGiovanni, director of force training in DoD's Office of the Assistant Secretary of Defense for Readiness, has been researching what makes a great white-hat hacker. He has been interviewing folks at DEF CON the past two years.

From a recent Dark Reading article on his efforts:

The big takeaway from DiGiovanni's DEF CON research: STEM, aka science, technology, engineering, and mathematics, was not one of the top skills organizations look for in their cyber-Jedis. "Almost no one talked about technical capabilities or technical chops," he says. "That was the biggest revelation for me."

http://www.darkreading.com/threat-intelligence/dod-taps-def-con-hacker-traits-for-cybersecurity-training-program/d/d-id/1326763?

When you open up jobs to these broader skillsets, you're more likely to get a more diverse pool of applicants.

Of course, there's also the issue of educating and encouraging women and people of color that this industry is wide open and full of opportunity.

 
Dr.T
50%
50%
Dr.T,
 User Rank: Ninja
8/31/2016 | 12:09:27 PM
Re: By the way...
"... There is nothing inheirently "good" about diversity in the workforce based on gender, race or ethnicity. ..."

I hear you, the way I look at it, having different genders will lead to different view points, when you leave women out in IT, you do not get their perspective with the remaining skills in your workforce.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
 User Rank: Strategist
8/31/2016 | 12:07:17 PM
Re: Additional exacerbation
I hear ya, @MistyMorn. That first bar is the big issue in this industry. Have you thought of joining some local cybersecurity meetups? That is one way to meet, network, and get connected with local security events, hackathons, etc. 
Dr.T
50%
50%
Dr.T,
 User Rank: Ninja
8/31/2016 | 12:04:43 PM
Re: The phantom issue in security...
"... women don't go into technical fields at nearly the same rate as men do. ..."

That is a good point, I was just mentioning this in my other post.  When we post a position, we normally do not get any female applicants.
Dr.T
50%
50%
Dr.T,
 User Rank: Ninja
8/31/2016 | 12:03:02 PM
Hiring more women
 

"... Hiring more women and minorities ..."

There is another issue here, when we post a IT position we do not get any female applicants, I am not sure if this is the same for all others but, the other end of this letting female students having interest in IT.

 
Dr.T
50%
50%
Dr.T,
 User Rank: Ninja
8/31/2016 | 12:01:37 PM
Re: Additional exacerbation
"... Entry level should be an on the job training position but I still struggle with being underqualified due to my lack of enterprise IT experience. ..."

This is really a good point. IT is a fast pace sector, there is no day that you do not learn new things, it requires life-long learning strategy.

 
Dr.T
50%
50%
Dr.T,
 User Rank: Ninja
8/31/2016 | 11:58:48 AM
Re: Additional exacerbation
"... It is my personal goal to spread STEM awareness in young kids, especially girls. ..."

This is great to hear. Thank you for doing it. I would assume female studens now realize that technology is not something they need to avoid but embrace, since everything and everting else involves it any more.
Page 1 / 2   >   >>


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19604
PUBLISHED: 2019-12-11
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVE-2019-14861
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permiss...
CVE-2019-14870
PUBLISHED: 2019-12-10
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authent...
CVE-2019-14889
PUBLISHED: 2019-12-10
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
CVE-2019-1484
PUBLISHED: 2019-12-10
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.