Recruiting from the Help Desk

Working the help desk seems like a great place to get entry level cyber security skills. So why is it so often overlooked or even looked down upon??

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark , the producer of CISO Series , and Steve Zalewski . Joining us is Sasha P. , CISO, WASH .

The help desk is a resource

CISOs can get a lot of organizational insight by keeping tabs on the help desk. "Help desk is a great vantage point to learn and understand an organization, the technology and tools they use, and the people you support. I did my time back in the Marine Corps and it has proven to be an immensely valuable part of my career," said Dr. Joe Lewis , CISO, Centers for Disease Control and Prevention . The help desk is the first place you can learn about security controls that rub employees the wrong way, giving you an opportunity to adjust them faster, as Duane Gran of Converge Technology Solutions Corp. pointed out, saying "Even if you don't hire help desk employees straight away, they are a great resource to know what is really happening in the company. They are at the tip of the spear in terms of hearing about staff frustrations around technology and security."

Embracing a service mindset

Employees with help desk experience often have technical skills that translate to cybersecurity, but the benefits of recruiting them go beyond that. "Help desk experience fosters a customer service mentality. This helps transform security from the ‘department of no’ to a shop that asks ‘how can we make this work for everyone,’” said Justin Furrow of Zelis . Excellent customer service becomes a major asset when you consider the importance of communication in cybersecurity. "Their customer service skills remain undervalued. All aspects of security involve working with internal customers whether it be during an investigation trying to get additional context the logs don't provide or when troubleshooting on the engineering side," said? Greg Mathes Arvest Bank .

It’s not a direct pipeline

While help desk staff remain a still untapped source of high-quality recruits, it doesn’t mean the transition won’t require additional training. "In tier 1 tech, coding skills are mandatory to succeed in security engineering. You must learn to code, minimally Python, ideally Go and or Java," said Nick Reva of Snap Inc. . Brian D. McCarthy of Veritas GRC makes the case that the help desk offers a strong foundation, saying, "Lateral positions, like the help desk, have the underlying foundational elements for cyber success. Communications, escalation process, and large picture attack vectors."

Take advantage of the inside track

Cybersecurity processes are doomed to failure without buy-in. Employees with help desk experience know what kind of policies and procedures will work with staff, and which ones get worked around. "The help desk also has great insight into what security processes are burdensome and how people bypass them. If they can help the CISO ‘make the right way the easy way,’ that's extraordinarily valuable," said Chuck Herrin, CISSP, CCSP, NACD.DC of F5 .

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. Thanks Push Security .

Huge thanks to our sponsor,?Push Security

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Join us TOMORROW, Friday [05-31-24], for "Hacking Microsoft Copilot"

Join us TOMORROW, Friday, May 31, 2024, for?“Hacking Microsoft Copilot: An hour of critical thinking of how to get your Copilot pilot into production.”

It all begins at 1 PM ET/10 AM PT with guests Brian Vecci , field CTO, Varonis ?and? Cyrus Tibbs , CISO, PENNYMAC .?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Varonis

Cyber Security Headlines - Week in Review

Make sure you?register on YouTube?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino.?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Dimitri van Zantvliet, CISO, Nederlandse Spoorwegen. Thanks to Vanta.

Thanks to our Cyber Security Headlines?sponsor, Vanta

Jump in on these conversations

"How do you feel about the future of Cybersecurity?" (More here)

"Do you add extra protection to ”high value targets”, like your CEO?"?(More here)

"Do security teams have the operations team run their infrastructure?"?(More here)

Coming up in the weeks ahead?on?Super Cyber Friday?we have:

• [05-31-24] Hacking Microsoft Copilot
• [06-07-24] Hacking SOC 2 vs. ISO 27001
• [06-14-24] Hacking the Conversation Around Risk
• [06-21-24] Hacking Generative AI Anxiety

?Save your spot and register for them all now!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at?cisoseries.com.

Interested in sponsorship,?contact me,?David Spark.