How to Ace an Interview

There are two simple tasks which you should undertaken before attending an interview, they are to research the company and rehearse your answers to the most common interview questions.

Interviews are definitely scary, especially when you are meeting someone who you don’t know and trying to prove to them in a short amount of time that you are the one for the job.

Remember that saying that our parents used to tell us? ‘Practice makes perfect’. Like always, they were right. Interview preparation is key for acing this interview. If you practice the interview then the real thing will be a lot easier. We understand it will still be daunting as its the real thing but this will ease the nerve.

Ask a family member, partner or friend to play the interviewer and help you practice. Here we will layout the usual questions interviewers ask, majority of them are all about you.

1. ‘What are your strengths’

The best advice we can give is to highlight strengths that directly apply to the position which are likely to do with Information Security.

2. ‘What are your weaknesses’

Don’t bother with the chliché answers. Think about situations where you solved something to manage a weakness.

3. ‘Why are you interested in this position/Why are you interested in working for us’

Name things which you admire about the company. It is best to research as much as you can on the company.

4. ‘Where do you see yourself in 5 years?’

Be honest with your answer and be realistic. This question is structured to find out the type of person you are. Whether you are prepared or unorganised.

5. ‘Are you willing to travel?’

Be honest if you don’t want to travel, It doesn’t necessarily mean you are automatically placed in the rejection folder.

6. ‘Are you willing to relocate?’

It’s better not to give a straight answer for this question unless you know for definite you are willing. Instead say ‘It’s something I will consider’ or ‘At this moment in time…’

7. ‘Describe yourself’

Tell them a mixture of personal and professional facts.

8. ‘What are some of your leadership experiences?’

Name and explain from personal and professional situations. As long as they are appropriate for the job.

9. ‘What questions do you have for me?’

It is good to think about questions beforehand but it is okay if you don’t have any questions as they may have covered everything.

10. ‘What was your biggest failure?’

The worst thing you can do is try to make excuses for yourself. Provide examples of where you overcame failure.

Here at Selsdon Partnership, we’ve got years of experience in Specialist IT Recruitment so don’t forget to give us a shout if we can help you find that next role.

Got your CV ready to go?

We are currently seeking Security professionals to join a leading regional Bank based in the Middle East. We are recruiting for: Senior Security Architects, Senior Security Engineers and Senior Security SOC Analysts. You must have a relevant degree. On offer is a tax free base salary and bonus. If you are interested in the opportunities or would like to recommend a colleague, please email Paul at paul@selsdonpartnership.com.

Impressive skills to include on your CV

Within a single job market, over 250 applications are received, so you need to submit a resume that stands out to get considered for the role. It is a huge battle to face, so make sure to put all your effort in.

As you already know what not to do in your CV, we thought we would give you some support on what you should be doing.

1) Communication
Including communication is kinda cliché but it is a very much a key skill that should not be overlooked. For example if you have experience in talking face to face with customers or over the phone, then it would be useful to include that. You could even show your communication throughout your CV by spell and grammar checking, your new potential employer aren’t going to be too pleased with typos all over the place.

2) Problem Solving
Problem solving is a crucial skill that you should be including. Working as a Chief Information Security Officer you are bound to run into many problems which are going to need solving quickly and efficiently. Why not even include some examples of problems you’ve solved in your previous role?

3) Social Media
Social Media is a powerful networking tool so we’d recommend that you ensure it’s on your CV to give you an extra boost. Some companies still resist hiring a social media manager as the role could be done by their existing employees. Look at it as having extra brownie points, those points could mean the difference in getting the job or not. Social media may not seem to be relevant to your exact role but you don’t know how beneficial it is for them.

4) Positive Attitude
It is no surprise that they is a key skill in a workplace, and especially if you are working closely alongside other employees. It is very beneficial for a majority of situations you may come across when working or in general. It is tricky to show your positive attitude throughout your cv but be sure to show it within your interview!

Here at Selsdon Partnership, I’ve got years of experience in Specialist IT Recruitment so don’t forget to give me a shout if I can help you find that next role.

Got your CV ready to go?
We are currently seeking Security professionals to join a leading regional Bank based in the Middle East. We are recruiting for: Senior Security Architects, Senior Security Engineers and Senior Security SOC Analysts. You must have a relevant degree. On offer is a tax free base salary and bonus. If you are interested in the opportunities or would like to recommend a colleague, please email Paul at paul@selsdonpartnership.com.

What is a CISO?

A CISO (Chief Information Security Officer) is a senior-level executive who’s primary responsibility is developing and implementing an Information Security program. They’ll also normally oversea the procedures and policies to help protect the businesses communications, systems and assets from both inside and outside the company. It may be that the CISO works alongside a Chief Information Officer (CIO) who’s role is to overseas the companies cybersecurity products/services and to manage a disaster recovery and business continuity plan.

The Chief Information Security Officer (CISO) may also be referred to as a Chief Security Architect, the security manager, the corporate security officer or the information security manager, this all depends on the companies current structure and existing roles. Although the CISO may also be responsible for the overall security of the company (which could include it’s employees and facilities), he or she may simply be called a Chief Security Officer.

CISO Role & Responsibilities

The main role of a CISO is anticipating new threats and actively working to prevent them from occurring (rather than waiting for a data breach or security incident). The CISO would normally be working with other executives across different departments to ensure the security systems are working smoothly to again reduce the risk of a security attack.

The role can vary depending on the company structure, but a CISO may be asked to also undertake:

• Employee Security Awareness Training
• Developing Secure Communication Practices
• Identifying Security Objectives & Metrics
• Choosing & Purchasing Security Products
• Ensuring the company upholds its regulatory compliance
• Enforcing adherence to security practices
• Managing an Incident Response Team
• Conducting Electronic Discovery
• Digital Forensic Investigations

CISO Qualifications & Certifications

A CISO typically is an individual who’s able to lead and manage employees, they must have a strong understanding of information technology/security and be able to take complicated security concepts and communicate them to non-technical employees. CISOs should have experience with risk management and auditing.

Many companies requires CISOs to have an advanced degree (or similar) in business or computer science – this helps to demonstrate a strong understanding of Information Technology. It’s also important that a CISO has extensive professional working experience in Information Technology.

CISOs typically have relevant certifications such as Certified Information Systems Auditor, Certified Information Security Manager, Certified Information Systems Security Professional, these are issued by ISACA or ISC.

Finding that perfect role…

If you are looking for a role in Information Security/Cyber Security then get in touch with Selsdon Partnership today – a leading Specialist IT Recruitment Agency.

How to Write a Résumé That Stands Out

When you are writing your résumé you will want to spend the majority of your time focusing on the first 15-20 words at the start beginning. That is how long you will have to grab the employers attention. Make it good and worth their time, and they will carry on reading. Therefore you are one step closer to the finishing line, and getting employed.

Recruitment is difficult for the employer too. Your mission is to sell yourself in 15 words and make yourself stand out so the decision is less complicated!

My main advice to you is to make it short and make it brief. You will have plenty of space on the rest of the A4 piece of paper to go into detail about yourself. Your first sentence could be a quick background of you. For example ‘IT Specialist of over 15 years of experience of network management, software development and database administration.’ That is exactly 16 words, it is all you need to inform them who you are.

Stay clear from cliché phrases! This is very important. An employer receives an average of 100 résumés and the majority of them include ‘cliché phrases’. For example ‘I am extremely motivated’ or ‘I have achieved.’ You want to stand out from the other 100 résumés, not join them!

Emphasize accomplishments over responsibilities. For example ‘In my time at my previous employer I increased our client base over 20%’ instead of boasting how you babysit your younger siblings now and then for your parents.

If you have a lot of information but cannot fit it on one page, I have a solution. Do not make the text so small it is hard to read. Make sure the font you use is simple and clear to read like Arial and the font is at a size with is readable like 12/14. If you don’t want to remove any information than you can go onto a second page. There isn’t a rule that won’t let you so that. However my advice would be to make your résumé double sided, just so it’s not overwhelming.

Here at Selsdon, we’ve got years of experience in Specialist IT Recruitment so give us a shout if we can help.

10 Things Not To Do When Creating A CV

It’s important that when writing a CV that it stands out from the other applicants. When employers analyse the CV’s they spend an average of seven seconds deciding whether to keep or delete. If they decide to keep your CV and read on – it then takes sixty seconds to make their final decision. But don’t panic! We are here to help you produce the best CV and nail those applications.

Ever wondered why an employer has rejected your CV? Here is what we know…

1. 59% of CV’s have grammatical errors (Re-read your CV or get someone else to check it for you!)
2. 50% have too much of a casual tone (Never use slang or abbreviations)
3. 50% use cliché phrases (Being different gives you leverage)
4. 47% are excessively long (It only needs to be one side of A4!)
5. 44% use snazzy borders or backgrounds (a little goes a long way)
6. 43% writes their CV in third person (Your CV isn’t your story, it’s a profile)
7. 42% use clipart or emoji’s (It is unprofessional to create a CV like it’s a text message)
8. 39% use cringe worthy quotes (It’s unnecessary to include quotes from Ghandi)
9. 32% use an unprofessional email address (don’t use the email address you created when you was nine for MSN e.g cutie_pie@email.com)
10. 31% inappropriate font (Stick with something simple like Arial – It needs to be readable)

Here at Selsdon Partnership, an IT Recruitment Agency, we have revealed the secrets for you. You will now be able to create the best CV that will grab your next employer’s attention. Stay away from what you shouldn’t do (don’t even scratch the surface), we don’t want the seven seconds you have to be wasted. The recruitment will be the hardest obstacle you will face. Once you have conquered this, everything will go smoothly!

Take these ten tips and apply them to your CV and not only will your employer be amazed, the interview will be a breeze. You’ve got this!

CV Buzzwords

When writing a CV we are taught to make use of key buzzwords. Especially key ones like Experience or Experienced. These words tend to be overused and in some case may be what is not allowing you to reach your full potential and stand out when applying for new roles.

According to LinkedIn, ‘it is the most overused buzzword by the platform’s millions of users in the UK.’ So, here at Selsdon we believe that we need to start using words that are more engaging and unique.

“Experienced” has been crowned the most used word followed by ‘specialise’ and ‘motivated’. These words have influenced people’s profiles in former years due to the company’s acknowledgement of the phrases. Unsurprisingly, ‘passionate’ and ‘enthusiastic’ is featured in the top ten list of most used buzzwords. These words need to be banned from your profile if you want to stick out to future employers.

From research undertaken by the University of Reading it has been stated that there has been a gradual shift to more verifiable skills in the uk, while the rest of the world has made a more obvious move towards using words indicating abilities. It is assumed that British employers still value personal attributes. The change of highlighting ‘provable skills’ could be down to the rise of freelance work.

It is also known that employers are more likely to hire someone who will for a couple of weeks turn up on time. Than to hire someone based on their personality and their loyalty to their job.

So, now it’s time to go and refresh your CV to make sure you stand out when applying for your next role!

Risk managers take note: Brexit was not a black swan

Protecting yourself against true black swans is the art of the possible, not the probable.

Nassim Nicholas Taleb deserves credit for his contribution to literature and received financial wisdom. His 2007 book, The Black Swan, forced many risk managers and other industry practitioners to think more deeply about the impact of improbable events and how they shape our lives. But the effect of Taleb’s teachings has not been wholly benign.

To explain this, it’s worth taking a look at the UK’s June 23 referendum on its membership of the European Union. The result of that vote – 51.9% in favour of leave versus 48.1% for remain – has been described as a ‘black swan’.

Certainly, the result was unexpected and caught many by surprise. In a recent column for Risk.net, operational risk consultant Ariane Chapelle tells the story of a French financial firm that “prepared nothing except a vague internal note on Brexit – and only then because it was encouraged to do so by the European Banking Authority”.

The upshot was the company had absolutely no communication prepared to reassure worried clients when the worst happened on June 24.

Lazily categorising entirely probable events as black swans narrows the range of potential outcomes and avoids the need to think of other, more extreme scenarios

Some risk managers I spoke to in the run-up to the vote told a similar story. For some, it seemed the scale of the challenge that might be thrown up by Brexit had persuaded them to put the possibility of it aside.

But the truth is that Britain’s exit from the EU was not a black swan.

Taleb points to several distinguishing features of black swan events. One is that they have an extreme impact. Make of that what you will. Another is that they are “outliers”, which lie “outside the realm of regular expectations, because nothing in the past can convincingly point to [their] possibility”.

A true black swan event – such as the discovery of the first Australian black swan itself – is something that shatters our previous understanding of a system by giving us new evidence that differs dramatically from what existed before.

On the eve of the UK’s referendum, four closely watched opinion polls contained margins of victory for either side of 2% or less, well within the usual margin of error. Two of those polls actually showed leads for the leave side, as other polls had done earlier in the campaign.

More fundamentally, the idea of the EU not being particularly popular in the country that coined the word euroscepticism should not have come as a surprise.

Comfort blanket

In the case of Brexit, the use of the term ‘black swan’ is a comfort blanket – a reason why, in retrospect, the failure to prepare was excusable. It is symptomatic of a trend in which the risk managers’ feathered friend reappears with alarming frequency. Lazily categorising entirely probable events as black swans narrows the range of potential outcomes and avoids the need to think of other, more extreme scenarios.

Since 2007, I’ve seen this all too often. During conference sessions with chief risk officers or other senior risk managers, participants are sometimes asked to identify potential black swans that their firm or the wider industry may face. Without ignoring the difficulty of this task, for it is difficult, most of the responses I hear are certainly not real black swans. History shows us there is no shortage of sharp corrections in oil prices, for example.

Good risk management requires more imagination than this. Protecting yourself against true black swans is the art of the possible, not the probable.

Risk managers – particularly operational risk managers – are paid to think about Taleb’s outliers. But when reaching for extreme scenarios, too few think of the sort of paradigm-shifting events he had in mind. More rigorous thinking would confer benefits on individual firms and the industry as a whole. It would also make Brexit look like a picnic.

Source Article

Global standards to protect banks from cyberattacks may be in the works

Dive Brief:

• The Bank for International Settlements (BIS), a committee of central banks, is reportedly considering expansive rules to protect banks from cyberattacks, according to a Reuters reportciting sources with knowledge of the matter.
• BIS reportedly set up a task force and is taking inventory of methods member banks use to prevent cyberattacks so that it might propose a global standard of protection. The effort is in part designed to set standards for inter-bank transfers.
• The New York Fed and the National Bank of Belgium, which oversees SWIFT, are both involved, according to the report.

Dive Insight:

Financial institutions around the globe are stepping up efforts to protect themselves from cyberattacks following the Bangladesh heist in February, wherein cybercriminals used the SWIFT banking network to steal nearly $81 billion from an account at the Federal Reserve Bank of New York.

SWIFT has struggled to get its member banks to comply with new security protocols implemented following the heist because it is a nonprofit cooperative without regulatory authority over its members.

Instead, global standards set by the banks themselves could help protect against future cybersecurity incidents, as protocols could help prevent human errors from sparking more incidents. And global cybersecurity standards would be some of the first of their kind across industries, as many sectors are trying to keep and defend against the threats they face.

Other institutions are now getting involved in the effort to protect financial institutions from cyber theft. Earlier this week New York Governor Andrew Cuomo proposed a new regulation requiring banks, insurance companies and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program.

Source Article

Chief Security Officer May Be The Job Of The Future That No One Wants

Almost three years ago, one of the most historic hacks happened: Target disclosed that 40 million of its of its customers’ credit and debit card data had been compromised. Bloomberg Businessweek called it “the biggest retail hack in U.S. history.”

The fallout was huge. The company spent tens of millions of dollars in the following months trying to clean up the mess. In the end, then-CEO Gregg Steinhafel stepped down, the company paid $10 million to the victims of the hack, its chief security officer left the company, and Target ultimately lost millions of dollars due to a subsequent loss of sales.

This was a watershed moment for the big companies in terms of security. About five months after the breach was announced, security journalist Brian Krebs wrote “It’s now clear that Target and other major retailers have been spending money in the wrong places—and that they’ve left a gaping hole in the Internet for hackers to keep stealing yours.” Now, more than two years later, security is still a huge problem for large and small organizations alike and companies are scrambling to find the proper leadership.

Some might characterize the last few years as a “gold rush” for security professionals. It’s becoming increasingly clear that hackers are going to continue hacking, and businesses are scrambling to bring in the leaders they need to fend off these increasing attacks.

A recent report from Cisco puts it bluntly, “cybersecurity skills are in high demand, yet in short supply.” With this, large organizations are scrambling to figure out how best to implement a proper security strategy all the while struggling to find the best people to execute the tasks. More than half of the organizations surveyed in the Cisco report sought security consulting, indicating that there’s a continual gap of internal knowledge.

THE NEED FOR LEADERSHIP

The big issue is understanding how to position the problem. For years, security was something of an operational issue—a decision made and implemented by middle management. Top decision-makers didn’t really understand the inner workings of IT, so they likely didn’t have much stake in a company’s security posture.

But as targets become more widespread, it’s now a leadership issue. And titles like CISO (Chief Information Security Officer) and CSO (Chief Security Officer) are becoming C-level staples.

The problem, however, isn’t just in the job creation—it’s in finding people with the correct skill set. Larry Ponemon, the chairman and founder of the Ponemon Institute, which researches data security practices, explains that for companies looking for security top brass, they need someone with more than just good on the ground skills. “A lot of organizations,” he says, “will hire people who do security with an IT background.”

More pertinent is that they aren’t fluent in the language of business. For a role like a CISO, it’s not just about finding problems and implementing solutions—it’s more explaining why it’s so important to a board. Once organizations figure out a new security posture from the inside out, a CISO will have to explain why they’ll likely have to increase the budget by 10% to combat security flaws.

PROBLEMS WITH SOURCING

Finding this talent is difficult too. That’s why large companies are now flocking to the big security conferences around the world, such as RSA and Black Hat. It’s a major networking event for the professional inside the industry to meet up with the companies scrambling to cover their tracks.

More, executive recruiting firms are now focusing much more on security expertise. As Ponemon puts it, they’re an “emerging cottage industry of headhunters.” These firms are capitalizing on the gold rush, positioning themselves as the best way to find C-level employees with the correct security expertise.

In some ways, roles like CISO are the worst because everything is good when nothing happens.

Though headhunting may seem like a smart way for some, there may be more direct routes. Christopher Ahlberg, cofounder and CEO of the cybersecurity startup Recorded Future, has found great success in tapping military and government alumni. His firm lives and breathes security—its keystone product combs the open web for potential hacking rumblings and uses machine learning to predict when a breach may occur—so it’s imperative that everyone inside understand the industry. But as he sees it, the necessary skills can come from places other than an IT department. He says he looks “mainly for people who understand intelligence.”

The ultimate thing about creating a security product—as well as an internal security posture—is dealing with unknowns; when something happens from an external source, how do you protect yourself. Those with military backgrounds are trained rigorously to deal with precisely these quandaries. So Ahlberg says he’s had resounding success plucking people who are “retiring” from the government and having his team train them inside the world of cybersecurity. (Of course, he probably gets some help in finding the best and brightest government officials thanks to funding from the CIA’s venture arm In-Q-Tel.)

AN UNSTABLE MARKET

Despite the need, the market is anything but stable. For many top-level security leaders, the job is stressful and difficult to navigate. “It’s not as glamorous as you might think,” says Ponemon. More, companies consistently try to poach people, so the average span of a leading security job may only last a few years. Not to mention, when a breach does happen it’s the leader who will take the blame and likely have to move on.

The only way for this to smooth out is to get more experienced people in the industry. The job requires a tiny quadrant inside a large technological venn diagram of skills. Education institutions are beginning to offer programs to teach cybersecurity as a standalone skill, and this could alleviate the job crunch down the line. But for now, it’s a mad dash for large companies to not only say they’re ready but also truly be ready.

And, of course,those who have the leading roles have to be prepared for the worst. In some ways, roles like CISO are the hardest because everything is good when nothing happens. Then, when one misstep occurs, millions of dollars are at stake. And even if the best security practitioners are trying to secure an organization, they can often get blindsided.

“It’s one of those jobs that’s ungrateful,” says Ahlberg. And sometimes the cards can get stacked against you. But perhaps with better sourcing and more direct training, the recruitment process will be a little less like the Wild West.

Source Article

Firms urged to view security as investing in the brand, not just a cost of doing business

Boards should be encouraged to spend on security by treating it as an investment in the brand, and not just a cost of doing business, as it is currently more commonly viewed.

That’s the view of Darren Argyle, global CISO at financial services firm Markit, speaking at Trend Micro’s CloudSec 2016 event in London recently.

“We all know security is seen by boards as a cost of doing business. I sell it as an investment in the brand, and protection of the investments they’ve already made. Then they’ll view it very differently,” he said.

Argyle also recommended comparing security spend and maturity against industry competitors as one method of proving return on investment, traditionally a thorny area for security professionals.

“Boards are always interested in benchmarking. They want to know how they’re doing compared to their competitors. Are they spending more or less? So demonstrate that in your benchmarking, or by providing a maturity assessment to that board. That should help with proving value,” said Argyle.

Also speaking at the event was Troels Oerting, global CISO at Barclays, who explained that applications today need to be secure and intuitive to use.

“When I arrived at Barclays we already had 13,000 developers. In banking, applications sell products, not the other way round, so any road to a successful digital future leads through security,” he said.

“Applications need to offer privacy and security and be convenient. In the old days we developed then penetration tested, then it was released. Now security is built in by design in development.”

Oerting also advised firms to invest in intelligence in order to better understand the threats of the future, so that they can plan now for the protection they’ll need in the coming months and years.

“I’m not interested in what’s hitting me now, but what will hit me in the future. We invested in intelligence, otherwise I’m investing in the past and the criminals are busy finding new ways to attack me,” he said.

Source Article