North Dakota State University CISO Discusses What Makes A Successful Leader

With a shortage of skilled IT security workers, there is plentiful room for aspiring cybersecurity professionals to take on leadership roles within the industry.

Having a Chief Information Security Officer (CISO) or the equivalent function in an organization has become a standard in business, government and non-profit sectors. With more than 80 percent of large organizations employing a CISO, we wanted to interview CISOs across a wide-array of institutions, with varying certifications and backgrounds. This month’s featured CISO is Theresa Semmens of North Dakota State University (NDSU).

Theresa Semmens CISO North Dakota State University Silverbull
Photo Courtesy of Theresa Semmens

Theresa Semmens has worked at NDSU since 2003 and has worked in information security for over 14 years. During her career, Semmens served five years on SANS’ Higher Education Board and has been an active member of EDUCAUSE, a nonprofit dedicated to the advancement of higher education through information technology. Aside from being involved in various infosec committees, Semmens has given countless lectures and presentations on various topics about the industry.

Apart from her strong interest in computer information systems, what drew Semmens to a career in information security was her interest in human behavior.

“Without the human element, there would be no need for information security,” Semmens notes.

By pairing her two interests, Semmens found a career she finds “challenging, invigorating, rewarding and frustrating at times,” but enjoys the fact that no two days on-the-job are ever the same.

For Semmens, one of the accomplishments that she is the most proud of is employing NDSU student security analysts to assist with the day-to-day IT security functions around the office while preparing the students for successful careers in cybersecurity.

“Two of the four individuals that we have hired, have been hired into full-time information security positions with well-known companies. The companies have been impressed with the student’s knowledge and experience,” Semmens notes.

For professionals looking to advance their careers in the cybersecurity industry, Semmens offers the following advice on what it takes to be a successful leader and how to develop the necessary skills to be an effective leader.

How do I know if I would enjoy managing vs. doing?

You need to determine within yourself if you like to guide, encourage, coach and direct, or if you would “rather do it yourself.”  Are you a visionary? Do you have a broad overall picture that you can contribute to the company? Know who you are and what your preferences are. If you are not comfortable providing guidance and direction and dealing with the bigger vision of the department or division, you may not be suited to leadership.

My advice to those looking to become leaders is to develop a vision – determine and visualize where you want to be in the next two years, next five years, and next ten years. Develop a plan of action that is strategic – determine what you will need to do and accomplish to reach those milestones. Be willing to adapt and detour – life will throw up barriers! Those detours and barriers will be your best life experiences to learn from.

How do I know if I would make a good IT manager or if I am more ideally suited for coding, UI and technical work?

  1. Do you like working with people?
  2. Do you like to teach others skills?
  3. Are you often asked to be a lead on teams?
  4. Are you comfortable being in front of and speaking to groups of people?
  5. Are you comfortable with scrutiny, contention and conflict?
  6. Are you good at resolving personality differences?
  7. Are you forward thinking and a visionary?
  8. Do you see the big picture and not just the details?
  9. Do you have an ethical mindset that is critical for a successful CISO?

If so, you may have the talent and skill set to serve as a manager. On the other hand, if you don’t like doing a lot of the items mentioned above, you might be better suited to a technical profession where you don’t have to deal with “people” issues. If you are good with organizational behavior, you will most likely be well suited for management.

What does it take to be a successful IT manager?

To be successful in leadership, you have to have a genuine interest in the human factor. Leadership integrates the “technical” with the human and social aspects of technology. It is the nexus between your workforce and executive leadership. It is how you meld your vision and forward direction into what fits and blends with the business vision, mission and objectives of the company. It is about creating the best environment possible for your staff to be productive and effective.

To do this, you need to be genuinely interested and concerned about people, who they are, how they work and what their expectations are as well as yours. It is relationship behavior and the soft skills needed to lead. Often managers focus on the personality and not the problem! Great managers and leaders lead by example and inspiration. They give credit and recognition to those who have earned it. They coach and guide those with potential to build up confidence and self-esteem to create a sense of worth and high morale in their teams and staff.

How do I develop the skills I need to be an effective leader?

For those who are interested in moving into a leadership/management role, you have to demonstrate that you are interested and willing to serve in those roles. Seek out opportunities within your department or division where you can highlight your leadership skills. Some suggestions include:

  • Volunteering to lead a small team that is serving on a section of a large project. While serving as a lead on that team, do you naturally encourage and support your team members to be innovative and creative? Do you offer constructive praise and criticism?  Are you diverse and ensure that all members have the same opportunities or encourage them to take all opportunities afforded to them?
  • Work with an intern to help grow them in the skills they are trying to acquire for their chosen vocation. This is actually a great way to learn about management, because in this role you are serving as a guide, coach, teacher, leader, confidant and mentor. You will be working not only with teaching the intern the skills they need, but also how to learn and navigate the environment, culture and climate of the company.
  • Take professional development courses or college courses on leadership and management.
  • Visit with your director – let them know your intentions.  A good director will work with you to help point out what you need to do to take the next steps into a leadership role. Advanced degrees and certification can be beneficial in obtaining your goals towards leadership. Both help to demonstrate that you are a continuous learner and want to further your knowledge and expertise.
  • Don’t be afraid to search for opportunities outside of your workplace. If you belong to professional organizations, volunteer to serve on committees and work groups. This gives you the ability to network with others within your field, which will provide you opportunities for growth and development. I have been involved with EDUCAUSE, a nonprofit association for IT leaders and professionals committed to advancing higher education, for the past several years. Through my involvement with EDUCAUSE, I have been able to lead workgroups, serve and co-lead a program committee.
  • Handling crucial conversations and conversations involving contention and disagreement is a required skill. Crucial conversations can include anything from campaigning for new needs that require an increased or additional budget to handling a dispute between two key talented staff members. Those conversations need to be multi-lingual. You have to learn to speak the varied languages within the business – accounting, marketing, sales, etc. Talk to them in their language, terms, or a story they can understand and assimilate. Most importantly, learn how to deliver a message that might have negative connotations in a positive format and tone.


Interested in learning the in-and-outs of the cybersecurity industry from senior level professionals? Then check back for our next CISO feature article coming soon.

Last month’s featured CISO: Virginia Tech’s CISO shares how the main threats and dangers universities face from hackers.

Salary Isn’t Everything: One Company’s Secret to Hiring Passionate Techies

Is it possible to build a cybersecurity consulting company with top talent AND make a difference in the lives of others?

According to Jamie Miller, CEO and President of Mission Multiplier, the answer is simply, “Yes!” Miller, who has worked in the cybersecurity industry for 12 years, launched Mission Multiplier in 2014. He was interested in assembling a sophisticated and stellar team to deliver innovative and smart cybersecurity solutions to clients. But he was equally motivated to launch a business destined to provide a meaningful connection to the community and clients he served.

We recently caught up with Jamie to learn more about his innovative approach to recruiting and retaining talented employees.

Jamie Miller Mission Multiplier Silverbull
Photo Courtesy of Jamie Miller, CEO and President of Mission Multiplier.

What’s unique about your business model?

A percentage of our profit is directed to a local charity of each employee’s choice. In essence, our employees are not just working for me. They are working for something bigger than themselves, something personally important to them. In this way, each employee is incentivized to not only support their client’s mission, but also their own personal mission.

The mission of our local community in Huntsville, AL is further served through the convergence of missions – Multiplying the positive impact a person and organization can have on the community. In this way, each person and organization involved becomes a Mission Multiplier.

How did you decide to make giving back part of your business?

When I was newly married I was working 80 hours a week for a large consulting company. Soon after our first son was born, my boss appointed me to take the lead on a very high profile project which would require coming in on most Saturdays and Sundays. I was flattered. But I was also exhausted caring for our newborn. I told my boss I just could not commit to this type of project right now. He wouldn’t take “no” for an answer which resulted in my feeling overwhelmed with work and disconnected from my family and my community. In fact, I wasn’t inspired to do my best because my company was not supporting me in my quest for work-life balance. I told myself that if I ever started my own company, I would value my employees both inside and outside of the office.

Has offering a personal charitable component enhanced your talent pool or hiring process?

At first I didn’t realize the impact this altruistic aspect of our business would have on recruiting new hires and elevating employee morale. Giving back was just something I believed in and wanted to do for my community. The first time I realized this unique feature of our business raised the stakes in our recruiting was when two or three of our new hires told me they had turned down higher paying offers from bigger companies. They cited the opportunity to make a difference in others’ lives as being a key factor in choosing between job offers. It’s humbling to know A+ talent is choosing to join Mission Multiplier over well-established and higher paying companies.

How do you identify job candidates who share your values?

I believe recruiting sets the tone of our corporate culture. When I share our story with prospective hires and emphasize how giving back is woven into our company’s culture, it’s very easy to determine if our philosophy resonates. Facial expressions and body language speak volumes. Also quite revealing is the first thing a candidate says or asks after I relay our story.

And I always probe candidates about their personal passions and pursuits to discover how they spend their time outside of work. Why? It’s more important to me to hire a critical thinker who is passionate about something outside of work. Cybersecurity changes very fast. If I hire someone to write a particular code, the language may be obsolete in a year. I need to know if the person can think on his/her feet and find solutions to complex problems. And if a person is fervent about an activity or a cause, I believe their passion fuels them on and off the job.

Jamie Miller Mission Multiplier Headshot | Silverbull
Photo Courtesy of Jamie Miller, CEO and President of Mission Multiplier.

Why should employees care about identifying their personal values and working for a company which aligns with those values?

You spend a good part of your life working. And the company you work for inevitably becomes an extension of yourself, or a multiplier of who you are. If your values and your company’s values do not align then you will disengage from your work and feel resentment towards your employer. Chances are your performance will suffer. On the other hand, when you feel valued as a professional and as a person you will strive to succeed on and off the job and deliver your best.

Once someone figures out their personal values, how do they determine if my his or her prospective employer shares those same values?

Do your research before, during and after the interview to garner different perspectives about what it’s like to work for the company in question. Before the interview, visit sites such as Glassdoor, Career Bliss and Vault to determine how current (and past) employees feel about working for the company.

During the interview, ask thoughtful questions to ascertain the corporate culture.

  • What makes you proud to work at this company?
  • How does the organization support your professional development and career growth?
  • How are decisions made when there’s disagreement and stakes are high?
  • Titles aside, who in the organization has the power to gets things done?
  • What are some of the ways the company celebrates success?
  • How do you as a manager—or, if more appropriate, how does your manager—support and motivate your team?

After the interview, identify if anyone in your LinkedIn network works for or has worked for the company and if your connections can introduce you to a current or former employee. Grab a cup a coffee with them to hear their perspective on working for the company.

What do you think of converging cybersecurity consulting and goodwill? Can these two interests be combined successfully?

How Much Does Your C-Suite Know About Cybersecurity?

Using Cybersecurity Awareness Presentations in the C-Suite

Remaining competitive in today’s complex business environment means organizations must focus on a greater number of challenges than ever before. One of the most important challenges companies face is the threat posed by cyber-attack, cyber-espionage, exposure of sensitive data or other information security breaches.

While previous generations of C-level executive leadership teams have been tasked with general security administration and responsibilities, the cybersecurity challenges faced today require a more detailed knowledge of complex IT functioning than most executives possess. There’s no doubt C-Suite leaders are acutely aware of recent high-profile cyber-attacks, but usually just the general information provided by media reports. In other words, light on detail and analysis.Cybersecurity Awareness for C-Suite Executives | Silverbull

Cybersecurity awareness is something that the C-Suite needs to be educated on. Executives and corporate directors need to be made more aware of the actual information security risks their organizations are facing and develop a strong cybersecurity strategy. This includes providing them with information such as:

  • Specific exposures and risks faced by the organization
  • What today’s cybersecurity landscape looks like
  • Strategies and approaches for meeting cybersecurity challenges
  • How to incorporate the cybersecurity strategy into all business decisions
  • The risks associated with doing too little or nothing at all

Learn How to Speak Their Language: Effective Cybersecurity Strategy Presentations

With all of the organizational responsibilities executives face, we must remember cybersecurity is just one of many they are held accountable for. That’s why as security professionals and analysts, we play such a crucial role in ensuring the executive team is kept informed. However, we need to keep in mind that executives and directors are oriented toward business risks, of which cybersecurity risk is just one component. That is why it’s up to us to present the relevance and context of the risks we assess.

If an organization is large enough to have a CSO, CISO or someone in a similar role, then chances are good the entire management team is better informed. However, all security professionals on the team have a responsibility to bring forward their assessments and to educate executives on the threats in the most effective way possible. To that end, here are 3 things to keep in mind when making cybersecurity awareness presentation to executives:

  1. When a data breach is in the news, take the time to put it in the context of your organization. A report to executive management detailing what occurred and the risk of the same type of attack happening to your organization is a great approach.
  2. Cybersecurity should be as much a business driver as financial and legal issues are. Take every opportunity to provide a cybersecurity perspective to your executive leadership team.
  3. If your organization doesn’t currently have a prepared cybersecurity incident response plan, then present this to executives as a critical business necessity.

A cybersecurity breach can be devastating to an organization, both financially and in terms of business reputation. Cybersecurity preparedness can lower the risks to an organization, and it can reduce the potential damage of any cyber-attack that does take place. Ensure your executive team is aware of the risks, how to address them, and how to respond in the case of a cybersecurity breach.

Follow us on LinkedIn and Twitter for more tips on cybersecurity awareness.

10 Biggest Data Breaches of 2015: Why They Matter

Discover the importance and impact data breaches have on both companies and consumers alike.

It’s no longer “if” — it’s “when.” The reality is organizations are experiencing more data breaches from hackers. The threats are increasing and the “bad guys” are finding new and better ways to attack systems. The Identity Theft Resource Center has identified at least 781 data breaches in 2015. The “Business” category experienced the most security breaches, accounting for 40% of the total breaches, with the healthcare industry not far behind it, accounting for 35.2% of the breaches.

10 of the biggest data breaches of 2015

  1. 10 Biggest Data Breaches of 2015 | SilverbullCareFirst BlueCross BlueShield
    • Breach – Occurred in May 2015. The attackers gained access to more than a million consumers’ personal information.
    • Why It Matters – The healthcare industry is very behind on the cybersecurity front; it’s time for the industry to up its game.
  2. Kaspersky Lab
    • Breach – The attack was detected in its early stages in June 2015. The hackers were targeting some of Kaspersky Lab’s new technologies. Kaspersky Lab does not believe that any of their clients’ or partners’ information was compromised.
    • Why It Matters – Kaspersky Lab is one of the largest anti-virus and information security software firms. It’s very dangerous if any of their information gets compromised, because it could affect people who are using their products for protection.
  3. 100 Banks in 30 Countries
    • Breach – In February 2015 Kaspersky Lab released a threat report, announcing that a banking cyberheist had occurred in banks across 30 countries; the criminals made off with $1 billion.
    • Why It Matters – In the report Kaspersky Lab states that these banks were compromised for 2-4 months before the criminals took the money. Banking institutions need better alert systems to find breaches quicker.
  4. Harvard University
    • Breach – The security breach was announced in July, but Harvard waited awhile to announce the breach because they did not want to compromise the efforts being made to secure the system. The University does not believe personal data or research was exposed.
    • Why It Matters – Colleges and universities store some very sensitive information and can be easy to compromise due to students opening malware emails or not having strong passwords and are difficult to protect due to BYOD.
  5. LastPass
    • Breach – In June 2015, the company announced that they noticed some unusual activity on their network. While no one’s password vault were accessed or stolen, some email addresses, password reminders and other systems were compromised. It could have been a lot worse than it sounds.
    • Why It Matters – LastPass has the option for multi-authentication for accessing vaults, this option should be set up for the ultimate security measure, so even if someone does hack their systems again there are other ways to stop them from accessing your account.
  6. Anthem
    • Breach – In February 2015 it was announced that the 2nd largest healthcare insurer in the U.S. had experienced an attack. The hackers were able to access former and current customers’ and employees’ data. While they did not access credit card or bank information, they did have access to social security numbers, street and email addresses, etc.
    • Why It Matters – Further proof that the healthcare is being increasingly targeted by cybercrime and needs to have better cybersecurity measures in place.
  7. biggest data breaches 2015Office of Personnel Management
    • Breach – In the Summer of 2015, the OPM announced that 21 million former and current government employees’ personal data were stolen during two security breaches. The stolen data includes Social Security numbers, addresses and 5.6 million fingerprints.
    • Why It Matters – This hack was bad, but the recent revelation of the fingerprints make it even worse. As this article states, fingerprints cannot be changed, and they are becoming a more common security measure over passwords these days.
  8. VTech
    • Breach – In early December it was announced that 4 million kids’ data were exposed when the tech toy company was hacked. The information that was stolen were children’s names, dates of birth, and user information on their parents who set up the accounts (passwords, mailing address, etc.)
    • Why It Matters – It is a wake up call for the general population that online data is not safe.
  9. Experian/T-Mobile
    • Breach – Experian experienced a breach from Sept. 1, 2013 to Sept. 16, 2015; they run credit checks for T-Mobile and the breach has affected 15 million T-Mobile customers. Personal data such as birthdates and Social Security numbers were stolen.
    • Why It Matters – Companies need to be conscious of the security policies of their vendors as well to avoid security hacks like this one.
  10. IRS
    • Breach – According to CNBC, the breach is affecting up to 334,000 victims. Their past tax returns, Social Security numbers and other personal pieces of information are compromised.
    • Why It Matters – The hackers can file for your tax return and claim you money.

These are a few of the biggest data breaches of this past year. Security breaches are becoming more and more common as hackers become smarter and try new tricks. Over the past year companies have realized that they need to increase their information security efforts. They are looking to hire skilled cybersecurity professionals and are having trouble finding them due to a skills gap in the industry. It will be very interesting to see what the new year brings for cybersecurity industry.

Follow us on Facebook or LinkedIn for more cybersecurity news!

5 Surprising Statistics and Recent Cybersecurity Hiring Trends

What does 2016 have in store for cybersecurity hiring trends?

Cybersecurity Hiring Trends in 2015 | SilverbullCybersecurity hiring trends are constantly changing because the market is constantly changing. The skills gap is increasing as the demand for skilled cybersecurity employees increase, which presents an enormous challenge for the industry.

Many companies are starting to realize that security breaches are a huge threat to their business; especially in the finance, healthcare and retail fields. These industries are now scrambling to hire and create a strong cybersecurity team.   According to Burning Glass, over the past 5 years, the finance industry has seen an increase of 137% in the demand for cybersecurity workers. Healthcare was not far behind with a 121% increase in demand and retail with an 89% increase.

Key Hiring Trends In Cybersecurity

In addition to an increase of the demand for cybersecurity employees, there have also been other hiring trends that have affected the industry.

  1. Companies are seeking not just cybersecurity professionals, but ones that come with qualifications; a cybersecurity certification is required for 35% of the jobs in the field.
  2. Employers are also seeking professionals who are educated. Over 80% of industry’s job postings require a Bachelor’s degree and 3 years of experience.hiring trends in cybersecuriyt
  3. Hands-on employees’ salaries are starting eclipse management’s salaries. According to this Dice report, the average salary of a Lead Software Security Engineer is $233,333, while a Chief Security Officer’s is $225,000.
  4. Cybersecurity openings are harder to fill. These openings tend to be open 8% longer than IT jobs in general. Additionally, companies seeking employees with security clearances (10% of cybersecurity jobs require one) or financial experience are really struggling to find the talent they need.
  5. There is a gap in the younger generation’s knowledge and interest of the industry. Computer science classes are not offered to 64% of high school students in the U.S. This struggle is prevalent among women, who are lacking in the field already.

Cybersecurity is a component of our world that is becoming more and more important each day. Hiring trends in cybersecurity will continue to change as the industry continues to rapidly grows.

Check out our article highlighting 3 statistics about women in cybersecurity that show it’s time for a change.

9 Perfect Holdiay Gift Ideas for Techies

Stumped at what to get the techies in your life? Don’t worry, we’ve got you covered!

Techies are some of the hardest people to shop for during the holidays. But you can’t leave your tech-minded friends off of your holiday shopping list. Not to worry. We’ve got you covered with our Holiday Gift Guide for Techies.

The Keyboard Waffle Iron

Eureka Moment: Back in college, Chris Dimino was working on an assignment to re-purpose an old Smith Corona typewriter. After looking at the keyboard for a long time, trying to think of what he could turn the typewriter into, Chris noticed how the keyboard pattern resembled a waffle.gifts_for_techies_waffle_iron

Perfect Gift for Techies: The QWERTY-inspired Keyboard Waffle Iron (KWI) is the most unrivaled amalgamation of technology, design and breakfast food. It’s made of die-cast aluminum with heat-resistant handles. And it’s wireless, only requiring heat from a stove top to turn batter into an edible keyboard with dimples of varying sizes, including a space bar! And if you still don’t think the techie in your life will appreciate this gift, then perhaps the company’s tagline will convince you: CTRL+ ALT+ DELicious!

Customer Confession: Chris acknowledges the best part about creating this product has been hearing from consumers. Customers have sent in photos of their KWI breakfast creations covered in syrup, sprinkled with powdered sugar or topped with eggs. One customer who was so proud to find and give the KWI to his gadget-obsessed friend actually video recorded his friend’s priceless reaction to opening the box and shared the video with the KWI team.

USB Flash Drive and Wifi Hotspot Cufflinks

Eureka Moment: Known for crafting and producing cuff links in all shapes (robots and martini shakers) and materials (metals, gems and silk), was eager to develop products that went beyond the well-dressed man. Using James Bond for design inspiration, especially the spy’s use of one-of-a-kind gadgets, the team focused on augmenting the functionality of ordinary cuff links. According to Paul Song, the company’s President, “It felt very powerful to be able to hold thousands of documents on your wrists, especially for traveling business men.”cufflink gifts for techies

Perfect Gift for Techies: Thanks to the growing popularity of wearable technology, buying a gift for the gadget-obsessed man is easier than learning how to code. USB Flash Drive Cufflinks combine form and function.  At least one set offers more than 16GB, which is more storage capacity than the first iPhone. And wait there’s more! also sells a pair of polished silver cuff links with 2GB USB of storage and access to a Wifi hotspot. After downloading the accompanying software and popping the USB hotspot into your computer, high-speed wireless internet is at your service courtesy of your cuff links.

Customer Confession: With all eyes on you, dancing your first dance as bride and groom can be nerve-wracking enough. But what if you chose an antiquated song and neglected to ask your DJ if he owned that oldie prior to your special day? This happened to one groom who ‘saved the first dance’ thanks to wearing his USB Flash Drive Cuff Links to his own wedding! Phew!


Eureka Moment:   With more and more parents working outside of the home and extended families scattered all over the globe, founders Gauri Nanda and Audry Hill identified a need for kid friendly digital communication for techies toymail

Perfect Gift for Techies: While we grown-ups covet our digital possessions and can’t live without them, some of us are wary of giving our tech-innocent kids an iDevice too soon. The cute little wifi-enabled Toymail mailmen and accompanying app make it safe, fun and easy for parents and kids to send voice messages back and forth. Just imagine how excited your child will be when their Toymail mailman snorts, or wheezes to let them know they have a new message!

Customer Confession: It’s not surprising to hear Toymail customers use the device in very creative ways. Several military families use Toymail to communicate with loved ones back home and at least one family has shared using Toymail to stay in touch with Santa and his elves in the North Pole.

 FLIGHT 001’s Seat Pak Pro

seat pak pro gifts for techiesEureka Moment:   Like many products, the Seat Pak Pro was invented out of necessity. Business travelers have grown accustomed to packing a variety of devices and creature comforts to make life-on-the-road more enjoyable and more productive. However, traditional duffels and purses often turn into “black holes of tangled chaos,” making it difficult to locate one’s ear buds, boarding pass, neck pillow or USB drive in a flash! The new Seat Pak Pro from Flight 001 keeps you and your gadgets organized from takeoff to landing.

Perfect Gift for Techies: Here a well-known fact. Tech professionals like to stay connected and comfortable while travelling. The Seat Pak Pro is perfect for toting your cell phone, tablet, device chargers, headphones, neck pillow, eye mask, gum, passport, boarding pass, a pen and more. Best of all, the Seat Pak Pro has a loop to hang it on the seat in front of you for instant and frequent access.

Customer Confession: The original Seat Pak is one of Flight 001’s best-selling products. In fact, many customers refer to this product as a “life saver” posting photos on social media of this pocket “full of plenty” in use. Currently there are no reports of how many miles the Seat Pak and Seat Pak Pro have accumulated but our guess is at least platinum level.


Eureka Moment:   During high school and college, John Gattuso was the go-to person when friends and family had car troubles. John would walk them through the steps to diagnose the issue and more often than not, his automotive knowledge fixed the problem. Although John had no interest in pursuing a career in automotive mechanics, he liked being known as “The Car Guy.” But John wondered how his friends solved their car woes when he wasn’t available.

Perfect Gift for Techies: Talented techies work around the clock and stay up late, leaving little time to decipher various flashing warning lights that unexpectedly pop up on the car dashboard. The FIXD sensor plugs into your car and connects to the FIXD App (downloaded to your smart phone) via Bluetooth. Once installed, FIXD understands and shares the essentials: the severity of the problem, the consequences of continuing to drive the car with the malfunction for a few days or the level of urgency to repair the problem. FIXD even provides reminders for regular maintenance services to keep your car running in perfect condition thereby extending the life of your vehicle.fixd gifts for techies

Customer Confession: In order to test the app on different car models, FIXD founders did everything they could (e.g. Craigslist ads, standing in parking garages) to find people whose cars currently displayed check engine lights or other warning indicators. This led to meeting some very interesting characters and engaging in unexpected conversations. One beta tester was so ‘blown away’ by FIXD’s capabilities, he offered his resume on the spot, hoping to join the FIXD team! Now that’s networking overdrive!


gifts for techies fitdeskEureka Moment:   Imagine training for a 100 mile bike ride on a stationary bike, several days a week for six months. Feeling boredom set in? Wishing you could work on your computer or play video games to pass the time? That’s what Ryan Moore discovered when he stopped by his friend’s house one afternoon. Steve Ferrusi (Ryan’s current business partner) looked rather awkward training on a road bike in his living room with pillows taped and stacked on the handlebars. This DIY configuration enabled Steve to lean forward and play video games instead of watching the clock.

Perfect Gift for Techies: Ryan Moore believes The Fit Desk is “perfectly designed for techies.” He notes, “most tech jobs are sedentary keeping you deskbound for hours at a time. Our product incorporates fitness and exercise into the work environment without modifying current routines.”   The Fit Desk is the focus of several university studies and the initial findings will appeal to anyone who feels tethered to a desk or computer.   In addition to obvious health benefits, research suggests adding light exercise to your day enhances productivity, focus and information retention.

Customer Confession: Steve and Ryan initially developed The Fit Desk to appeal to cyclists interested in multi-tasking. The duo had no idea employers such as Facebook and Google would approach them to outfit their offices to support workplace wellness initiatives. Soon schools expressed interest in The Fit Desk to help kids focus and reduce behavior issues. But the most gratifying story comes from an overweight (300 lbs.) law school student living in New York City. With little time to exercise and extremely small living quarters, this student rode The Fit Desk for 90 minutes a day while studying for the bar. In 11 months, he lost 45 pounds and reached out to Ryan to thank him personally.


Eureka Moment:   Frustrated by missing cell phone calls and texts because her phone was buried deep in her purse, Christina Mercando d’Avignon, Founder and CEO of Ringly, thought, “what if I could make jewelry smart?” It turned out her friends complained about the same problem. And while placing your cell phone near you on a desk or table seems like THE solution, Christina’s friends expressed the need to stay connected without coming across as disconnected during business lunches and meetings.ringly gifts for techies

Perfect Gift for Techies: Techies actively seeking ways to integrate technology into all aspects of their lives will covet this little gem. Adding fashion to function, Ringly’s smart jewelry lights up and vibrates, keeping you effortlessly connected to things that matter most. Strapping a small screen to your wrist is one way to go, but thanks to Ringly, slipping a smart and stylish piece of jewelry on your finger is more fashionable and less offensive to those interacting with you.

Customer Confession: Ringly has definitely rung with professional women. Customers often comment feeling relieved from constantly checking their smart phones and being able to focus better at work and in meetings.   One Ringly adorner mentions her ability to tune out erroneous interruptions especially when clients demand 110% of her attention, lest they take their business elsewhere.


Eureka Moment:   Walt Augustinowicz is the founder and lead technology innovator of ID Stronghold. Armed with a degree in engineering and tech experience, Walt grew concerned when he learned the interaction with an RFID chip embedded in a card was wireless, meaning no contact with the card was necessary to obtain its information. For an RFID enabled card (loaded with personal and sensitive information) to transmit its data to a card reader, close proximity is all that was needed. Thus anyone armed with a reader could take the data from the card without the card owner even knowing. In fact, his company coined the term, ‘electronic pickpocketing.’

gifts for techies stronghold walletPerfect Gift for Techies:   Even entry-level techies know RFID chips are ever-present in our daily lives. From credit and debit cards, to driver’s licenses, passports, tap-and-go pay cards and keyless entry cards, we are easy targets for scammers. Giving an RFID wallet to anyone (techie or not) is a smart gift that keeps on giving… protection and security. No need to worry about anyone returning or re-gifting this present because the risk and fear of identity fraud is real and frightening.

Customer Confession: While many customers purchase Stronghold ID Wallets as a precaution, just as many people buy the products as a result of experiencing ‘electronic pickpocketing.’ One couple expressed their eternal gratitude to Stronghold after the husband’s debit card had been compromised and the thief successfully withdrew $1300 out of their checking account before the bank even noticed!   Now they confidently carry their RFID chip embedded cards in a Stronghold RFID protected wallet or purse.


Eureka Moment: Despite all of the note-taking and to-do-list apps available, Richard Moore felt “stuff still wasn’t getting done.” Being a little old-fashioned, Richard believed the only way to “keep things top of mind, was to write them down on a Post-It® and stick it on my phone.” Turns out Richard wasn’t alone. He noticed other people were doing the same thing.paperback gifts for techies

Perfect Gift for Techies: Online, offline. Tech or analog. If the tool makes you more productive and easily fits into your current lifestyle, then does it really matter how conventional the solution is?   Richard admits there is a bit of irony in creating and selling a low tech product such as Paperback designed for smart phones but he still maintains it’s easier to jot something down on a sticky note and more satisfying to cross off a completed task with real ink.

Customer Confession: If you want to see what people really write and draw on their Paperback pads then just Google #paperbackdoodles!


Women in Cybersecurity: 3 Statistics That Show It’s Time For a Change

Why aren’t there more women in cybersecurity?

Gender gap issues have been a hot topic for many industries lately. Whether it be pay gaps in Hollywood, or the lack of women in the cybersecurity and IT industries, it is a growing issue and people are calling for a change.

The IT/technology field has been a heavily male-dominated industry for many years. Women in technology fields have to overcome stereotypes, pay gaps and gender gaps to get into higher level positions in the industry. Check out these three statistics that highlight the issue:

  1. A recent Reuters article stated that in the Bay Area alone, more than one third of the 223 largest publicly traded companies in the area lacked women in top positions, with either having just one or no women in a high-level role.
  2. The number of women in cybersecurity is even less. A report sponsored by ISC2 and Booz Allen Hamilton found that in 2013 women made up just 11 percent of global cybersecurity workforce and only nine percent were in senior leadership roles.
  3. The cybersecurity gender gap is growing. The current burgeoning workforce is not leaning towards careers in cybersecurity, and the ones who are, are tend to be men. Raytheon and NCSA’s annual cyber study found that 52 percent of women “felt [that] no cybersecurity programs or activities were available to them”.

Cybersecurity: Recruiting Women

Many are coming to realize that this is an issue, and that women need to be more represented in the information security to keep up with the growing lack of talent in the industry.

Cybersecurity recruiting needs to focus on attracting and retaining women in these positions. ISC2 released their “Women in Security: Wisely Positioned for the Future of InfoSec” report, which states that new hires in cybersecurity should be paired with a mentor and recommended that companies adapt their training programs to focus on retaining women employees.Women in Cybersecurity Working

Additionally, information security’s current “military” wording, could deter women from entering the field. Cybersecurity has always gone hand-in-hand with the military, hence the verbiage. But in 2013 only 14.5 percent of the military’s active duty were women. While this is not a clear reason as to why women are not more attracted to the field, it could play a role.

Organizations are now focusing their security recruitment and training to include women. The SANS Institute launched the CyberTalent Immersion Academy for Women in October 2015. This will help women, “fast-track their careers in the cybersecurity field.”   Companies are starting to realize the need to invest in training for their current and future employees.

SilverBull can help you with your security recruitment needs and we can help you find women who are interested in cybersecurity careers. Visit our site to learn more.

Cybersecurity Agreement with China

Cybersecurity has been been a hot topic in Washington recently. The Cybersecurity Information Sharing Act (CISA) has been introduced to Congress and has passed the Senate Intelligence Committee on March 12th, 2015.

Additionally several government agencies have experienced security breaches, including the Office of Personnel Management. The OPM’s breach is said to have affected 21.5 million people.

Some believe that China is behind many of these attacks on government’s systems and of U.S. commercial organizations.

Crowdstrike CEO, George Kurtz, told USA Today that his staff can tell when they are dealing with attacks from China. For example, the attacks occur during China’s business hours and they target “intellectual property the Chinese are known to be deficient in.”

China’s President, President Xi Jinping recently visited the United States and met with President Obama. The two Presidents came to the agreement that neither country will commit “cyber economic espionage”.

During a joint press conference, President Obama said, “I raised, once again, our very serious concerns about growing cyberthreats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on a way forward.”

While the agreement has been reached, President Obama also expressed some hesitation. He said, “The question now is: Are words followed by actions?”

The President is not alone in his hesitation; many others have also expressed concern.shutterstock_196161578 copy 2

Joseph Steinberg, CEO of SecureMySocial wrote a list of “10 Issues With the China-US Cybersecurity Agreement” for Inc.

Some of the issues that Steinberg highlights are:

  • The agreement still allows hacking for “government on government spying”.
  • No standards are defined or clarified in the agreement. Steinberg writes, “What is considered hacking, and what is considered acceptable activity?”
  • Hacking can still occur on individuals and businesses as long as it is not for commercial gain.
  • There is nothing enforcing either country to stick to the agreement.

Despite people’s concerns, many agree this agreement is a step in the right direction for cybersecurity in the United States.






Government Cybersecurity Information Sharing Act (CISA)

Learn about the government’s latest bill,CISA, which aims to solve cyber crime.

The Cybersecurity Information Sharing Act (CISA) was first introduced to Congress in 2014, and has been re-introduced again in 2015 during the 114th Congress. The bill has passed the Senate Intelligence Committee, but not much has happened with the bill since.

The bill is aimed at making it easier for companies to share security threats with the federal government. If made into law, CISA would not require the sharing of information, but it would create a system for federal agencies to receive security threats from private companies.

There has been a very active debate on this bill. In mid-September 2015 many of the top tech companies sent a letter to legislators in support of the bill’s efforts. These companies include, Adobe, Apple, IBM, Microsoft, Oracle, Salesforce and Symantec.Cybersecurity Information Sharing Act CISA | Silverbull

Several of the companies have spoken out and said they do not necessarily support the specific bill, but they support “stronger cybersecurity protections in general”.

Despite the support for some kind of cybersecurity legislation from some of the top companies in the industry, many companies are opposed to the bill because of privacy concerns.

Fight for the Future has developed a large campaign in opposition to the bill. Fight for the Future’s goal is to: “build a grassroots movement to ensure that everyone can access the Internet’s many resources affordably, free of interference or censorship and with full privacy.”

They have a website called,, where you can send an email to the above mentioned companies, about how they’ve betrayed their customers for signing the letter. On their first day alone, they sent out 15,000 emails to the tech companies.

Because of this backlash, the CEO of Salesforce has since come out and said he does not support CISA, and it was a mistake to sign the letter.

Fight for the Future believes that there should be cybersecurity legislation, but it should be fair. These are the issues that they have with the bill:

  • The bill offers private companies immunity for privacy and anti-trust laws, to allow information to flow freely. This can include user-information, which the government would now be able to access without any warrant.
  • The data being shared is not going to just one agency; it can be shared with the FBI, the IRS and all the way down to local law enforcement.
  • If a criminal violation (i.e. money laundering) were exposed/committed while sharing the cybersecurity data, companies would be granted immunity.
  • The bill allows companies who have shared data with the government, to access classified information from government agencies. This can include what would otherwise be private information on their competitors.

Many are in agreement that some sort of cybersecurity legislation needs to be passed. It is a growing and prevalent threat to our nation’s security. However, is the CISA the best way to protect ourselves?

Why the Video Interview is the Latest Hiring Trend

Learn why are companies turing to the web-based video interview.

Many companies are turning to the video interview for their hiring needs. Some companies are having video interviews take the place of initial phone interviews. Speaking virtually face-to-face with candidates, can give an interviewer a better understanding of the candidate. By doing a video interview as a first round interview, it can help the hiring team further narrow down who will make it to the second round of interviews, more so than a phone interview.

While many are using the video interviews as the first round of interviews, some organizations are also using it in place of an in-person interview. Companies are turning to this option because doing a video interview it can speed up the hiring process, sometimes by even two weeks.The Video Interview | Silverbull

In-person interviews can take awhile to schedule, the candidate needs to take into account travel time, and they typically last longer than a video interview. A video interview can typically be scheduled quicker and that can speed up the process.

There are several different types of video interviews that employers now conduct, the first being a standard Skype or Facetime call. These technologies are something that most candidates and employers have access to already and they are free to use for one-on-one video calling. The downside to these types of interviews is that they are not always easy to record. Skype currently does not have a built-in recording feature and Facetime does, but not everyone has Apple products.

Many companies like to record video interviews to get feedback from other team members, who may not have been involved in the actual interview. Because of this, many companies have turned to other technologies. Some employers will send a candidate a program where a questions pops up that they are expected to answer. Candidates have an allotted time to review the question, compose an answer, and then the program starts recording them. This type of interview is typically done as a first round interview, it does not require an interviewer to be present and it allows the candidate to do it at a time that is convenient for them.

Other technologies allow a company to conduct a virtual face-to-face interview, like Skype, but they are still able to record it. Some of these platforms also allow multiple people to join in on the interview as well. PC World gives a good overview of the some of the better interviewing platforms out there. Their list includes, Interview4, Montage, InterviewStream, Jobvite and Zoom. Hirevue is another very popular service.

Video interviews are quick, efficient and cost-effective, but not everyone has the best experience with them. According to Business News Daily, video interviews puts barriers between candidates and employers, that are not there during in-person interviews, making both the candidates and interviewers come-off as less likable.

In the end, there are pros and cons to conducting video interviews in place of phone or in-person interviews. Organizations need to evaluate all the different interview processes and options and find what works best for them.

Discover the latest cybersecurity hiring trends in our article “5 Surprisingly Statistics and Recent Cybersecurity Hiring Trends.”

Increase in Entry-level Cyber Security Jobs for Recent College Graduates

Entry-level cyber security jobs are in demand.

Cybersecurity is a hot industry right now that is rapidly expanding. Companies are having trouble filling their mid and senior level roles, and many are not focused on their future. Organizations need to create succession plans to avoid having giant holes in their workforce down the road when the baby-boomers retire. However, some companies are starting to develop more entry-level cyber security jobs, giving recent college graduates the chance to jump into this growing industry.

Even though entry-level cybersecurity jobs are becoming more popular, there is not much variation in the types of jobs offered to recent college graduates. The cybersecurity industry has many different roles and positions available, but for entry-level positions, companies are offering basic Security Analyst-type roles. Though there is a slight range in the titles used (ex. Security Analyst, Security Specialist, Cybersecurity Engineer, Information Security Analyst), but most of the jobs have similar responsibilities.

These generic entry-level jobs allow recent graduates to break into the industry. Most roles are looking for candidates with a cybersecurity degree, or another IT related degree, strong technical skills, an understanding of software development and some hands-on experience through internships or their coursework.Increase in Entry-level Cyber Security Jobs | Silverbull

These entry-level roles typically involve testing and analyzing different security products and systems. These roles will expose a recent graduate to the industry and give candidates room to explore different career paths within the industry.

Many universities have jumped on the cybersecurity bandwagon too by creating cybersecurity degrees, allowing recent students to gain some experience in the industry. Some of the top programs in the country are listed here.

Cybersecurity is in demand, even if your school does not offer a cybersecurity-specific degree, it is a career you should consider. According to U.S. News & World Report, employees in cybersecurity tend to make $15,000 more on average than a typical IT job, with an average salary of $116,000. In addition to making a good living, it is an exciting industry that is quickly growing.

Interested in a cybersecurity career? Check out which certifications will give you a competitive advantage right here.

Defining Career Goals in the Cybersecurity Industry

Being a CISO isn’t the only aspiration for many cybersecurity professionals.

When speaking with candidates, I always like to ask where they see their career path going. Most of them say that they would like to eventually be a CISO (Chief Information Security Officer) or something along those lines. However, there are many different career paths one could take in the cybersecurity industry.Cybersecurity Career Goals | Silverbull

CISO’s play different roles depending on the organizational structure and size of the company. In larger organizations, a CISO-type role can be more of a thought leader, driving security strategy, but the person is no longer involved with the technical aspects of security. They lead teams, develop the game plan, but they are also more of liaison to the other C-Suite members. They play more of a business role rather than a technical role.

Some professionals prefer roles where they are a “Security Evangelist.” They travel and speak at conferences and conventions about the company they work for and security practices. This blog post by David Holmes, who was a Security Evangelist for F5, provides a good idea of what this role entails.

In other organizations, a CISO does the above-mentioned tasks, but they are also still the point of escalation when an issue arises. They still use their technical skills when needed. When searching for new opportunities it is important to remember what type of CISO you would like to be. You should examine the organizational structure of each company, the size of the company and really understand what type of role you will be playing. It is also important to speak with other leaders in the business and make sure information security is prioritized in this organization.

While a CISO-type or thought-leader role might be the end goal for some, is not the job everyone. I have also spoken with different candidates who prefer not to take a leadership role within the business-side of things. They prefer to stay technical; they do not want to sit in meetings all day, they would rather focus on performing. Candidates with this preference might be more interested in a Lead Architect or Principal Architect role. These roles are very senior-level and typically involve developing different security practices and strategies, but they also stay very technical.

Overall, there are many different paths your career can take in the cybersecurity industry, as it is constantly evolving and new roles are being created all the time. Do your research and really think about the type of role you would like to one-day hold.

Learn about the no. 1 complaint from cybersecurity professionals right here.

Which Cyber Security Certifications Are Worth It?

There are countless cyber security certifications. Discover the ones that are really worth it.

As a recruiter I see many different job descriptions, all with varying requirements; some require five different cyber security certifications, others just say a certain certification is preferred. In the cybersecurity industry there are many different certifications that one can get, but from working in the recruiting industry, there are some that are more valuable than others.

  • CISSP (Certified Information Systems Security Professional) – This certification is probably the most useful certification to invest in. If not listed as a requirement, most senior-level cybersecurity jobs have it listed as a preferred requirement. This certification requires at least five years of paid full-time experience. Once you pass the exam, it also requires an endorsement from another certified professional and reaccreditation every three years. The (ISC)2 issues all certifications.
  • CEH (Certified Ethical Hacker) – For jobs that deal with penetration testing or vulnerability management, this certification is nearly always a requirement. To receive this certification, a candidate must take a training course at an Accredited Training Center or conduct a self-study and submit two years of relevant information security work experience. The current exam is the EC-Council’s.Cyber Security Certifications | Silverbull
  • CompTia Security + – This certification is great for someone who is interested in becoming a CISSP, but is not quite there yet, experience-wise. According to the CompTia website, this certification will include, “the most important foundational principles for securing a network and managing risk.” This role requires 2 years of relevant work and the passing of the exam.
  • CISA (Certified Information Systems Auditor) – This certification is useful if you would like a career as an auditor doing risk and compliance work in the information security industry. The ISACA holds the exams and conducts the certification process for the CISA.

While there are many more security certifications out there, these four are the most useful to have, as they are the ones that tend to appear most in job descriptions. To be a stellar candidate, you do not need to have all of these certifications. Start off with a Security+ and then decide what type of career path you would like to head down and pursue the certifications most relevant to those opportunities.

Check out our article on how to stay up-to-date on all the the latest cybersecurity trends and education.

How to Utilize your LinkedIn Connections for Networking

Don’t underestimate the power of using your LinkedIn connections during your job search.

LinkedIn is changing the way we network with like-minded professionals and the way we get jobs. Recruiters and employers now use LinkedIn to look for candidates and to evaluate candidates.Utlizing LinkedIn Connections | Silverbull Having an up-to-date profile and an active presence will help you grow your network and connect with people and opportunities that may not have been an option before.

Here are some quick tips on how to better brand yourself:

  • Have a profile picture – This may seem minor, but it will help someone remember you as a real person, rather than just an online profile page.
  • Update your job history and include descriptions – By doing this, you will come up more often in searches. It will also give someone viewing your profile a better idea of what you do and what you enjoy doing.
  • Have a summary – This brief paragraph can describe your career and your passions. Maybe mention areas or fields that you have dabbled in, but would like to explore further in your career. It might encourage others with those potential opportunities to reach out.
  • Publish posts – If you work in a field day-to-day, you come to learn it inside and out. You make mistakes and you learn from them and you develop insights and opinions on happenings in the field. Publish these thoughts into a post on LinkedIn and you will start a conversation with others in your network, sometimes even beyond your first-degree connections.
  • Be active about connecting with people – Growing your network is key. It will allow you to start conversations with other people in your field. You can learn from them and network with their connections. According to this article by Forbes, having 500+ connections tells others viewing your profile that you are a veteran on LinkedIn and that others think you carry some value by having you in their network.
  • Participate – You should like other people’s updates, check in with past colleagues, congratulate them on new endeavors, join groups that you have an interest in and participate in discussions. All of these actions will help you network further and actually develop relationships with your connections.
  • Stay professional – Just like the workplace, LinkedIn is not the place for politics. It is not Facebook or Twitter and you do not want to be arguing with people in your network, hurting your chances for a potential opportunity.

If you have a LinkedIn account, you might as well maximize all of its potential. Networking and making real connections will only help you. You never know when your dream job may come knocking….

Follow Silverbull on LinkedIn for the latest cybersecurity hiring and industry news.

How to Be Prepared for A Cyber Attack

Follow the Girl Scout Motto and Be Prepared for a Cyber Attack.

Cybersecurity is not something to think about just when an attack happens; everyone needs to be on his or her toes, both at work and at home. Attacks are happening daily, to both business and individuals and are causing huge problems. Here are some tips on how to be prepared and how to try and prevent them from happening to you


Getting attacked by a hacker affects your business, your reputation and your customers. It is very important to have as many measures as you can in place to prevent a cyber attack.

  • Know your vulnerabilities. Hire a consultant to come in and tell you where there are holes in your infrastructure and then fix them.
  • Be proactive. I know this might seem expensive now, but in the long run it will save you money and time. This is one of the situations where you always think it will not happen to you, until it does. Cleaning up after an attack is always more timely and more expensive than having the proper measures in place to prevent one.
  • Develop a CISO (Chief Information Security Officer) type role for your organization. A CISO is able to analyze data and security needs and translate them into business initiatives. They can organize all of your security initiatives and translate them into attainable goals and they work directly with upper management to make it clear what needs to be prioritized within the business.

Individuals:be prepared for a cyber attack Silverbull

Businesses that we frequent have their own vulnerabilities; many of them have been attacked, including places like Target and Home Depot. These attacks have left our personal information up for grabs.

Now that this has happened time and time again, we have to keep our eyes out for people misusing our information.

  • Keep a constant eye on all of your bank and credit card statements, even the tiniest charge that you can’t remember spending, might be a sign of a hacker using your information.
  • File for you taxes early. Some criminals now have access to people’s tax information and file their taxes to steal their tax refund. If you file your taxes right away there is less of a chance of this happening.
  • Close any credit cards/debit cards that you know have been used at a business where there was a breach. Most banks are more than happy to do this and send you a new card. Many banks, like Bank of America, do this on their own.

In addition to people stealing your financial information, people now have hacked people’s cars, smartphones, personal computers and smartwatches. Keep your eyes out for any sign of something not working properly or acting strange, it may be because someone has compromised it.

Check out the 10 Biggest Data Breaches of 2015.

The Learning Never Stops With Cybersecurity Education

Evolving technologies leave cybersecurity professionals no other choice than to stay up-to-date on the latest cyber threats and skills needed to prevent hacks.

The information security and cybersecurity industry is constantly evolving and continuous learning will help you always bring your A-Game. When leaders are asked how their employees can better themselves, most of them say that they should take the time to learn new things, explore other paths and have an open mind to trying new or different solutions. There are always new technologies and it can not ever hurt to explore them. You never know, maybe a new technology will be better than your existing set-up.

In addition to technologies constantly evolving, hackers’ techniques are always changing. The bad guys are not going to stop trying to find new ways to steal information, so we need to be on the defense and find new ways to stop them and prevent them from attacking. It is better to be one step ahead than one step behind.

cybersecurity educationIn addition to bettering yourself for your current position, learning more will help you stand out amongst a sea of candidates, when you decide to make a change in your career. Hiring managers appreciate people who take it upon themselves to learn more and gain additional skills. If it comes down to you and one other candidate who has a very similar resume and personality, the employer is going to choose the candidate who has taken an extra step to be an expert in their field.

Advice? Take training courses, get more certifications, or get another degree. If you have to choose one, work towards getting a certification. More often than not in a cybersecurity job requirement, the employer requires a current certification, such as a Certified Information Systems Security Professional (CISSP), a Certified Ethical Hacker (CEH), or a Microsoft Certified Solutions Expert (MCSE), more than anything else. That being said, certifications are not the be-all and end-all. Taking even just one additional training course and gaining experience can help you stay current in your field. Investing in yourself will pay off in the long run.

Discover which cybersecurity certifications are worth it by clicking here.

6 Tips for IT Job Seekers to Ease the Recruiting Process

Starting a job search can be a daunting prospect. SilverBull has 6 job search tips for IT job seekers looking to find their next career step.

IT Job Search Tips for IT Job Seekers

Many times when speaking with IT job seekers they say they’re open to anything, whether it be location or salary; however this typically is not the case. Someone who is used to city life probably is not going to want to move and work at a company that is in the middle of nowhere. If you are open to moving, but want to stay within the surrounding area of a major city, tell the recruiter. It will help them narrow down their search, which will bring you one step closer to finding your ideal opportunity.

The same thing goes for salary; many times candidates will say, “I am not driven by salary,” or “I am open to negotiations for the right opportunity,” but you need to be truly honest with both yourself and the recruiter. Everyone has a number in their head that they are hoping to make or need to make to sustain their lifestyle. Even if it is your dream job, most people will not be willing to take a $50,000 a year pay cut. This honesty will prevent misunderstandings and in the end will save both you and the recruiter time, leading to better jobs being presented to you.

Here are our IT job search tips for the job seekers out there:

  1. Location – Be specific. Ex. “I want to stay on the West Coast, and live close to a major city.”
  2. Money – Give a salary range, even a wide range, so the recruiter knows the lowest you will accept, but the recruiter will still aim for the high end.
  3. Company size – Where do you prefer working? Some people prefer a Fortune 500, while others are looking to stay small and would be open to start-ups. Choose one side of the spectrum.
  4. Industry – If you have worked in the financial sector and loved it, tell the recruiter that. They want to help you find your best fit.
  5. Job title – Many people say, job title does not matter. But it does, or at least the seniority of the job does. Be specific and say if you want a leadership position, or if you want to stay very technical, or if you want a combination of both.
  6. Network – Building a strong LinkedIn network will put you in touch with recruiters, allow you to see the jobs they are currently hiring for, and make strong connections in the industry.

The most important thing to remember when speaking with a recruiter is to be honest, otherwise they are probably going to come to you with job after job that you are not interested in. They will appreciate you knowing what you want and it will help them find the best fit for you much more quickly. At the end of the day, that is the goal for the recruiter and for you.

We hope you found these IT job search tips to be useful and that you find a great new job! Be sure to follow us to get more job tips and cybersecurity news.

5 Ways to Improve the Cybersecurity Recruiting Process

What’s the no. 1 complaint IT, Cybersecurity and InfoSec candidates have with the recruitment process?

From an outsider’s perspective, a cybersecurity recruiter’s job might seem pretty simple; be given a job that needs to be filled, contact candidates, find the right fit, and then you have a placement. While the process might seem simple, in actuality, it is not. Candidates in the IT, Cybersecurity and Information Security industries are bombarded by phone calls from recruiters every single day. Their biggest complaint? Not the constant phone calls, but constant phone calls about jobs that don’t even fit their background.

Many cybersecurity candidates say they receive calls for jobs that they either are not qualified for or are overqualified for. To have more success in recruiting qualified candidates, cybersecurity recruiters need to truly understand what the job requirement they have entails. Many recruiters are searching for candidates in highly technical jobs that they aren’t always the most familiar with.Cybersecurity Recruiting Process Silverbull

Tips To Help Improve the Cybersecurity Recruiting Process and Experience:

  1. Read the job requirement carefully. One little word can make a big difference sometimes (ex. Java vs. Javascript).
  2. Watch a webinar or read a few articles about that type of job.
  3. Search for people who have been in this job in the past on LinkedIn and see what they listed as their job duties.
  4. Be thorough and ask the hiring manager questions about what the job entails.
  5. Understand the most important skills to have for the job. Sometimes job descriptions list every little skill that may be needed. Know what skills are more important to have and what skills can be learned on the job or are not must have requirements.

Recruiters should also take the time to actually read and analyze each candidate’s resume before they start contacting them. By taking the time to educate yourself about your candidate’s background prior to calling, you will make it known that you took the time to understand them, and it makes them more open to speaking with you. By doing this, this will also make your call lists more successful, because you are calling and speaking to cybersecurity candidates who should be very qualified for the job and it should save you time in the long run. In the end it’s better to call 40 qualified candidates rather than 80 unqualified ones.

Learn how IT staffing firms are trying to mitigate the cybersecurity skills gap.

Cybersecurity Experts Biggest Complaint: Security Programs Aren’t Prioritized

What is one of the most important things information security candidates look for in a company? The importance of their cybersecurity initiatives.

In our job as cybersecurity recruiters, this is something we hear over and over from our candidates and professionals.Cybersecurity experts

Cybersecurity is one of the biggest issues facing our society; hackers are attacking our businesses and governments on a daily basis. To help combat this problem, many organizations are now seeking top information security professionals to join and help them strengthen their security measures.

For these professionals, however, it is not as simple as joining a new company and fixing everything; they can not do it all. One of the biggest concerns that job seeking cybersecurity professionals have is that companies are not always willing to invest in security. They hire one person, expect them to do it all, without having a good idea of what they need or want.

Setting Security Professionals Up for Success

Security professionals want organizations to provide them with the budgets and resources necessary to develop a strong security program. Many candidates mention how they join organizations but cannot implement the work that needs to be done due to companies not willing to invest more into their security programs.

Additionally, before starting a search for a security professional to join their team, organizations should have an idea of what they want their security program and the position to entail. It might be a good idea to hire an information security consultant to see where the holes in your security program exist and where the most work needs to be done.   The organization should then be very clear when they are interviewing candidates in explaining what they want their security program to look like and the resources they are willing invest in it.

Most importantly, cybersecurity professionals want to be of value to your organization. Here a few tips for executives to remember:

  • It is cheaper to be proactive than reactive in the long-run, you do not want to wait until your systems are attacked or hacked.
  • If you have hired or are hiring a security expert, listen to them and act on their recommendations.
  • Have the security team play an active role in the decision making process.

In the end, if you listen to these suggestions, you will have a more secure system and happier information security employees.

If you’re a cybersecurity professional looking for a new role at an organization that takes cybersecurity seriously, contact us today, so we can see how we can be of help.

Best Practices for Retaining Cybersecurity Talent

Cybersecurity talent is hard to come by so when organizations find the right candidate they must strive to retain their top employees.

Talent retention in the cybersecurity industry is such a vexing problem that even institutions as prestigious as the National Security Agency struggle to keep their elite operatives employed. The talent deficit for cybersecurity expertise creates a market climate where personnel are able to command upward salary pressure that prices organizations out of contention for human capital. If an information security specialist has the opportunity to double their salary elsewhere what can you as business do to enhance your value proposition?

Retaining Your Top Cybersecurity TalentAccording to the Acumin Blog, a British IT content publisher, the primary reason cybersecurity officials resign from their posts or begin to consider departing is salary-related. While enterprises need to exercise caution in not offering unsustainable compensation packages, pay increases are a must to retain vital personnel. But, the retention issue is not purely financial.

Flexibility is another premiere demand amongst cybersecurity professionals. These individuals realize they are special, scarce and the proverbial “unicorns” of the IT ecosystem. Hiring managers need to carefully evaluate onboarding benefits like, like split shifts, customizable hours and telecommuting to satisfy the lifestyle preferences of these InfoSec elites. That’s not to say cybersecurity professionals deserve Hollywood star treatment, but enterprises need to be accommodating. Businesses might benefit from approaching cybersecurity talent the same way Division 1 athletic programs engage blue chip recruits.

And like any other competitive industry, enterprises need to offer cybersecurity staff abundant career development opportunities. According to “Cybersecurity Professional Trends,” a survey conducted by the Sans Institute, a cybersecurity research organization, nearly 30% of respondents listed advancement as the main reason they would consider pursuing a new job. Advancement slightly edged compensation in this survey. And with the Sans Institute reporting that 25.4% of cybersecurity professionals they surveyed seeking management positions in 2014, and 33.1% pursuing this advancement in the next five years, career development is one category that enterprises cannot afford to neglect.

Businesses can’t be completely faulted for this career development deficiency as information security currently suffers from a lack of standardized industry certifications and skills across the board. Also, career development and promotions are often accompanied by salary increases, so there is significant overlap between these two areas. Nevertheless, organizations need to be proactive in learning about cybersecurity education opportunities and finding ways to integrate these resources into their business models. Without a standardized paradigm for continued education and expertise, organizational leadership paradigms become unclear and unstable.

And just like financial services firms cover the costs of securities examinations and license-specific training classes for their personnel, enterprises should also subsidize advanced IT education for their valued employees.

Additionally, the Sans survey found that 50% of respondents chose to remain in their current roles because they derived personal fulfillment from the job. In a financially deterministic world, this finding may surprise some, but it speaks to the bigger theme of empathy. Cybersecurity specialists are a rare species and their scarcity breeds some unique and recurrent personality patterns. Therefore, enterprises should invest a little extra on personality and behavioral screening to determine the temperaments of their candidates. By working to better understand their personnel and tailoring the work environment to suit their preferences, enterprises help make their InfoSec staff feel valued and fulfilled.

In the end, organizations, which better understand the personality nuances of their cybersecurity human capital will know how to optimize their workplaces for maximal retention. If enterprises offer their valued personnel a culture where they feel appreciated, fulfilled and intellectually empowered, continuity is secured.

Learn about the 5 recent cybersecurity hiring trends for 2016 by clicking here!

Chief Information Security Officers Are Critical Assets for Enterprises

Learn about the importance of the rising role of the Chief Information Security Officer (CISO).

The Chief Information Security Officer is a position that has become essential for all data-reliant enterprises. This role has become one of the fastest growing C-suite positions and is the byproduct of an age that has been disrupted and infected by a cybercrime pathogen, which shows no signs abating. Enterprise and government network landscapes are in a constant state of conflict, fighting against a shape-shifting threat that is continually evolving.The Importance of a Chief Information Security Officer CISO

In today’s enterprise network arena, data is perpetually under siege from a barrage of phishing campaigns, malware, keystroke surveillance, zero day exploits, insider attacks and denial-of-service assaults. As such, enterprises need to designate a general to orchestrate a capable defensive and risk-management strategy.

Enter the CISO – the apex technologist, who possesses a rare combination of InfoSec analyst expertise and upper-management social engineering skills. The CISO is that rare breed, which can independently design and implement cloud security, while also being able to manage the complex personalities of information security staff.  With regards to the latter, the CISO must be the ultimate trust nucleus of the organization that can identify threats within its own IT ranks.

But CISOs primary contribution to an organization is their ability to take findings from data security analyses and turn them into business leadership initiatives. The CISO bridges the cap between IT personnel and key executives and stakeholders. These IT commanders have a keen understanding of not only the most vital information security issues, but the most crucial business functions as well. The operational efficiencies of a business benefit from the CISOs ability to unite the information security staff and mold them into a collaborative unit that fluidly identifies and responds to threats.

Another asset that the CISO brings to the table is their ability to grasp the interdependence between cyber and physical security. So while a firm’s information security staff might be comprised of savants whom are only proficient in the virtual world, CISOs align their functions with the goals of the enterprise. Part of this alignment involves a keen sense for provisioning and de-provisioning. CISOs oversee the levels of access and permissions that IT personnel have within the organization, badges included.

Organizations cannot afford to neglect the CISO role any longer. Additionally, they must design this role as a department that functions outside of IT and responds directly to upper management. By creating CISO positions, enterprises send a strong message to their stakeholders, prospective investors and the competition that cybersecurity strategy is among their core values. As such, the inclusion of a CISO becomes a sure path to securing investor confidence, mitigating repetitional risk and enhancing revenue growth.

Check out our chart highlighting the rising CISO salaries.

Cybersecurity Experts in High Demand as Market Faces Skill Shortages

As cyberattacks become more commonplace, demand for cybersecurity experts grows.

The growing threat of cyberattacks has created a robust demand for cybersecurity experts in a short-staffed IT jobs market. Just consider that the Center for Strategic and International Studies, a Washington-based think tank, estimated in an October 2014 report that cyberattacks cause damages of $445 billion a year worldwide. In 2015, enterprises must constantly be on guard for these costly and disruptive digital intrusions.

Skills ShortageAnd the exponential growth of data, fueled by rising mobile device penetration in the developing world along with the emerging Internet of Things, will only result in a larger jackpot for hackers to target. Moreover, recent high-profile attacks against major corporations like, Target, Home Depot, JPMorgan Chase, Anthem and Sony, have elevated the issue of cybersecurity to the pulpit of everyday discussion.

The intrusion-risk is so compelling that JPMorgan Chase, who announced a data breach that compromised 84-million customer accounts last fall, plans to double their cybersecurity budget to $500 million in the next five years, according to bank CEO Jamie Dimon. Venture capital firms are also investing heavily in the cybersecurity sector. In 2014, VC funding for cybersecurity startups swelled to a record $2.4 billion, up 156 percent from 2011.

But where do these enhanced budgets and investments dollars ultimately trickle down? The beneficiaries of this spending and investment wave are information security personnel – the human capital commanding big money in a scarce cybersecurity expert pool.

Market research firm Gartner forecasts that the cybersecurity market will grow from $76.9 billion this year to $93 billion in 2019. The problem is the current dearth of qualified cybersecurity professionals to meet the current labor needs, not to mention those, which will accompany the market’s furious growth. One Rand Corporation study estimates that there are approximately 1,000 skilled cybersecurity experts globally, while the market needs 10,000 to 30,000 to satisfy demand.

Offering slightly better numbers, Alex Stamos, Yahoo’s chief information officer, told United Press International in March, “There are maybe four or five thousand people in North America I can hire right now who have the technical skills keen to us.”

Data from Burning Glass, a Boston-based labor analytics firm, indicates that cybersecurity job postings grew 74 percent from 2007 to 2013, or more than twice the growth rate of all other information technology jobs. Also, the Bureau of Labor Statistics forecasted that demand for information security analysts is bound to grow by another 37 percent between 2012 and 2022.

But, in order to properly accommodate this demand, American cybersecurity experts like, U.S. Cyber Consequences Unit CEO Scott Borg and others have called for greater emphasis on and investment in cybersecurity education.

While enterprises wait with bated breath for more skilled cybersecurity personnel to enter the talent pool, competent security specialists can leverage scarcity to command top dollar. According to Network World, security-related positions are among fifteen job titles projected to experience significant salary upgrades this year. All of the jobs presently offer compensation packages ranging from at least $100,000, all the way up to $190,000 for chief security officers.

But in 2015, salaries for these security positions are expected to rise between 6.6-and-7.4 percent, depending on the exact role. So by 2016, some chief security officers could make a base exceeding $200,000.

The cybersecurity market is as lucrative as it short-staffed. Skilled information technologists would be wise to capitalize on the opportunity before the sector gets crowded and the laws of supply start trimming their income prospects.

Learn about 5 hiring trends for the cybersecurity industry in 2016.

Find the Best Cybersecurity, IT Professionals for Your Business

Discover the main issues facing organizations who seek to hire skilled IT professionals.

Hiring the right information security and IT professionals can pose significant challenges for enterprises. The first problem is the scarce talent pool. For example, a Rand Corporation study estimates there are approximately 1,000 skilled cybersecurity experts globally, while the market needs 10,000 to 30,000.Cybersecurity Professional

The second issue hampering cybersecurity-hiring systems is a clueless interview process, where talent is herded through arbitrary and disorganized screenings, according to CNBC. Sometimes, InfoSec specialists are forced to endure up to 10 separate interviews, while being evaluated by people who have no security expertise.

Some businesses are turning to cybersecurity-expert-screening-and-recruitment startups. These services test and verify IT professionals’ technical skills and match them with companies seeking relevant IT and security talent. Think of these models as human resources Ubers with an exclusive focus on Cybersecurity solutions. Also, these crowdsourcing-and-sharing services are disrupting the market for cybersecurity consulting firms. The cybersecurity industry standard of annual and semi-annual audits seem inadequate in the face of a threat that is constantly adapting and sleeplessly conspiring to destabilize enterprise networks.

Another more foundational problem afflicting the cybersecurity hiring process is the ambiguity surrounding the certifications and skills needed to get the job done. According to The Institute, an IT-trade publication, there is a void of standardized qualifications that hiring managers can use to inform and guide their candidate onboarding systems. As a result, human resources departments are overwhelmed with a plethora of certifications from nearly two-dozen organizations, convoluting the hiring process.

“Professionalizing Cybersecurity,” a recent report published by Salve Regina University’s Pell Center, found that cybersecurity is composed of 31 different specialties dealing with areas like, information assurance compliance, systems security architecture, and digital forensics, to name a few. Hiring managers would be wise to educate themselves about these newly designated categories of network defense so they can identify the candidates whom best suit their needs.

Another factor to consider is the changing nature of cybersecurity philosophy. In the past, security applications have been focused on perimeter network defense. But, in 2015, cybersecurity specialists like Mach 37 Managing Partner Rick Gordon point to a new consensus among experts that it’s impossible to keep intruders out of enterprise networks.   As a result, the industry is placing more emphasis on remediation and response applications.

As the cybersecurity landscape continues to evolve, business can improve their hiring practices in four crucial ways. First off, enterprises need to streamline their interview processes to eliminate HR inefficiencies. Second, businesses need to develop standardized guidelines for the certifications and skills that are most relevant to their information security needs. Thirdly, hiring managers should consider outsourcing the technical screening aspect of the onboarding process to emerging disruptive platforms that know how to leverage the power of the “sharing economy.”   But, the wisest course of action for enterprises might be to consider the cybersecurity industry’s new interest in remediation and response solutions.

If efficient containment and data recovery applications are being recognized as the optimal curatives to manage cyber-disruptions and information theft, perhaps hiring practices needed to be repurposed to match this paradigm shift.

Learn more about the surge in cybersecurity opportunities for college students and recent grads.