#NSBCS.036 - The Battle for Talent: Simple (but Overlooked) Recruitment Practices to Stand Out
Source: NSB Cyber
The Battle for Talent: Simple (but Overlooked) Recruitment Practices to Stand Out
In today's competitive landscape, attracting top cyber security talent goes beyond offering competitive salaries, free breakfast or flexible working. With a limited pool of skilled professionals, standing out amongst the crowd of employers is crucial.
Here are a few tips we've found effective.
… But WHY you?
In a talent-short market, it's essential to communicate why candidates should pick your company. Start with a clear story about your company's mission and values. Whether you're protecting critical infrastructure or just have an epic team and cool projects, give recruits a reason to be excited about your mission.
Simon Sinek’s “Start with Why” is a great resource to define your unique selling point. Show them not just what they'll be doing, but why it matters.
Cyber is Stressful, So Make it Fun
A vibrant, inclusive work culture is key. Create an environment where diversity is celebrated and inclusivity is a given. During the interview process, let candidates meet the team and experience the culture firsthand. A workplace that fosters camaraderie, collaboration, and a sense of belonging is a powerful draw.
Interview Tip: Invite them to meet the team as part of the process – let them meet the people they’ll be working with!
Grit Over Talent
Technical skills are vital, but grit and persistence often lead to long-term success and loyalty. Talk to recruits about the technical, but also about the skills that don’t sit in certifications that are also valued by your company. Candidates with resilience, adaptability and a strong desire to learn can outperform those with a more extensive list of certs on their resume, but with less drive. "Grit" by Angela Duckworth is a great read to understand the value of perseverance over talent.
Follow the Leader
Strong leadership is crucial for retaining talent. While high salaries and big brands can attract, strong leadership and a positive culture retain. Candidates seek leaders who inspire, support, and care about their well-being. Find ways that you can demonstrate to potential hires that your leaders are approachable, empathetic, and invested in their team's (and their own) success.
Humanise the Process
Finally, treat recruitment as if it were you being interviewed yourself. Avoid making it overly clinical or transactional. Remember, you're welcoming a person, not just a skill set. Make the process personal and respectful, and over communicate rather than leaving things up to interpretation or worse… ghosting them!
By focusing on these few points, you’re closer to building both a capable team and inviting workplace. It's not just about bums on seats, it's about building a passionate team excited to contribute to your mission.
What we read this week
Microsoft Flags Windows Changes after CrowdStrike Outage - Microsoft is pushing for changes to Windows security after a CrowdStrike update caused a global outage affecting 8.5 million computers. CrowdStrike's Falcon security software, which operates at the kernel level, encountered a bug leading to the crash. Microsoft plans to enhance resilience and security by reducing kernel access and implementing features like VBS enclaves and improvements to Azure. They aim to develop capabilities that balance security and reliability in close cooperation with their cybersecurity partners.
OneBlood's Virtual Machines Encrypted in Ransomware Attack - OneBlood, a major blood donation organisation, experienced a ransomware attack that encrypted their virtual machines, disrupting IT systems and blood collection processes. The attack has forced OneBlood to rely on manual operations, significantly reducing their capacity and prompting hospitals to activate critical blood shortage protocols. OneBlood is working with federal and local agencies to restore functionality and has not disclosed details about the attackers. To mitigate the impact, blood donation centers and the AABB Disaster Task Force are directing blood products to OneBlood to maintain blood flow to hospitals and patients.
Telegram App Flaw Exploited to Spread Malware - A zero-day flaw in Telegram's Android app, dubbed EvilVideo, allows attackers to spread malware disguised as video files. This exploit uses Telegram's API to upload malicious APK files that appear as 30-second videos. When users attempt to play the video, they are prompted to install the APK, leading to malware infection. The flaw was disclosed on June 26, 2024, and fixed in version 10.14.5 on July 11, 2024. Users are advised to update their app to avoid this security risk.
Ransomware Gangs Observed Exploiting VMware ESXi Flaw in the Wild - Ransomware gangs are actively exploiting a recently disclosed vulnerability, CVE-2024-37085, in VMware's ESXi hypervisors. This flaw allows attackers to bypass authentication, potentially giving them full control over an ESXi host. Microsoft researchers have observed several ransomware groups, including Akira and Black Basta, using this exploit to gain administrative access, encrypt file systems, and exfiltrate data. The vulnerability's exploitation is especially impactful because ESXi hypervisors often run critical virtual machines, making successful attacks highly disruptive.
France Launches Large-Scale Operation to Fight Cyber Spying Ahead of Olympics - French authorities have initiated a large-scale operation to eliminate malware from computer systems ahead of the 2024 Olympics, targeting espionage threats. This "disinfection operation" focuses on combating the PlugX malware, which has infected thousands of devices in France and millions worldwide. The operation, involving both local and international cooperation, aimed to bolster cybersecurity in the lead-up to the games. Authorities have already seen significant progress, with hundreds of devices disinfected shortly after the campaign's launch.
References
https://ia.acs.org.au/article/2024/microsoft-flags-windows-changes-after-crowdstrike-outage.html
https://www.bleepingcomputer.com/news/security/onebloods-virtual-machines-encrypted-in-ransomware-attack/
https://thehackernews.com/2024/07/telegram-app-flaw-exploited-to-spread.html
https://www.cyberdaily.au/security/10896-ransomware-gangs-observed-exploiting-vmware-esxi-flaw-in-the-wild
https://therecord.media/france-combat-cyber-spying-operation-olympics