5 minute read
Fighting Cybercrime: CyberSN finds the cyber professionals to do the job
CyberSN is the only recruiting company in the country that is focused solely on cybersecurity.
More than 2,000 years ago, the messages that Julius Caesar sent to his generals as they fought battles across the Roman Empire were encrypted. Called the Caesar Cipher, it used monoalphabetic substitution, where each letter was replaced by another letter located a few spaces further down the alphabet.
Trying to hide sensitive information from prying eyes has a long history, but the invention of a computer networking system called the Arpanet, the precursor to the internet, would make hiding information more difficult, exponentially more difficult.
Back in the early days of the Arpanet, which became operational in 1971, the number of computers connected to the system was small, and the threat of information being revealed — data loss, in today’s terms — was equally small. Viruses were nonexistent. That is, until the Creeper worm appeared on the scene.
As an experiment in self-replication, an engineer at a technologies company created a computer worm that copied itself on computers throughout the Arpanet, leaving a message that said, “I’m the
Dom Glavach, Chief Security and Technology Officer at CyberSN
creeper, catch me if you can!” The Creeper wasn’t intended to be malicious, but it was disruptive enough that the world’s first antivirus program, the Reaper, was created to delete it.
It was at that moment that the business of cybersecurity was launched.
****
Forty years after that first intrusion into a computer system, there is, according to a Clark School of Engineering study, an intrusion, or cyberattack, every 39 seconds, affecting one in three Americans each year. The attacks involve accessing data, extorting money and disrupting company operations.
Because of the prevalence of attacks and the need for businesses to protect themselves, cybersecurity has grown into a $139 billion business worldwide, with double-digit growth rates expected for the foreseeable future. That means there’s huge demand for people to work in cybersecurity. Among the jobs: cloud forensic analyst, insider threat analyst, security engineer, penetration tester and enterprise security architect. In management, the jobs include chief information security officer, security director and security manager.
“We have identified 45 functional roles in cybersecurity that fall into 10 categories, which include defense, offense, research, response, compliance, education, planning and sales,” says Dom Glavach, the Chief Security and Technology Officer for CyberSN, the only staffing and recruiting company in the country that is focused solely on cybersecurity.
Because the profession is “immature,” as Glavach puts it, that system of classification of roles, or taxonomy, didn’t exist. As a result, what one company called a security engineer might mean something different at another company. “So there was this large disconnect,” he says. “To remedy that, we created this taxonomy and applied it to a matching algorithm that takes a professional’s profile and matches it to an open job.” Another unique aspect of the algorithm, what Glavach calls “the secret sauce,” quantifies the degree of professionals’ interests and qualifications.
“We’re using that type of matching algorithm as our core, along with the traditional recruiters that reach out and discuss positions with cyber professionals and with companies,” Glavach says. The taxonomy makes it easy for applicants to determine which jobs to apply for, and it’s used by businesses to build better job descriptions, for staff planning and development, and to find candidates who fit and will last in the jobs.
Companies want people who will last in the jobs because there’s a shortage of qualified cyber professionals. “The shortage is significant,” Glavach says. “It’s been that way since I joined CyberSN six and a half years ago. It’s a real challenge, so we advise companies to focus on the retention of cyber professionals currently in their company or the people that we assist in the placement.”
One of the biggest challenges is hiring women, now just 14% of the cyber workforce, and people of color, less than 5% of the workforce. It’s a challenge that CyberSN has taken on, in part because the company’s founder and current CEO is a woman, Deidre Diamond. A founding partner of Secure Diversity, a nonprofit to increase the hiring of under-represented groups, Diamond has made the company a leader in connecting diverse professionals to cybersecurity roles. One of the CyberSN initiatives: Resumes can be created without identity data, shared only when an application is made, to remove the possibility of unconscious bias.
Glavach says a cyber program at a university — with courses in programming, mathematics and sociology (helpful for understanding the psychology of phishing) — is the preferred choice for the needed education. But fouryear degrees aren’t the only path to a cyber career. Some cyber professionals come from community colleges or trade schools; some are self-taught, like the high school graduate who started cyber as a hobby.
Most important, Glavach says, is passion and curiosity: “Many companies are saying, ‘I’ll take someone who’s passionate and curious and willing to learn over someone who has a four-year degree who’s not passionate and curious. The cyber community is very passionate about what it does. I truly, truly love what I do. It’s my passion and do not see it as a job”
For more information, visit cybersn.com.
