Thinking outside the security box: Assembling non-traditional security teams

Presented at BSides Austin 2018, March 8, 2018, 11 a.m. (60 minutes).

In an environment where traditional security professionals are scarce, I have taken a different approach to building out a robust pentesting team. By thinking outside the box and adding a bit of creativity to the process, such as providing our recruiters with different technical personas, we have been able to transform the way we attract and hire talent, transforming them into incredible security professionals and consultants. Through mining different industries, technology sectors and practices, we are able to assemble a team that learns and grows together. Their multi-faceted experiences in technology and diverse educational and professional backgrounds helps them introduce each other to different experiences and ways of thinking, enabling them to achieve things they otherwise would not have been able to do on their own. Building this kind of team requires a clear path and dedicated resources who are invested in the success of both the team at large, and the talent at the individual level. It also requires hard work, ambition, and a willingness to learn from all team members. During this presentation, I will walk the audience through this idea, the most effective way to execute it, and some of the results we have seen since embarking on this initiative.

Presenters:

  • Jay Paz
    Jay Paz (GSEC, GWAPT, GISP, GSSP-JAVA) has more than nine years of experience in information security and fifteen plus years of information technology experience including system analysis, design and implementation for enterprise level solutions. He has a strong background in developer, engineer, and security engineer supervision and training as well as experience in major programming languages, operating hardware and software, and major infrastructure application development. Specialties include Information Security, Application Security, Web Application Security, Penetration Testing, Risk Assessments, Security Policy, Security Awareness and Education.

Links:

Similar Presentations: