Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Diversity: It's About Inclusion
Newest First  |  Oldest First  |  Threaded View
REISEN1955
REISEN1955,
User Rank: Ninja
4/26/2018 | 1:13:51 PM
Re: Best job candidate description EVER
Quite correct --- I am all for gender diversity and in many areas women are far better analysts than men will ever be (have us beat on a whole bunch of fronts).  BUT what we really have is an INTELLIGENCE DIVERSITY issue which is entirely different.  (I say nothing about Bangalore - enough said there).   That is different from KNOWLEDGE DIVERSITY which is a very good thing.  INTELLIGENCE div goes up through the ranks to so that, as at IBM, you have management strata lines of people who know nothing but got there because they knew something earlier in their life and lower down on management ladder.  Remember FUMU?   
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
4/26/2018 | 5:22:58 AM
Re: Best job candidate description EVER
@REISEN: I remember seeing Andy Ellis, CSO of Akamai, speak once on the subject of how these types of purple-squirrel hiring tactics actually diminish gender diversity in the workplace.

Ellis: "If you have a [gender] diversity problem, this is why... [Men] are totally willing to lie and say, 'Yeah, I've got 12 years' experience in Windows 8.'"

Incidentally, here's my writeup for one of Dark Reading's sister sites on this subject, in which Ellis is quoted: networkcomputing.com/careers/tech-talent-shortage-myth/1360165050
notthereatall
notthereatall,
User Rank: Apprentice
4/25/2018 | 12:31:11 PM
A parallel discussion: "inclusion" is an empty buzzword - from a side event
During RSA conference Peerlyst held a side event. The outcome of one of the sessions was a vivid discussion:  ""inclusion" is an empty buzzword".

Here are some interesting and relevant quotes:

By Kim Krawley:

"Employers need to stop having rigid hiring criteria. All of that "culture fit" stuff also excludes people who are demographically different from the people who already work at the company. I work for several different cybersecurity vendors. You know what they looked at? The blog content I've written for other companies and my Twitter following. That's it.

By Andrew Commons:

"We are all different, very different. We have developed a culture that highlights differences and provides the technology for the collective persecution of those considered different. It has become a sport, 'shaming' is the new black.

We have legislation that requires "affirmative action". In some jurisdictions it's been around for 60 years. In large corporations we see (very) senior positions being created specifically to address 'Diversity'. As we see in the case of James Damore (and let's ignore his views for now) and Google, such environments actually do not tolerate diversity they are intent in promoting uniformity and will highlight and shame those who dare differ.

It's this bigger global cultural issue that needs to be addressed before any change can be expected in corporate culture."

By Molly Payne:

"Companies hopefully are seeing that diversity drives creative thought and problem solving. As a community in a company we can create social enclaves for ourselves as a place to recharge and brainstorm solutions for problems we observe. In hiring opportunities reaching back can be a method for those of us outside the majority to change the stats; if you have a say in hiring reach out to those people in your community who you know are qualified and get their resume seen. Volunteer and share your skills. I feel a lot of analyst work and security work can be taught much like a trade you just have to have the passion. I've often thought of organizing a club at a local high school or middle school to build excitement about this field. I think about this quite a lot, and love these discussions thanks for bringing it up!"

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/25/2018 | 9:46:06 AM
Re: Best job candidate description EVER
=) 
REISEN1955
REISEN1955,
User Rank: Ninja
4/25/2018 | 9:25:29 AM
Best job candidate description EVER
Needed - YOUNG enthusiastic Millenial (age 22) with 32 years of experience. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25012
PUBLISHED: 2023-02-02
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2022-37034
PUBLISHED: 2023-02-01
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
CVE-2023-0599
PUBLISHED: 2023-02-01
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metas...
CVE-2023-23750
PUBLISHED: 2023-02-01
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751
PUBLISHED: 2023-02-01
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.