Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Diversity: It's About Inclusion
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/26/2018 | 1:13:51 PM
Re: Best job candidate description EVER
Quite correct --- I am all for gender diversity and in many areas women are far better analysts than men will ever be (have us beat on a whole bunch of fronts).  BUT what we really have is an INTELLIGENCE DIVERSITY issue which is entirely different.  (I say nothing about Bangalore - enough said there).   That is different from KNOWLEDGE DIVERSITY which is a very good thing.  INTELLIGENCE div goes up through the ranks to so that, as at IBM, you have management strata lines of people who know nothing but got there because they knew something earlier in their life and lower down on management ladder.  Remember FUMU?   
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/26/2018 | 5:22:58 AM
Re: Best job candidate description EVER
@REISEN: I remember seeing Andy Ellis, CSO of Akamai, speak once on the subject of how these types of purple-squirrel hiring tactics actually diminish gender diversity in the workplace.

Ellis: "If you have a [gender] diversity problem, this is why... [Men] are totally willing to lie and say, 'Yeah, I've got 12 years' experience in Windows 8.'"

Incidentally, here's my writeup for one of Dark Reading's sister sites on this subject, in which Ellis is quoted: networkcomputing.com/careers/tech-talent-shortage-myth/1360165050
notthereatall
50%
50%
notthereatall,
User Rank: Apprentice
4/25/2018 | 12:31:11 PM
A parallel discussion: "inclusion" is an empty buzzword - from a side event
During RSA conference Peerlyst held a side event. The outcome of one of the sessions was a vivid discussion:  ""inclusion" is an empty buzzword".

Here are some interesting and relevant quotes:

By Kim Krawley:

"Employers need to stop having rigid hiring criteria. All of that "culture fit" stuff also excludes people who are demographically different from the people who already work at the company. I work for several different cybersecurity vendors. You know what they looked at? The blog content I've written for other companies and my Twitter following. That's it.

By Andrew Commons:

"We are all different, very different. We have developed a culture that highlights differences and provides the technology for the collective persecution of those considered different. It has become a sport, 'shaming' is the new black.

We have legislation that requires "affirmative action". In some jurisdictions it's been around for 60 years. In large corporations we see (very) senior positions being created specifically to address 'Diversity'. As we see in the case of James Damore (and let's ignore his views for now) and Google, such environments actually do not tolerate diversity they are intent in promoting uniformity and will highlight and shame those who dare differ.

It's this bigger global cultural issue that needs to be addressed before any change can be expected in corporate culture."

By Molly Payne:

"Companies hopefully are seeing that diversity drives creative thought and problem solving. As a community in a company we can create social enclaves for ourselves as a place to recharge and brainstorm solutions for problems we observe. In hiring opportunities reaching back can be a method for those of us outside the majority to change the stats; if you have a say in hiring reach out to those people in your community who you know are qualified and get their resume seen. Volunteer and share your skills. I feel a lot of analyst work and security work can be taught much like a trade you just have to have the passion. I've often thought of organizing a club at a local high school or middle school to build excitement about this field. I think about this quite a lot, and love these discussions thanks for bringing it up!"

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
4/25/2018 | 9:46:06 AM
Re: Best job candidate description EVER
=) 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2018 | 9:25:29 AM
Best job candidate description EVER
Needed - YOUNG enthusiastic Millenial (age 22) with 32 years of experience. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
CVE-2021-43776
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
CVE-2021-41243
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...