The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Brandeis Innovation Showcase 2018

Discover the innovative ways the Brandeis community is changing the world at the Brandeis Innovation Showcase on Thursday, November 15. Held as part of Global Entrepreneurship Week, the Showcase will include presentations and a reception featuring startups, inventions, social entrepreneurship, and scientific discoveries born out of the labs and classrooms at Brandeis University.

View of Innovation Showcase 2017Participants can network with the researchers, students, faculty and staff who are impacting business, sciences, technology and social sectors. Some of Boston’s leading innovation organizations will have booths that provide more information about their work.

Attendees will have the opportunity to join the entrepreneurial action and vote for a crowd favorite by “investing” in projects. They will experience the Brandeisian innovative spirit while networking with Boston’s innovation community.

Get your tickets for the event here and make sure to use the hashtags #DeisInno18 and #BrandeisInnovates on social media so we can follow along.

Graduate School Admissions FAQ

Applying to graduate school when you’re working full time can seem like a daunting task, but many universities are leveraging the latest edtech to make the application process run as smoothly as possible.

At Brandeis GPS, our online application allows prospective students to upload resumes, statements of goals and other key admissions elements directly to our  online system.  One item that does need to be submitted externally is your official transcript, which we encourage you to submit electronically.

Please see below for some FAQs our admissions team often receives about the application process.

Do you require the GMAT or GRE?

No! If you decide to apply to GPS, do not worry about these exams: we do not require them for admission. We don’t feel like they speak to the nature of what is required to excel in our programs.

Does Brandeis GPS accept electronic transcripts?

Yes, we do accept electronic transcripts as long as they are official. This is the easiest and fastest method for both the applicant and us.

How should I send electronic transcripts?

Provide your school(s) with our email address: gps@brandeis.edu. We’ll confirm with you once the documents are received.

What address should I use for paper transcripts?

These should be sent directly from the school(s) to our mailing address:

                  Brandeis University                

                  Graduate Professional Studies

                  415 South Street, MS 084

                  Waltham, MA 02453-2728

We’ll let you know when we receive them.

Do I need to submit transcripts if I transferred courses?

Yes, we require official transcripts for all colleges/universities attended.

What if my program of interest is not related to what I studied in undergrad?

While some applicants may have studied an undergraduate major relevant to their desired graduate program, many have not. Make sure to highlight your professional skills, certifications and expertise in your application. You’ll be able to do this through your resume and statement of goals. (Please note that some programs may have specific requirements, which you can see by clicking on your program of interest here.)

How can I check the status of my application items?

At any time, you can login to your applicant status page once your application is submitted to see what items are pending: Login

<<Start your GPS application>>

Please feel free to contact our enrollment team any time. We understand the commitment it takes to apply for a master’s degree, and we’re happy to walk you through the steps and answer any questions that you have.

How to create a digital culture at your workplace

The Enterpriser’s Project defines digital transformation as the integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers.

In a world where technology is advancing at a rapid pace, digital transformation should be a required strategy for any organization. To be successful, workplaces must build a digital culture where employees embrace new technologies.

4 Steps for Building a Digital Culture

1. Be upfront about the digital transformation your workplace is undertaking 

Be sure to provide a clear message to employees about what is coming down the pike. Address the key components of what digital transformation is and keep employees informed on what changes they’ll see, what the impact will be, and the likely timeline.

2. Engage employees in forums for discussing  new technologies

Employees should be included in the digital transformation process by having an opportunity to discuss/debate advantages and possible disadvantages of new technologies. They should have a forum to ask questions about new tools and platforms and the most recent technologies such as AI and machine learning, and also feel empowered to share concerns and discuss ways to mitigate risks related to any upcoming transitions.

Graph displaying digital readiness

Image Source: https://infocus.dellemc.com/tim_wright/why-the-workforce-needs-to-change-for-digital-transformation/

3. Make expectations for digital transformation clear

Once there is a timeline in place for your company’s digital transformation, management should be clear with employees about what that is and make sure they are adjusting as necessary. Provide structured goals for employees and monitor individuals’ progress.

4. Promote digital readiness by pursuing professional development in tech-rich fields 

After explaining the digital transformation occurring in your workplace, employees will need to keep up-to-date with their technical knowledge. It may be beneficial to employees to take courses or undergo trainings for professional development.

Brandeis GPS provides online Master’s degrees in tech-rich fields including Strategic Analytics, Digital Marketing and Design, Digital Innovation for FinTech, Robotic Software Engineering, and more. At GPS, you can take up to two courses for professional development before enrolling in one of our 12 online Master’s programs.

Brandeis GPS also works with employers through corporate partnerships, providing tuition scholarships and/or training and continual conversation around educational support for companies.

For more information about our 12 online Master’s degree programs or to learn more about taking courses for professional development, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Information Security Leadership at Brandeis GPS

With rising technology usage, there has been an inevitable rise in cybersecurity threats and an increased  demand for information security professionals. There is a growing responsibility to protect information as cybersecurity risks can be catastrophic for companies, customers, and careers.

With a Brandeis GPS Master’s in Information Security Leadership, you earn the confidence to attack any cybersecurity situation with leadership and technical savvy.

Brandeis University is ranked #35 among national universities by U.S. News and World Report, so you will have earned a master’s from one of the top universities in the country to lead you through any cybersecurity challenge, and to influence decisions for risk prevention.

Our cutting-edge, industry relevant, 100% online curriculum for professionals will build your leadership abilities and skills in leveraging technical know-how. Since you will learn alongside cybersecurity leaders from many industries in small seminar-style classes with no more than 12 students, your exposure to cybersecurity threats of all kinds will be significantly expanded.

The program will equip you to:

  • Develop a business case for investing in cybersecurity and risk management
  • Inform and influence senior executives to commit to obtaining and maintaining this investment
  • Oversee the planning, acquisition and evolution of secure infrastructures
  • Assess the impact of security policies and regulatory requirements on complex systems and organizational objectives

The 30-credit part-time, online program has six required courses and four electives.

The required courses are Foundations of Information Security, Information Security Management, Principles of Computer Incident Response and Investigation, Principles of Risk Management in Information Security, Information Security and Compliance, and Leading Security in Complex Organizations.

Options for electives include Identity Management and Access Control, Cloud Security, Secure Mobile Applications and Data, Network Security, and Managing Change and Innovation. View all courses offered in Information Security Leadership here.

Those applying to the Information Security Leadership program should have an undergraduate degree with work experience and/or coursework in introduction to networking, introduction to computer science and introduction to computer security.

We hope you enjoyed our cybersecurity series as part of National Cyber Awareness Month.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Governance and the case for bringing cybersecurity out of IT

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

Information security governance is perhaps the most challenging aspect of cybersecurity.

Governance, while not a four-letter word, is often discussed with the same grumble that one uses when speaking about the dentist or aged fish. The basics of governance revolves around the advancement that simple accountability and transparency deters calamity. One cannot predict and avoid all disasters — think volcano here — but at the same time, one cannot grade one’s own homework.

It works well until there is a real test and someone else has the red pen. I think it was the queen of corporate governance, Nell Minow, who said, “watched boards change.” I agree, and would say this observation can be applied all the way down the corporate chain into an organization: those that change are the ones who are watched as objectively as possible.

So what does this have to do with cybersecurity, and why is governance hard in the cybersecurity space? There are a number of reasons for this perception. First, boards have been bamboozled by jargon and an IT executive tier that has been unclear and unsure of what and how to report on security. (For those of you on boards, when was the last time you had a security executive discuss the direct link between spend and the measured reduction of risk?). Indeed, in a Bay Dynamics/Osterman Research survey, “the majority (85%) of board members
believe that IT
and security executives need to improve the way they report to the board.”

While I am not a fan of standards for standards’ sake, the ISO/IEC 38500:2008 Corporate governance of information technology has the following useful definitions:

  • Corporate governance: The system by which organizations are directed and controlled.
  • Corporate governance of IT: The system by which the current and future use of IT is directed and controlled. Corporate governance of IT involves evaluating and directing the use of IT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organization.
  • Management: The system of controls and processes required to achieve the strategic objectives set by the organization’s governing body. Management is subject to the policy guidance and monitoring set through corporate governance.

Security leaders should tack these definitions to their wall.

When it comes to how security leaders can set the right direction for the board and make sure the Board has the right information for strategic oversight, I think it is a “two-way street.” Boards need to come to the security business and ask questions and security leaders need to come to the Board with improved reporting. Perhaps an improvement would be an approach that keeps the security report separate and distinct from that of technology. For organizations where information security, or cybersecurity, does not report to IT— bravo! You have taken a step toward greater transparency. The inherent mission of IT is accessibility and availability and the inherent mission of security is possession (control), protection and integrity. These missions are often in conflict, and managing them under the same leader (often a technology leader), could result in a Head of Security who does not have the chance to challenge or push back against the IT Executive who writes their performance assessment and controls their compensation.

We can better coordinate, manage and govern our complete security capabilities by bringing cybersecurity out of IT and taking a more holistic approach to incorporating physical and facility security, fraud and loss mitigation, and the other components converging security capabilities, data collection, management, and ultimately governance.

An organization’s board and business management must be in alignment where spend and the use of emerging technology are converging for the business. Security leaders should consider the following approach to champion governance:

  1. Above all, be transparent and accountable. Don’t tell the board what they want to hear or what you think they want to hear (they know when they are being managed). Represent the security program objectively. Characterize how security investments support the delivery of value for the business and supports organizational objectives.
  2. Do the hard work to consistently measure, monitor and report on security risk, and to provide the analysis between security investments and the execution to mitigate or manage risk and reduce or limit potential impact.
  3. Share performance and achievements of security resources — these drive the execution of a program and they are where the rubber meets the road for execution of the security program. Just like other business function, people are what drive success for a security program.
  4. Demonstrate how cybersecurity is aligned with and supports the strategic planning and objectives of the business and the expected business outcomes. Often the inherent conflict between the IT mantra of constant access and availability will be in conflict with cybersecurity’s mission of possession, protection and integrity, but the two do not have to be contentious, but IT needs a peer who can hold IT accountable if needed, not a lackey who does what they are told.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

Faces of GPS: Meet Kathryn Wight – Director of Partnership Engagement

Did you know that Brandeis GPS helps companies develop stronger workforce pipelines?

Kathryn Wight Headshot

As Director of Partnership Engagement, Kathryn works with employers to understand their organizational needs and determine opportunities for Brandeis GPS to help upscale their employees. These corporate partnerships provide tuition scholarships and/or trainings and continual conversation around educational support.

Born and raised in Carlisle, MA, Kathryn received her degree in psychology and criminal justice from North Carolina’s Elon University. Upon graduation, she chose to remain in the south for a while. After spending some time working as a paralegal, she decided not to pursue a law career and made her way to higher education. 

Kathryn spent eight years at The College of William & Mary before her New England homecoming. She first served as the recruitment manager for the school’s undergraduate career center, working with employers to schedule their on-campus visits and planning career fairs. From there, she spent a few years counseling Master of Accounting students and managing employer relations for all master level programs in the Raymond A. Mason School of Business.

In her role at GPS, Kathryn focuses on helping companies envision how an educational partnership with Brandeis can help cultivate a strong employee benefits program. She finds meaning in building personal connections with partners and gaining a better understanding of how GPS programs and courses can help fill the unique needs of each organization she works with.

Kathryn’s favorite part of her job is all the people she gets to meet and learn about companies from startups to large Fortune 500 firms.

Outside the office, Kathryn is a runner who likes to travel and explore different food and wine cultures. She is currently planning a wedding (that is now less than six months away). She is also a dog lover and enjoys spending time with her five-year-old niece. 

Learn more about our corporate partnership options on our website or contact Kathryn Wight at kwight@brandeis.edu or 781-736-8725.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Security and the Internet of Things

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

Love it or despise it, the Internet of Things (IoT) has forever altered human thinking and interaction. Increased telemetry from our bodies through wearable tech and app analysis of data about our health and personal space has led to discovery, identification and interactions with others through apps and smart devices that is the new norm. How will this explosion of devices change our mission objective as security leaders and professionals?

The term IoT is generally applied to “endpoint” objects such as devices, wearables, cameras, chips, toys, and other objects that can be accessed through a connection such as WiFi or other carrier signals and interacted with via the internet. Examples that have become pervasive would be FitBit wearable’s, iWatches, Alexa or Google Home devices, Nest thermostats, and medical devices such as insulin pumps. While these devices are limited in capability, often just one or two functions or a binary state of on/off, the numbers of devices and the absence of uniform minimum security standards from manufacturers present a problem (several actually) for our IT departments Infrastructure management and security professional.

We can easily find statistics about the number of devices that have emerged in earnest since 2008. The 2017 Cisco Visual Networking Index provides a comprehensive view of some of those numbers. Two of my favorite highlights from this report include:

  • There will be 3.5 networked devices per capita by 2021 (global population 7.875 times 3.5)
  • IP traffic in North America will reach 85 EB per month by 2021 (And North America will not be the highest trafficked global region)

While I am not sure where that bandwidth comes from (I cannot get great consistently streaming bandwidth for Netflix sometimes), what worries me more is patching, tracking and controlling devices. Now, I am not suggesting we control all devices, but I need to control the ones that are on my network because they will increase the potential surface of attack for our networks by orders of magnitude. The more devices you add, outside of implemented and effective controls, the quicker your organization will suffer a breach. Therefore, if you don’t get roles such as patching right you will be lost under the crushing weight of IoT adoption rates. We have to get the “basics” right to ensure we have a foundation capable of integrating IoT devices. We will also need to assess risk and device configuration and a number of other areas we will not venture into here.

In the world of cyber security, people and data are what we most are accustomed to thinking about protecting and defending against. How do we wrap our heads around the potential problems of IoT where the numbers are so much higher? I would submit that we undertake the following approach:

  1. Get the basics right. There will be a lot of debate about what “get the basics right” means but at a high level, I am referring to:
  • Have a comprehensive security program based on risk, with regular assessments
  • Identify where all your data is located and ensure it is appropriately categorized
  • User access, and privileged access, is controlled and re-certified (access for IoT devices as well)
  • Network traffic is premeditated and segmented and network information is logged and monitored (must also scale)
  • Systems management has KPI’s and documented configuration baselines or employs a CMDB
  • Change Management and patching are religiously observed and followed
  • There is a formal incident management/response process (and adjust and augment IR for IoT)
  • There is a crisis and contingency management plan that is tested and updated annually

Yup, that was just step 1. Get all this right and you can start to think about being able to control IoT in your ecosystem.

2. Determine the level of increased risk, or changed risk, related to data loss or breach from #3.

3. Augment your information management or data governance policies and processes to encompass IoT increased data creation and interaction.

4. Determine the physical limits or extensions of IoT devices. Can users outside your physical location use devices or access devices inside your physical location? Do you need to limit (or attempt to limit) the carrier signal outside your four walls?

5. Hire a competent and qualified leader to bridge between security and IT. Brandeis Information Security Leadership graduates are great candidates.

IoT is a big problem that can seem overwhelming, where unpatched devices can increase your threat surface by orders of magnitude. Remember, getting the basics right will see you treating IoT with the same risk strategy that has allowed you to manage technology risk.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

Image source: https://www.personneltoday.com/wp-content/uploads/sites/8/2015/06/wearable-tech-wearable-technology.jpg

Information Security has the perfect mindset to facilitate decision-support red teaming

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

We hear the term “red team” liberally used these days, applied in the security space for both force-on-force scenario testing (subverting hardened facilities and assets) and in the information security space, primarily referring to “white hat” hacking to assess security posture for systems, devices, network perimeters and web applications.

A “red teamer” in the decision support or strategic space is formally trained and uses critical thinking tools and techniques to provoke analysis, stress test strategies, plans and perspectives. At the heart of this work is the modeling or reframing of the problem space from the adversaries perspective.  Red teamers and Security Pros are by nature contrarians, and it is this contrarian mindset we want to capitalize on.

While cybersecurity “red teaming” as penetration testing is vital to an organization’s testing of its security and data protection posture, it has a narrow scope. However, everyone these days in this space wants to refer to his or her work as red teaming. The practice of decision support red teaming is the area that I am submitting an organization can immediately benefit from and are not currently employing. This is an area where your security team can add value by adopting the tools and techniques to facilitate red teaming. Information security professionals are diverse thinkers and often “see” across the entire enterprise. Equipping them with red team tools and techniques can enhance their value in guiding the organization to make better decisions.

Red teaming and the value of a premortem

So how do we do it?  How do we immediately capitalize on our existing stance as contrarians to serve as strategic red teamers? There are a number of available tools such as the U.S.Army’s Applied Critical Thinking Handbook, and Bryce Hoffman’s Red Teaming. We start with, most importantly, is buy-in and genuine support from the top of the organization, and the admission that we will trust our decision to conduct red team analysis and we will be true to the results. There are a number of short tools to use to try this, one of the most straightforward is to have your security staff conduct a premortem on your most important security project for the upcoming year.

The basic approach of the premortem is to visualize, prospectively, about the project failing and using this to illuminate the cause(s) of the failure.  This is not a risk assessment. We are not speculating on what could harm our project, we are identifying what actually caused the failure. This is pathology; we are engaged in diagnosis, not prognosis. Supplies needed are easy to acquire, you will need paper or index cards and pens/pencils and a white board or projector.

  • The leader (security staff facilitator) level sets with the group by reading out the summary from the business case or a summarized version of the project. The leader tells everybody that they should assume that their team, the project team, has made the decision to go forward and that the project has gone forward and has concluded. We are in the future now, a year into the future, and the project has been an utter failure. It has crashed and burned with no redeeming outcome or benefit.
  • Exercise: Each player (project team member) takes the paper in front of him/her and writes a brief narrative or cause of the failure. Take 5 minutes and work in silence.
  • The facilitator collects the paper or cards and generates a list of all the points on a whiteboard or projector. The facilitator can now work with the group to solicit further failure ideas, inspired by the list.
  • Engage in a game to further determine the top five causes for the failure. [A practical note here: if you conduct a premortem and determine a set of failures that are agreed universally by the group as being actual failures, you have a fundamental problem with your project. Stop it immediately and take a step back and rethink the plan.]

Red teaming is best conducted with as diverse a group as possible, and often times those who have had the least to do with the project plan formation can provide insights into points of failure. As you look to expand your tool set in the future, a master’s degree in security leadership can help engender this contrarian mindset and improve the value of security in your organization.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Image source: LeadX.org

Meet our newest GPS faculty members

The first week of the October session is here and we are excited to introduce the newest Brandeis GPS faculty members. These industry leaders come to Brandeis GPS with expertise and established networks within their fields. We have no doubt that the knowledge and experience they bring will provide for meaningful learning opportunities in the online classroom.

Garrett Gillin – RDMD 110: Principals of Search Engine Marketing

Garret Gillin Headshot

Garrett Gillin, MBA, is a co-founder and Principal at 215 Marketing, a Google Premier Partner agency located in Philadelphia, PA, where he oversees the development and execution of integrated digital marketing initiatives with a concentration on programmatic advertising, marketing automation, and advanced analytics.

Todd Chapin – RUCD 185: Design for Non-screen User Experiences

Todd Chapin HeadshotTodd Chapin is a co-founder and Chief Product Officer at ShopClerk.ai. He has experience in product management and UX, as well as expertise in personal mobility, speech recognition, and e-commerce. He has worked at Zipcar, Audible, and Nuance Communications. He has graduate and undergraduate degrees in Human Factors Engineering from Tufts University.

Ernest Green – RSAN 160: Predictive Analytics

Ernest Green Headshot

Ernest Green MS, MBA, PMP, is Vice President of Data Mining at a large financial institution in Dallas, TX. Prior to this role, he worked as a Data Scientist with General Motors and has 10+ years of diverse analytics experience. He holds multiple college degrees and most recently completed a Master’s in Predictive Analytics from Northwestern University. His research and expertise are in analytics, machine learning, natural language processing and artificial intelligence.

We are so pleased to welcome these new faculty members to Brandeis GPS and look forward to seeing how they bring their expertise to their online classrooms.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

How to recruit and manage the best cybersecurity candidates

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

People management is one of the hardest and most rewarding experiences of one’s working life. With the advent of the “gig” economy, I am curious how we are faring in hiring in the cybersecurity space.

Cybersecurity hiring has been universally difficult for some time. It’s not that there is a lack of quality candidates. The issue is that we are missing each other. This is due in large part to the “traditional” hiring approach that many mangers adopt when they have open roles. They head to HR, or pick up the phone and call HR, and ask HR to find them candidates.

This happened to an acquaintance of mine not too long ago. He was looking for a junior information security analyst: a basic role that requires entry-level experience. He received more than 600 resumes, and realized that solid candidates were getting lost in a sea of unqualified applicants who know security is hot and want in.

If you are a manager in security, it’s time to change your hiring paradigm. To find a better applicant pool, cast your net more efficiently and do the following immediately:

  1. Use your network. Get into your network and spend some time talking to your peers.  Learn how to recruit and get out and start recruiting. If you have people in your network that would be perfect, call them. If they do not want to move, find out if they have contacts looking for work.  Ask your peers where they are finding hires. Share information on candidates, someone who is not a good team fit for you may be a good team fit for a peer of yours.
  2. Set the expectation up front in postings that you are different and you are serious. Include information in job postings that candidates will be tested on role skills during the first interview. Those without skills and basic security knowledge immediately fall out. This works well for junior roles. For more senior roles, make it known up front that for technicians they will need to demonstrate skills and for managers, they will need to discuss culture, training and retention.
  3. Make candidates provide a cover letter or cover email that explains how their experience aligns to the role, or provide them a platform to do this in a structured way. This will, once again, weed out those who do not align with the expectations of the role. If I need to describe in a table how my experience and skills relate directly to the role skills, I know that the manager is serious and is looking for the right candidate, and not just “looking” for candidates. Demand that candidates communicate, and get them together to be interviewed by other managers, from other non-IT departments, to interview them more objectively.
  4. Look for skills and education that shows the candidate is more than a CISSP. CISSP’s are everywhere, but show me a CISSP with a master’s degree who can write a business case or executive memo and I’ll scoop them up.

Once you build a team, you need to cultivate it. You want to develop your employees, and yes, eventually you want them to move on, to be successful in another department or another company. However, at the outset, for all your hires, you want to retain them, develop them and let them thrive.  This will also pay when you need to hire. Some of those employees will develop into their next role with you, and if you know those employees and what they want and where they want their career to go, you can help. Do a better job of knowing your current employees and how you can develop them for that next role. Look at your team for diversity, and for diversity of thought, and make sure you employ some contrarians. Diversity in thought is especially important in cybersecurity. A diverse team will be a high performing team. For roles where you have great staff but they are taking leave or need a different structure to their job, consider altering your approach and preconceptions about the traditional working day or the traditional working role rather than replacing those employees.

There are candidates for roles, but they need to be discovered. If you’re looking for a position, differentiate yourself from the masses. Why do I want to hire you? Stop memorizing port numbers and show me you know what P&L is and that you understand budgeting, or, develop your presentation skills, or, develop data analysis or data visualization skills. Or, better yet, get a master’s in security leadership and I’ll know you can handle the role.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Image sources:

https://www.cyberdb.co/wp-content/uploads/2017/11/LinkedIn-cybersecurity.jpg

https://image-store.slidesharecdn.com/be4eaf1a-eea6-4b97-b36e-b62dfc8dcbae-original.jpeg

« Older posts

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)