Cyber Security Events

Cyber Security Events

At Via Resource, we are committed to staying at the forefront of cyber security developments and sharing our expertise with the global community. That’s why we are thrilled to announce our participation in a series of prestigious cyber security events across the United Kingdom and the United States.

This page serves as your gateway to stay updated on these events, as well as a valuable resource for all things cybersecurity. We understand the importance of real-time information in the ever-evolving landscape of digital security, which is why we will be frequently updating this page with the latest details about our participation, event agendas, speakers, and more.

September

September 18, 2023 – September 22, 2023

Meydenbauer Center, 11100 NE 6th St Bellevue, WA 98004

SECtember 2023 is the essential industry conference to assist organizations in elevating their cybersecurity capabilities.

Diversity in Security Luncheon, September 21, 2023, 12:00 PM – 1:30 PDT

Diversity is critical in cloud security. Security systems must work for all users and a variety of perspectives can help deliver the best solution. When a single culture designs a security solution, often that solution will work well for the users of that background, but it might not work for other communities. Increasing diversity in the cybersecurity community will strengthen our overall security posture. Join us for lunch as we hear from prominent industry insiders who represent a variety of backgrounds and share their experiences as we explore how to make the cloud security industry more inclusive.

    • Kris Rides, President of Americas, Via Resource – Moderator
    • Nicole Dove, Head of Security, Riot Games
    • Larry Whiteside Jr, CISO, RegScale
    • Kathy Cox, Associate Vice-President, Strategic Partnerships, City University of Seattle

http://sectember.com/

September 25, 2023 – September 27, 2023

Disney’s Coronado Springs Resort | Lake Buena Vista, Florida

Now in its 29th year, InfoSec World is known as the “Business of Security” conference bringing together practitioners and executives for multiple days of top-notch education, networking and more!

Ask the CISO’s (World Pass Holder Exclusive Session), Fiesta 5, Monday, September 25, 2:40pm-3:30pm CDT

Join us for an insightful panel discussion with three experienced CISOs as they share their unique career journeys, challenges faced, and lessons learned along the way. Hear their perspectives on the evolving cybersecurity landscape, the importance of leadership in security, and their advice for aspiring professionals looking to make their mark in the field. Don’t miss this opportunity to gain valuable insights from seasoned industry leaders.

    • Kris Rides, President of Americas, Via Resource – Moderator
    • Larry Whiteside, CISO, RegScale
    • Stacy Dawn, Retired Federal CISO & Current Director Cybersecurity Expert, CGI Federal
    • Nick Percoco, Chief Security Officer, Kraken Digital Asset Exchange

https://www.infosecworldusa.com/isw23/session/1649352/

Hacking into a cyber career – One year on, Fiesta 5, Tuesday, September 26, 1:05pm-1:55pm CDT

Getting your first dedicated cyber role is challenging, and progressing from it can be just as hard. We will meet the early cyber career professionals in this panel who participated in last year’s conference. We will discuss their many experiences in the previous 12 months, from changing jobs, promotions, and career development to being laid off and having to find other opportunities. The information is invaluable, especially if you are in any of the same situations.

    • Kris Rides, President of Americas, Via Resource – Moderator
    • Gunnar Kallstrom, Cyber Analyst Team Lead, PeopleTec
    • Nick Demeo, Cybersecurity Analyst, DAS Health
    • Heverin Joy Williams, Cloud Engineer, CDW
    • Amanda Lyking, GRC Analyst, GRCIE

https://www.infosecworldusa.com/isw23/session/1499052/

October

[Career Conversations] Opening Doors: A Guide to Smooth Career Transitions, Monday, October 2, 2023, 3pm-4pm PST

Tuesday 10th October 2023

The Folly, London.

Join us for a morning of networking and knowledge sharing at the Connecting Women – Cyber Security Networking Breakfast. This in-person breakfast event will take place on Tuesday 10th October 2023 at The Folly, London.

Are you a woman interested in the field of cyber security? This is the perfect opportunity to connect with like-minded professionals, exchange ideas, and expand your network. Whether you’re an experienced expert or just starting out, this event welcomes women from all levels of experience.

During this breakfast event, you’ll have the chance to hear from industry leaders who will share their insights and experiences in the cybersecurity field. Engage in meaningful conversations, gain valuable contacts, and discover new opportunities.

Don’t miss out on this exciting event! Mark your calendars and be ready to kickstart your day with inspiration and connections. Remember to bring your business cards and an appetite for both networking and breakfast!

Speakers include:

Ayesha Khine

Ayesha Khine, is a Principal Cyber Security Lead at Pentesec, a division of the Charterhouse Group. With a career spanning over 14 years in the dynamic realm of technology, Ayesha started her career in the banking sector, where she honed her skills before branching out to safeguard critical assets across a number of sectors, including aviation, legal and pharmaceutical, among others. Notably, Ayesha has stood as a beacon of diversity in her roles, breaking down barriers and inspiring others to follow in her footsteps. She has been a vocal advocate for diversity and inclusivity, actively working to encourage more individuals, regardless of their background and identity, to explore the exciting opportunities within the tech and cybersecurity domains.

Molly ‘PonchoSec’ N

Molly ‘PonchoSec’ N, is an Information Security Specialist at K2 Corporate Mobility, bringing a wealth of experience spanning over a decade in the industry. Starting from humble IT roots, Molly discovered her passion for cyber security and have remained dedicated to making a difference, even in contexts where she was among the minority as a woman in her teams. Throughout her journey, Molly has been an advocate for diversity and have actively worked to inspire more women to explore opportunities in the tech and cyber security fields.

https://www.eventbrite.co.uk/e/connecting-women-cyber-security-networking-breakfast-tickets-696053995237

October 12, 2023 – October 13, 2023

Marriott Marquis Houston, 1777 Walker St, Houston, TX 77010

The HOU.SEC.CON information security conference is THE conference to attend in the Houston, Texas, area.

Since 2010, they have had a tradition that repeats every year, and with each passing year, it gets bigger and more successful. In 2023, they anticipate having more than one thousand attendees. Don’t miss out on this fantastic annual event that features two days of outstanding sessions, cool attractions in the Village, sponsors, with your friends and coworkers in the cyber security industry!

https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary

ISC2 on Point with Careers: Live Podcast! Security Cleared Jobs: Who’s Hiring and How, Presidential Ballroom A, Thursday, October 26, 2023 12:20pm – 1:10pm CT

During this live job search podcast, the cohosts will interview two recruiters about current topics in cybersecurity job searches and career development, which have dramatically changed over the last few years. New topics include the wide variety of remote opportunities, boomerang employees, culture and how to engage management on your career development.

    • Kris Rides, President of Americas, Via Resource
    • Kathleen Smith, MBA, COO, ClearedJobs.Net
    • Rachel Bozeman, Director of Talent Acquisition, Consumer Cellular
    • Kirsten Sireci Renner, National Security Portfolio Recruiting Director, Accenture Federal Services

https://2023isc2securitycongress.eventscribe.net/agenda.asp?startdate=10/26/2023&enddate=10/26/2023&BCFO=&pfp=FullSchedule&mode=&fa=&fb=&fc=&fd=

ISC2 on Point with Careers: Envision Your Cyber Executive Career Path, Presidential Ballroom A, Thursday, October 26, 2023 4:50pm – 5:50pm CT

This session’s panel of experienced cybersecurity executives will share their unique career journeys, including the challenges they faced and lessons learned along the way. Hear their perspectives on the evolving cybersecurity landscape and the importance of leadership in security. They’ll share advice for aspiring professionals looking to make their mark in the field.

    • Kris Rides, President of Americas, Via Resource – Moderator
    • Tim Chase, MS, Global Field CISO, Lacework
    • Catharina Budiharto, MAccy, CISSP, CISM, CISA, Founder & CEO, Cyber Point Advisory, LLC

https://2023isc2securitycongress.eventscribe.net/agenda.asp?startdate=10/26/2023&enddate=10/26/2023&BCFO=&pfp=FullSchedule&mode=&fa=&fb=&fc=&fd=

Hyperfocus Hour: Neurodiversity and Management Styles 

Hyperfocus Hour: Neurodiversity and Management Styles

Jon interviews Gabriel Severi, a Security Architect, about the economic impact of neurodiversity and management. They discuss the concept of ADHD tax, where neurodivergent individuals spend extra time and money on tasks that neurotypical individuals can complete more efficiently. The conversation also touches on the flaws in current productivity metrics and the negative impact of bad managers on the economy. Gabriel suggests measuring candidates based on measurable metrics such as IQ, problem-solving skills, and pattern detection rather than experience or knowledge with a particular tool. The podcast concludes by emphasising the need for continuous learning and training for everyone.

Points highlighted in this episode:

    1. Consider the concept of ADHD tax and how it may impact neurodivergent individuals in the workplace.
    2. Evaluate current productivity metrics and consider alternative methods for measuring productivity.
    3. Provide better performance management and people management training, especially for neurodiverse employees.
    4. Measure candidates based on measurable metrics such as IQ, problem-solving skills, and pattern detection rather than experience or knowledge with a particular tool.
    5. Emphasise the need for continuous learning and training for everyone.

Overview Of Podcast

    • Introduction & your ADHD tax
    • 06:22 ADHD management and the economics of it – Video Game Theory 
    • 13:10 Trend 1: Bullmarket
    • 15:50 Trend 2: Promotions
    • 17.01 Trend 3: Bad Management
    • 25:22 Wage inflation & Hiring Market
    • 46.14 Skills gaps and hiring
    • 59:11 Diamond in the rough
    • 64.27 The big five
    • 70:42 Personality Traits
    • 87:01 Last Comments

About Our Host Jon And Guest Gabriel

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit.

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

Gabriel Severi, Security Architect

Gabriel is a cybersecurity professional with just over 6 years of experience and exposure to multiple industry sectors. Currently he works as a Senior Consultant, specialising in Security Architecture. Outside of cybersecurity, Gabriel has a deep interest in Psychology and Game Theory, which he has used to analyse the current job market and identify areas which are causing negative impact to the economy. He was diagnosed with ADHD in 2021, and has been trying to upskill companies in neurodiversity management, one employer at a time.

He identified that this might be too slow a method, so now he is campaigning more strongly for better management practices in general, which he hopes will improve the score for neurodiverse employees holistically as a result.

Transcript:

Introduction & your ADHD tax

Jon: Welcome to Hyper Focus Hour, a podcast that is dedicated to ADHD and neurodiversity in the workplace, where myself and wonderful people such as you, Gabriel, attempt to navigate and build tools for neurodivergent people in tech and cybersecurity to essentially help them build and succeed in their career. I’m Jon, I’m a cybersecurity recruitment consultant. I’ve got a year and a half of experience in security operations and digital forensics incident response. I have ADHD primarily in attentive. I have two diagnoses from the US and a third from the United Kingdom. This podcast is now going to be brought to you by myself, obviously, and by a resource, a specialist information and security recruitment specialist who operate in the UK, Europe, US and Middle East, which I realize is quite a lot. Today we have Gabriel Severi as a guest on the show. Gabriel is a security engineer and who, like me, obviously has ADHD. Gabriel has extensive experience in the security industry and I’m really excited to be talking to you, Gabriel, about the economic impact of neurodiversity and management. So welcome to Hyper focus hour. And again, I’m really, really excited to be talking about neurodiversity and management in the workplace and how that can impact the economy. But before we get started, I have one question for you.

Gabriel: Sure.

Jon: Do you know what ADHD tax is? Have you heard that phrase?

Gabriel: Yes, I absolutely have. The extra amount of time that it takes us to do anything, that means we’re often paying for the amount of time that we spend on doing something that neurotypical people do a lot faster.

Jon: Yeah, or like we bought something and we’ve forgotten we’ve bought it, or whatever. So before we get started.

Gabriel: The impulsiveness of buying things without impulsiveness or forgetting to pay for something early, when you get a discount, but then ending up paying for it late and you pay the full price.

Jon: So whether it was today, yesterday, in the last week, what was your most recent ADHD tax?

Gabriel: Oh, dear. I’m lucky on that front that as soon as I identified issues like that, I try to put structures in place to prevent me from doing that. I just make it a default rule. For example, for me, I don’t buy things unless it’s 100% pre planned. If I’m out, I’m in a shopping mall, or if I’m traveling, if I haven’t planned to buy something, it’s a flat rule. Even if I need it, even if I like it and I want it.

Jon: You won’t buy it?

Gabriel: No.

Jon: That’s a lot of self constraint.

Jon: Yeah. Okay, so you haven’t had a text like that in a while.

Gabriel: Thankfully, it has happened and it’s bit me hard. It’s one of those things, it takes a number of times for it to bite you, but you learn.

Jon: Yeah, I had a tax recently that was probably about a month or two ago. Basically, I really like Lego, especially as it pertains to the Star Wars. Right. And basically I bought a Lego Star Wars set and I forgot that I bought it. And about a week ago, it showed. Up in my flat and I was. Like, oh, I have new Star Wars. I have new Lego sets. Cool. I completely forgotten. Absolutely, totally forgotten. And then I was like, this is my Saturday sorted. I can now have a fun day.

Gabriel: That is beautiful. It’s like a present to yourself. From your past self.

Jon: Yeah, that’s how I look at it now. I’m just like, if something like that happens I bought some seasoning that I needed to make, like a curry and like a fried rice and stuff. And it showed up on, I think, Saturday. Same thing showed up. And I was like, what is this? And open it. I was like, oh,

Gabriel: That’s happens every once in a while. The longer it takes for things to get this. I recently bought a present for my fiancé well, I recently before Christmas, I bought a present for my fiancé’s birthday, which is coming up in August. Sorry, apologies. It’s not in August. August is my mother. See, there’s your ADHD again. There it is. Hers is in October. I know it’s a long time in advance, but I knew it was a preorder. I knew that it would take some time for it to get dispatched. And eventually it did get dispatched, and it arrived last week. And it’s related to a game. I don’t know if you like gaming .

Jon: Yeah

Gabriel: Destiny Kingdom is beautiful. I’m currently on Destiny, two, and there’s this beautiful cybernetic dog that you get to pet in the game. And she loves animals and she loves plushies. So a couple of years ago, I bought her a five Nights of Freddy’s Plushie. So this time around, I thought I get this pettable cybernetic dog as a plushie. And he arrived exactly as you said when he arrived. I was like, what’s this? I wasn’t expecting anything. And then I was like, oh, yeah.

Jon: The o moment is a great moment. Because you’re like, all right, I forgot I did that. It’s a really good it’s a good feeling. And it’s also like, how could I have forgotten that? But it’s when you got an.

Gabriel: Email reminding you three days before you arrived yeah.

Jon: And you didn’t read the email because you’re like, no, I can’t be that important.

Gabriel: Yeah. ADHD tax. Right. There not reading emails that you’re supposed to.

Jon: And speaking of that, like, ADHD tax, not reading emails when you’re supposed to. That goes into this into our conversation today.

06:22 ADHD management and the economics of it – Video Game Theory

Jon: Neurodiversity ADHD management and the economics of it. So this is a really interesting topic, and it’s a topic that I don’t think I’ve really had anyone else kind of speak about. What attracted you to it? Where did your interest grow from this? What caused you to think about it?

Gabriel: Sure, I work in cybersecurity, and I’ve got ADHD, so it’s no surprise to anyone that I like maths, mathematics, so anything mathy, anything numbers, anything that you can calculate and measure has attracted me for forever, basically physics, quantum physics, chemistry. So that’s always been an area of interest of mine. But sometimes there’s a topic in the media that sort of pulls up and you’re like, I’ve got some knowledge about this that feels significant. And I had been recently doing some work on game theory, trying to understand it better and trying to see how it applies in different scenarios, but particularly evolution and economics. So there’s two branches of game theory, evolutionary game theory and economical game theory.

Jon: We’re talking about video game theory here?

Gabriel: Almost. So game theory is a scientific theory of interaction and decision making.

Jon: Okay?

Gabriel: So because games fall under that category, it’s called Game Theory. So essentially, if you have a rules of interaction, that is the rules of the game, and then you have an outcome or an objective, right?

Jon: Yeah.

Gabriel: And that is the aim of the game. And then you have the participants, they’re the players. So you can describe games through Game theory, like like chess, or you can describe any strategical interaction with the same theory.

Jon: Right

Gabriel: So hence why, let’s say evolutionary competition started being described in terms of Game theory because it’s two competing participants. For example, in a two player interaction could be multiplayer interaction, could be team based, like a sport, like football. That can be described in Game Theory, but each team is a unit of participation. So you wouldn’t consider each individual player as a player, you consider the team as a player.

Jon: as a player. Okay, so from following you then, game Theory translates into neurodivergence and the economics of management and stuff because you’re not thinking of the managers, maybe individually, but as a company or even what’s it like different kind of verticals like finance or insurance or consultancy.

Gabriel: There’s an entire branch of Game Theory called economics game Theory. And because of my interest in Game Theory, I started getting interested in economics and how the strategies and choices of actors in the market impact the market and each other because companies are constantly competing against each other, trying to do better than each other, et cetera. And, you can even compare. There’s a word that we use in business called incorporated. So incorporated comes from the Latin corpus, which means body. So you can make a parallel between a business entity, a corporation with a body. So the executive management is your brain. The departments are like each individual organ, each individual employee is a cell, and money is the energy.

Jon: So it really breaks down. Okay,

Gabriel: It maps very well. It maps perfectly. In fact, there’s a reason they called it incorporated at the end of the day. And what you get is because I have that interest already. And now a hot topic is this idea of stagflation, right? So you have stagnation, so lack of productivity and inflation where market prices are going up despite us not producing more. And you get COVID and everybody’s now working from home and you’ve got all the subsidies being given out, which is making inflation even worse.
And you’ve got issue of being capable now of working from home. But once COVID is out, some companies are pushing people back into the office. And that caught my eye, that caught my interest because I was like, I think I can model this theory. But after doing the modeling, this is nothing extensively mathematical, but it’s just mainly logic. My area mainly focuses on logic diagrams and logical outcomes. And what I identified was something that I had somewhat presumed or observed. But then I was capable of modeling it at a larger scale, because in the businesses I have worked in, you notice the behavior, and you can predict, this will lead this behavior or this strategy. This choice will lead to these outcome, or given a certain set of circumstances, these will be the outcome of these.

Jon: Was it at that point that when you’re doing this modeling and you were running it through game theory and everything, was it at that point you kind of maybe did you notice there was a trend in like neurotypical managers and a lack of neurodiverse managers? What was the trend there?

Gabriel: So for sure, I’m going to start like this. If I remember correctly, two main trends, potentially three, but one main trend is I’m going to use a technical term, but I will try to explain it as best as I can.

13:10 Trend 1: Bullmarket

Gabriel: During bull markets, you have extreme inefficiency. So what that means is a bull market is when the market is doing financially very well or even exceeding expectations. And what ends up happening is in periods of abundance, you efficiency can be masked by simply applying more resources. So you have a manager that isn’t particularly smart or isn’t particularly good at strategizing or managing people and engaging. And then what happens is. They in order to solve the lack of productivity that his team is having, they say to their manager, the senior management, I need more employees, I need a bigger team. Right. We’re not producing enough because we don’t have the resources. It’s always a resources problem. You’ve seen that picture where this guy trying to look over a wall, has about 15 ladders, but they’re stacked horizontally. Whereas if you used a single ladder stacked vertically on the wall, you’d be able to get over the wall.

Jon: So essentially, instead of using the ladder the way that the ladder should be used, they’re just mismanaging it.

Gabriel: They’re mismanaging resources because they’re inefficient, they’re not good strategists. And what ends up happening is in a period in a bull market condition, that is fine, you can throw more resources at the problem. Let’s tax some more ladders horizontally. Yeah. Because we can afford it. And you see, that’s exactly what happened with Facebook, Google, Microsoft, and all of these large tech companies that are now doing mass layoffs. Why are they doing mass layoffs during a bull market? They overhired. They just threw resources at a problem when the correct solution would have been, let’s find a more efficient way. Yeah, so that is the first trend. Right. And we’re seeing that now. So as soon as a bull market ends and you start going into recession, the inefficiencies of management start becoming critically apparent. Yeah. The second thing I started noticing is because of poor management, promotions were also.

15:50 Trend 2: Promotions

Gabriel: And hiring was also inefficient. And by that I mean they were. More socially oriented to make people happy. Rather than measured on a capacity and skill basis. So what that means is you’ve been. At the job for ten years, you’re best friends with your executive, and you get promoted to becoming a director. Yeah. You’re not being promoted by competency or your actual skills.

Jon: You’re being promoted by nepotism might be a good word. Yeah. Who. You know. Yeah. That’s something that just or you can make happy.

Gabriel: Who. You can make happy. Right. So if you can make somebody happy that has the power to promote you, your likelihood of being promoted goes up significantly. And. What ended up happening there is. You can see now, the evidence is in the job market, whenever you’re looking for a role to apply to and it says you need this many years of experience. How does the years of experience correlate. To capacity to do that job? Yeah. It may or it may not. It could be a close approximation, too, but in isolation, it is not much.

17.01 Trend 3: Bad Management

Jon: Yeah. And then if I’m following with where you’re going, I’m thinking your third point if we bring it back to ADHD or Neurodiversity the third point if I’m following is the people that are getting hired or they’re getting from promoted the nepotism, if you will, that’s being given to other neurotypical people maybe a lot of the time, because they are the ones that make the higher ups, they make the seniors happy. They get on with them. They have those connections, whereas social ability. That social awareness. Yeah. Whereas neurodivergent people, we struggle a little bit more with the social aspects, not even to get into the fact that we often don’t stay at jobs as long as a neurotypical does. So then it cascades because there are probably definitely some really good neurodivergent people out there that would be better suited for these roles and are being passed up because they maybe are a bit too blunt or they just think differently. And the seniors thinking they don’t think.

Gabriel: There isn’t a worse experience of going to an interview where the candidate is more capable of the job than the hiring manager. Yeah. And because they’re speaking completely different languages, the hiring manager can’t identify it. Yeah. And that’s the problem that I’m talking about here, is primarily one where managers that have been promoted into management inappropriately then are compounding the problem by making hiring decisions that are inappropriate. Now, when it comes to neurodiversity, that is affected usually in two ways. So on one hand, where the neurodiverse candidate is the one applying or the one that would like a promotion is the employee, the subordinate? Let’s say, then bad management essentially means that they don’t get the reasonable adjustment that they need. It may mean that their true capacity to perform is not assessed correctly because.

Jon: It’s being assessed on neurotypical standards.

Gabriel: Yeah. Not just neurotypical standards. They’re just. Bad managers don’t know how to assess. Even neurotypicals, some brilliantly talented neurotypicals are being passed over because a bad manager does not have the right metrics to measure capacity. So it’s not limited to one or the other. It’s not us versus them. It’s a bad managers are going to bad manage, do you know what I mean? Whether the candidate is a neurotypical or not. Now then you can flip it and say what happens when it’s a neurodiverse person that is the manager, right? And then you start getting into a whole other scale of problems. And I’ve identified this, particularly in the tech sector. It’s no surprise there’s a lot of psychological research, scientific research that have quantified what percentage of tech employees have a neurodiversity of some sort. Whether it be autism, ADHD, dyslexia, you name it. It is incredibly high, right? I don’t have the number right in front of me, but it is a known fact we are really good engineers, we’re really good analysts.

Jon: Really. That means that we workers, good technical workers.

Gabriel: We outperform. Which means we might stay in the job longer than a neurotypical peer. So because we’ve been there longer, we’ve been there ten years in that company and we’ve made friends with the executive despite our neurodivergency. Then you get promoted despite not being capable of being a manager or not having the adequate training. It compounds the problem because now not only are you a bad manager, you’re a bad manager with a neurodiversity. So not only you’re a bad manager, you’re a bad manager with a neurodiversity. And. I’m sure we’re going to talk about this some more, but as you said, the lack of training and preparation for these neurodiverse managers is really starting to bite these companies in the rear end because particularly the tech industry and the cybersecurity industry, even more so, is starting to severely suffer from the poor management. And that’s what’s in my estimation, what’s causing the prices and cost of salaries to raise. And we can discuss that in more detail if you’d like.

Jon: Yeah, that’s the thing is, as you were speaking, I was thinking about this and at a previous company I had a manager neurotypical and obviously I have ADHD. I’m primarily an attentive, right? One of my coworkers is primarily hyper. One of my coworkers was primarily hyperactive. And this manager knew a little bit about ADHD and they’d come up with a really good way and solution to manage my coworker. So they then took that management style and I don’t know if impose is the right word, but they used that management style as a fellow ADHD on me.

Gabriel: based them all with one brush.

Jon: But the problem was, and I didn’t realize this at the time, which is a shame, because if I had, I think things would have changed, would have would have worked out quite differently. I probably would have ended up staying there. But it’s only with hindsight, obviously, because it’s 2020, I. That management style because it was focused for a hyperactive person was actually horrible for me. It led to micromanagement, it led to undue stress. I wasn’t delivering the way that I needed to miscommunications, lack of communication, and I slowed down.

Gabriel: That makes perfect sense.

Jon: Yeah. And it’s only realized, well, it’s not not that he was a bad manager. This guy was not a bad man. I actually think he’s a great manager. The problem was he was managing me like he was managing someone else when it was a totally different type of ADHD because of the lack of awareness on the different types of ADHD and neurodivergence.

Gabriel: Here’s the thing. I’m going to contradict you there for a moment, but I do think it’s bad management, and maybe it’s not intentional. They were not an evil person by any means. No, I’m just going to term it as management is a skill. Just because somebody is a bad footballer does not mean they are a bad person. T

Jon: I wasn’t saying he’s a bad person. By no means.

Gabriel: Exactly. So bad in this sense, not in the moral sense, but certainly in the lacking skill sense, which is often what we’ve been finding as a result of the bull market. These people that have bad management skills being promoted and rewarded despite each.

Jon: Now because of the bull market, it’s going into a recession or what would you call it? A bear market. So that’s the flip end. Or I don’t know. I believe that’s right.

25:22 Wage inflation & Hiring Market

Gabriel: A bear market is a cold market that things start slumping down.

Jon: And so now that we’re in that market. Now that we’re in that market, we’ve been seeing just wage inflation, especially in cybersecurity. When I started a year and a half ago, was it a security architect would be looking realistically was looking for about maybe 80, maybe 90K on average on the base for really good company, really good security architect, they’d be looking for like 100, right? It’s absolutely changed. Now the price has gone up by 20%. So now the same person with the same experience for the same kind of job, everything is looking for like 100. And what’s happened is you have a lot of these people who come from Meta or Amazon, the big ones. I’m not going to name some of the smaller ones because GDPR, but they come and they have these overinflated egos of oh, I’m worth 120k, I’m worth one hundred and fifty k. And I’m like, but that’s not what the market’s saying. The only reason that you can say that you are worth that is because of the wage inflation that we’ve had, because of the kind of microcosm or the bubble that security is in that’s now starting to pop. And you have both neurodivergent and I think it is, I think it is.

Gabriel: So here’s why it’s not popping. What you’re going to end up with is a classification, a crystallization of and have nots in cybersecurity. And what that means is essentially is at the top end of the market prices are going to keep rising, whereas at the bottom end of the market prices are going to drop. And the reason prices are going to drop is because. More people that believe they’re worth 120 are not going to be able to get those roles at 120. And they’re going to start going for roles at 100, at 80. And it’s going to start slowly trickling down to those levels. But the thing you will find is they will not be doing the same role that is worth 120. They’re going to start looking for roles such as analysts or engineering roles that are now worth 70. So they’re going to start doing roles that they might in theory, right, because when somebody is hired because they’ve got good charisma rather than because they’ve got good capabilities, they might end up with experience in a role that they’re not capable of. So I want to preface it with that. But they’re going to end up in a role that they are over experienced for but paid an inflated wage there.

Jon: Or maybe in a role that they think they’re Over experienced for, but in reality they got lucky with a role that they didn’t have enough experience for and now they’re actually in a role that is actually suited for where they’re at in their career.

Gabriel: Correct. And what that’s going to do is that’s going to dry up the experienced market. The more these people start dropping down to lower wage roles, the more companies are going to be competing for that senior architect, the more companies are going to be competing for that security manager or senior engineers, senior analysts. There’s going to be a lot of competition because people are the companies are unreasonable. And I was going to use this going to these detail, so I’m going to actually take the moment and do that now. So here’s how the inflation generally is occurring, right? And this is across the board, not just in technology or cybersecurity, but in particularly strong. This effect is particularly strong in cybersecurity. A bad manager that is incapable of assessing capability during interview might be overly selective. Yeah. Or might be more likely to dismiss an employee they don’t like, despite that employee being capable of the job. So when an employer, a hiring manager, is being highly selective with the candidates that they want to hire, they’re choosing from a smaller pool of candidates. Supply demand rules, right? When the supply is lower and the demand is higher, that smaller pool of candidates are going to be competed over on the basis of salary.

Jon: We’re seeing the same thing with hybrid working remote working. The amount of people that are wanting to work remote, let’s say fully remote, the amount of people that are wanting to workflow remote hasn’t decreased. If anything, it’s increased. But because of the market that we’re in and companies are like, oh, no, we actually have more power than we did a couple of years ago during COVID They’re now going, oh, we’re going to do two or three days in the week in the office. There’s a couple of companies I know that are doing they actually do five days a week in the office for security analysts and engineers. You guys don’t need to be in the office. You can work from home just as easily. But what’s happening then?

Gabriel: They’re having to pay the big bucks for them because it’s a small pool of candidates. Yeah.

Jon: But at the same time, the hybrid and remote roles, those salaries are actually starting to dwindle a little bit because those companies know that they don’t have to be paying extortionate prices to find a broader pool of candidates.

Gabriel: Correct. And people are willing to go to those jobs despite being a lower salary. And that is very true. And that’s what you’re going to find. So the lower the supply, the lower the candidate pool, the higher the salary range is going to go. And the more selective or picky an employer or hiring manager is due to being a bad manager, the higher you’ll see wage inflation go. Right. Simply because of that effect. But then that causes a feedback loop that I’ve been noticing in the last two years, particularly. Right. So this is really bad feedback loop. Consider I’m going to use an analogy to sort of show how stupid really, this mentality is that is happening in the hiring market. So let’s say a bananas are scarce at the moment due to lack of rainfall, so their price has suddenly shot up, right. So there’s low supply, high demand, price of bananas increase.

Jon: Sure.

Gabriel: People going to the supermarket go, oh, my days, it’s increased so much for that price. I want a really good banana, right. So I’m not going to get these crappy bananas over here. I want the really good banana that’s actually yeah.

Jon: You’re going to sift through the bunch to find the best one you possibly can for that price.

Gabriel: Exactly. And then what you end up happening is that’s the price of the banana that year. You’re not going to find anything better because that’s what you get. Yeah, right. That’s how supply and demand works. You might be lucky and find one good banana in a bunch of bad bananas, but it’s luck more than the way things work.

Jon: Yeah, it’s more luck in finding the good banana than it is skill in being able to spot the good banana. Exactly. I see where you’re going.

Gabriel: The idea there is you’ve got to pay the price of the banana at where it’s at because that’s how the market works. Right. If you think a produce is currently in a good deal, you buy it early so that it appreciates. That’s how the stock market works. If the company’s shares are undervalued, you want to buy them so that when they grow to the value they are supposed to be, you’ve made money.

Jon: I’ve done that with my Lego. I’m going to use another Lego example. Yes, go ahead. Lego. Normally a lot of Lego sets, especially Star Wars Lego sets, appreciate with value, but that only happens when the set is retired. So I have the big 2019 UCS Ultimate Collector Series stardust order. Things sent me back probably about 600 pounds. Now, if I had kept it in the box and not opened the box, just sealed factory, everything, I could now sell that on ebay or whatever, for oh, gosh. I think I saw it for about two about 1500 to 2000 pounds. Just because the supply is now gone, but the desire for it hasn’t left. And it’s the same thing with a lot. Sipping with a lot of the other Lego sets that I buy. I buy them not because I want them or even because I like them. I buy them. I put them in my cupboard. I’m thinking, two or three years, this will be worth, let’s say it’s a 50 pound set. A couple of years, that set is going to be worth 200, 300, maybe even 400 pounds. Not even.

Gabriel: Imagine how stupid then it would be if somebody looked at you, knew that you owned that thing and went was like, I’m willing to pay you $40 for it.

Jon: Yeah. I’d be like, no, you’re an idiot.

Gabriel: That’s less than I paid. Exactly. So that’s what’s happening in the job market. So what ends up happening in the job market is the hiring managers start becoming more picky because they’re bad managers. So they hire somebody that is clearly bad for the job and doesn’t turn out well. They get fired. Then they hire somebody else. They’re clearly bad for the job, so they get fired. So the manager starts thinking, I need somebody with more experience. I need somebody more skilled. So the manager goes, because they’re incapable of finding the right person. They start thinking it’s an experience issue. So they start looking for more experienced people. Yeah, but they want those at the price of the junior. This is a junior role.

Jon: So my question then comes to you for ADHD people, for neurodiverse people, how does this impact them? Where’s the impact?

Gabriel: For neurodiverse people, it’s the same impact as you get for neurotypicals, but we struggle more, let’s say, depending on what type of neurodiverse you have, might struggle more at interviews. When you consider that luck in finding the beautiful banana in a bunch of bad bananas, is that idea of trying to find a talented candidate that is undervalued willing to accept a low salary.

Jon: But you’ve got to find that candidate as well. We’ll use ADHD as an example. Right. I cannot tell you how bad I am at taking written exams. I’m horrible at it. Now, it’s not because I don’t know the stuff. When I take a written exam, I know the stuff. It’s in my head. The problem is, sometimes I need a little bit of, like, a Kickstart or maybe a note, and it could be one word. It could be I don’t know.

Gabriel: I call it the seed. Yeah, I know what you mean. To grow that tree.

Jon: Yeah. And it doesn’t mean that I don’t know it. It just means, okay, if I if I was to do a lecture on why the Galactic Empire fell in Star Wars, right? I love Star Wars. Everybody knows that. Anybody that has seen my my LinkedIn post or has talked to me or anything, they they know I love Star Wars. Right. But here’s the thing. If I was going to give a lecture on why the Galactic Empire fell now, I could tell you why that is, but if I were to get up in front of 500 people, I would probably start waffling, because I know the stuff, but I can’t quite get to it, and you can’t focus on where to start. What do I do to Kickstart or what do I do for that seed? I have a note card or a piece of paper that has key words at different points in that talk to literally give my brain that little boost. Now, when we go over to Cybersecurity, we’re just interviewing in general what happens to ADHD people. It’s the exact same thing. If I were to ask you a highly technical question on a topic. About engineering that you haven’t touched in six months. Now, I know that you will know the answer because you’ve done it. And I know that you know the answer. I know that you’ve done it because it’s on your CV and we’ve talked about it before, but if I were to ask you right now, there’s a high chance, there’s a high probability that you’d be like, it’s there, but you can’t quite get to it. So then what happens? Manager has found their banana. They found their excellent banana. They’re one in a million, right? But because of the way the interview process is built, or because of the way that they recognize it, they don’t recognize it. So they might have the fantastic banana that is under budget, that’s available immediately, that doesn’t have any blemishes or any whatever the hell bananas have. It’s the perfect banana.

Gabriel: Let’s call it a bruised banana. Sometimes you will find, and this is really beautiful example, that’s why I like using bananas. My father, you can tell from my accent, I’m from Brazil, and my father absolutely loves bananas. I do too, but he particularly loves them. And he can tell a good banana from a bad banana really quickly. And a lot of people make this mistake. They want the banana without any spots whatsoever. That banana was picked too green and it’s not going to be sweet. It might be a living a little bit sharp. If you get a banana that’s got some blemishes, some of the purple or some of the black on the skin in, but then you peel it, you’re going to find that it’s actually not penetrated into the actual banana. It’s just surface deep, right? It’s just skin deep. But that banana was picked at the right time. And it’s the sweetest banana you will ever taste.

Jon: Yeah, it’s a ripened banana. It’s perfect.

Gabriel: Here’s what you get. You get a bad manager that can’t tell what a ripened banana is. Yeah.

Jon: So then back to the question. If we take that into mind with ADHD people bad manager doesn’t like, maybe they don’t know what they’re looking for, so they hire the wrong people. How does this negatively impact people such as ourselves? How does it negatively impact? And how then, can we change that process, this economics of management, if you will, to give if we can or help boost neurodivergent people in getting the roles that they would actually probably be good for and would miss otherwise?

Gabriel: Sure, I will get to that. What I’m going to do first is just conclude the mechanics of how the feedback loop occurs. And on the back of that, I will start providing some solutions. So essentially what happens is, once those managers that can’t find a good candidate, what they end up doing is they’re looking through a smaller and smaller pool of candidates, and the price of them, the salary of the candidates, start going up because companies are competing with each other for those bad candidates. The pristine banana that looks with that has no amish. Yeah. But actually, in reality, it’s a green banana. It’s not ripe, it’s not sweet, it’s not right at all. But they’re competing over that banana.

Jon: Yeah. Because it looks pretty.

Gabriel: Because it looks pretty, exactly. So what ends up happening there is for the. Entire industry, salaries go up. But then you’ve got the actually good ripe bananas and they know they’re worth and they know actually, if they’re given a chance, they can outperform the green banana. Right. So those candidates will surf through the inflation of salaries, leverage that high salary and absolutely smash it. And then they will go from strength to strength. Right. So they’re going to be getting better and better salaries, better and better jobs, particularly if they’re capable of navigating and finding, let’s say, some good managers.

Jon: This is supposing that, again, pull back to ASD or ADHD, right. This is on the supposition that that candidate that has the blemishes but is actually pristine in the middle. This is under the supposition that they know how to navigate social interactions, that they know how to interview well or say the right things.

Gabriel: Sure.

Jon: What is the reality of this is a lot of ADHD people, this is stuff that they fundamentally struggle with. I can’t tell you how many ADHD really genuinely struggle with interviewing or picking up on sarcasm or in office politics. And so they get passed up. So I get what you’re saying when it comes to that kind of small minority of bananas. It but then we get to, let’s. Say the I don’t want to say the bigger majority of bananas, but the but the other bananas.

Gabriel: Sure. Yeah.

Jon: You see where I’m going?

Gabriel: Yeah. So because the. So I just wanted to make sure that the point is across, that it creates a feedback loop, right. Bad management raises the salary for everyone, so this is actually a good thing for even neurodiverse individuals. But the feedback loop is there because then they start looking, start narrowing. Because if they want to hire somebody at that high inflated price yeah. They want to look for something that in their mind is worth that price. Yeah. So they start making the criteria smaller and smaller and smaller the higher the inflation goes. Yeah. So that’s a feedback loop that is ever increasing. So let’s say tomorrow the price, the salary of a security architect hit 200K. They’re going to start looking for people with ten years experience.

Jon: Yeah. If not more. Honestly.

Gabriel: If not more, because they think that that’s what it should be. But then guess what? That’s the price for people with two years experience. Yeah. And if you’re looking for people with ten years experience, what I’m calling the banana that is ripe, they’re going to go, no, two years experience is worth that. I was worth that last year. But now there’s inflation, I’m worth more.

46.14 Skills gaps and hiring

Jon: Yeah. Right. But then it compounds a bit more as well, doesn’t it? Because although you have the price inflation, you have the wage inflation, it compounds a little bit more. Because I had the thought in my head, dang it, I’ve lost it. I just need that it is detected. I was, I was trying to listen and I was also trying to think like, oh, this is such a good point. Oh, I’ve got it, I’ve got it, I’ve got it. So it compounds because here’s the problem, right? Let’s say you have ten years of experience. Great. And you’re worth 200K, you’re a security architect. That’s great. But. At the more junior levels. Let’s say junior security engineer or junior security analyst, not architect analyst. A lot of companies either don’t want to invest in these junior people because they don’t think they’re going to stay for very long, or they don’t want to hire people with, let’s say, one or two years of experience or even graduates, because it’s cybersecurity, right? You guys are literally there to protect the infrastructure and the finances of these companies, blah, blah, blah, the GDPR, everything, right? So then this comes into effect of, oh, hey, we have this skills gap for mid to senior and executive level roles. But you don’t really have this skills gap because there’s a lot of junior and mid level people that aren’t being invested in and aren’t getting the money that they deserve because the companies don’t want to come in and say, oh, hey, you have two years of experience. I’m going to give you more money. I’m going to promote you to a security engineer. I’m going to invest in you because. I trust your ability shows up in the market.

Gabriel: So here’s how he shows up in the market. It’s beautiful. Researchers, HR recruitment researchers have done what’s the word, surveys for donkeys years now, seeing how many people are looking for jobs and how many roles are currently available. And it has been demonstrated, you statistically, there isn’t a shortage of candidates issue. No. So employers that used to say there’s not enough candidates, we need to get more people into cyber. We need to get more people into cyber. We need to get. So there were all of these plans. To flood the market with candidates, and. It’S not solved the problem, it’s made it worse. So now the analysis is starting to become, okay, well, there are enough candidates, so why is there still a shortage? They’ve changed the wording. Oh, it’s a skills shortage. It’s no longer a candidate shortage. It’s a skill skilled. Yeah, it’s a skilled candidate shortage. So you mean you don’t want to pay the worth of the candidate? You want a more skilled candidate for. The price that you’re paying.

Jon: Or you don’t want to invest in the get? Because as a recruiter right, obviously I speak to people such as yourself all day. And one of the things I learned quite quickly, there are a lot of open security roles in the mid to senior level positions.

Gabriel: Yes.

Jon: And there are particularly in the mid to senior level position, there are a lot of people that are really good for the role. But why are they not being hired? Well, I can tell you it’s because a lot of these people need sponsorship or don’t need sponsorship, but haven’t worked in the UK, and the companies, for whatever reason, may not want to take that risk, because they’re like, oh, we don’t know if they’re going to be a good culture fit, blah, blah, blah. But they have the technical skills. So they say there’s this skill shortage. And there was a report by it was like CyberNews Weekly or something, I can’t remember who it was. Don’t quote me on that. Basically saying there’s going to be a reported skills gap of like, three and a half million cyber security professionals or jobs in the entire world by 2025 or 2027. What’s? Not the case. I get contacted probably five to ten times a week by graduate level security. We have just graduates, cybersecurity graduates, asking if I have roles. The issue isn’t the candidates. The issue isn’t even a skills shortage. The issue, in my mind is an unwillingness to invest in these people or to invest in the people that are nearly at that point, bring them up to mid, to senior level and then train up and start entry level people. That’s where the issue.

Gabriel: It’s worse than that because a lot of companies are not doing that because they think the junior candidates are not worth their salary. Yeah, right. So if they’re going to hire somebody at that salary, they want somebody a jack of all trace that can do everything. So particularly in that junior to mid role. I’ve been there and I’ve got the T shirt and I can tell you every time I used to apply for a junior to mid level role, they wanted a check of all trades for the price that they were paying. I can’t afford a mid position, but that’s what I need. And a junior is not qualified enough to do what I want them to do. So in order to justify paying somebody at a mid level position, I wanted to do both. But here’s the thing and starting to get into solutions now, what you find is a mismatch between is always every time, always a mismatch between what the worth of the candidate is and how much the company is willing to pay for it and bad manager. Instead of trying to find the diamond in the rough, rather than try to find, let’s say, lower prices, lower the salary offer, but find a diamond candidate within that price range, what they end up doing instead. Is because of the bull market. Remember we started this with say it’s part of the bull market. They just ask executives, can we get a higher budget? Yeah, can we get a higher budget? And so they start going up. But then the company says, for that price, I want somebody with more experience. But then the person with more experience is not going to want to do the job for that much. They’re going to want to the job for more. And every time they go up it scales. So how do you solve it? There’s three ways that it can be solved, right? There are some, let’s say easy pickings, and there are some more structural difficulty issues. So the simple answer is just to pay people what they’re worth and stop overestimating this idea that if you raise salary, you’re going to find a better candidate. If you can’t find the candidate at the salary that you’ve got, the issue is with your metrics, not with the salary.

Jon: I don’t know. I think I would disagree on that one. I’ve got one role right now for a client and genuinely, the quality of the candidates I’ve been sending to them, they like, right? They like the quality. The problem is the quality that I’m sending is about 20k over budget for what they’re able to pay. And I’ve gone and I’ve said, look, know the budget that you’ve given us, the budget that you’re willing to pay. This is the quality candidate that you’re going to get. And so I’ve sent candidates at that level saying this is what you’re going to get for this quality for this.

Gabriel: I’ve got a question for you. How do you know it’s at that level?

Jon: What metric are you using to measure so what to measure the candidates that I speak to, that you sent to them.

Gabriel: How do you know the candidate is a good fit?

Jon: So I don’t base it on years of experience. Some clients appreciate that. Some clients don’t appreciate that. Some candidates, again, appreciate that, some don’t. I don’t care how how many years of experience you have.

Gabriel: How do you do it?

Jon: Don’t worry. I get it by I talk to them. Right. Depending on the role, I have a list of questions, both technical and competency based, that I ask my candidates. Let’s say I’m working for a seam role. I’ll be asking, can you tell me of a time that you were working on a configuration and it all went to hell? And how did you fix it? Or if I’m working a digital forensics role, can you tell me about a time that there was an incident escalation? Again, it all went to hell. What did you do? What kind of remediations did you work on? What platforms did you use? What was your process to find out why it went to hell in the first place? Then what was your process to remediate that? What were the tools that you used? Talk me through everything that you did.

Gabriel: That’s one way down. Yeah. I love this. I absolutely love this. So let’s break that down by asking those questions. What skills do you think you’re assessing?

Jon: So, first off, I’m assessing whether or not they are interested actually interested in the role. Because if they don’t want tell me in detail about that. And I appreciate that there is obviously confidentiality that we have to go through. And so a lot of times, they can’t tell me specific things that they’ve done. I get that. That’s fine. But the first thing I’m assessing is, are they actually interested in this role? If they’re willing to talk to me about it, cool. They’re interested in the role. Second thing, interest. Second thing I am assessing is what they have on their CV. Does it line up to what I’m asking them? So if they can tell me in detail about an incident that they resolved or a seam configuration that they worked on, if they can tell me that in detail, then they are also telling me, cool, they were truthful on their CV. They’re also telling me that they are technically capable and that they can back that up with real world examples.

Gabriel: So you’re measuring for experience?

Jon: I am.

Gabriel: Okay, so you see, here’s the thing. There’s a difference between years of experience and experience with a process.

Jon: Yes.

Gabriel: It’s not necessarily a bad thing.

Jon: I’m not measuring for years of experience so much as that I’m measuring for.

Gabriel: Can you tell me, can you demonstrate that you have experience in the tools that role the processes, the best practices?

Jon: I don’t care if you’ve only done it for a year. If you can show measuring the knowledge, if you can show me that you have the knowledge and the tools and the capacity to do the job, I will be happy to send you. I don’t care if you’ve only been doing it for a year, but then I’m also assessment how do you know they’re doing it? Well, that’s the thing. This is the thing. As a recruiter, as much as recruiters say, we like to say, I’m a specialist in security recruitment. Yeah. I’m a specialist in infrastructure, a software developer development. I don’t work in I don’t use Miter and Attack. I don’t use splunk.

Gabriel: It means you understand the market, not necessarily cybersecurity itself.

Jon: I understand the market, and I understand enough of what you guys do that I can get a baseline understanding of. Or let’s call it like a soft competency baseline. But I can’t technically assess in the way that a hiring manager can or in the way that an advisory board can.

Gabriel: They’re worse, by the way.

Yeah.

Gabriel: What you’ve described is better than many hiring managers. I’m telling you that now.

Jon: But there’s only so much that I can do as a recruiter in what I’m able to do. I try to do my due diligence. Obviously, some people get through the cracks, and if they get through the cracks, hats off to them. That means they’re a good interviewer.

59:11 Diamond in the rough

Gabriel: Let me blow your mind now. The true diamond in the rough that you’re going to find is when you find somebody with a skill set without experience in that matter. In that subject matter. Yeah. This is generally called transferable skills, even technical skills. So let’s say you want to have somebody that is a forensic investigator, but they don’t have experience in forensics or forensic tooling. But guess what? They’ve done a year in soc. They’ve been a junior soc analyst. Yeah, they don’t have a lot of experience. They’ve worked with some soc tools. They’ve done a few investigations, but certainly nothing that they can talk extensively about. How would you measure their ability to do forensics?

Jon: So I’ve actually had this. Quite proud of this one. Although the person you should be the person get the job.

Gabriel: Exactly.

Jon: Which was really annoying. Which was really annoying.

Gabriel: But you’re starting to touch on the point now.

Jon: Exactly. This person was a threat hunter. They’ve been doing a lot of threat hunters. Yeah, they’ve been a threat hunter for years and years and years. Now they are at their current place, they are a threat team lead. So they’re running a team of, I think it’s like five or six threat analysts. Absolutely. Awesome. I put them forwards for a digital forensics and incident response position. Their CV didn’t have much in the way of DFIR at all. So how did I measure and figure out that or think that they were good for the role? To be completely honest, I don’t know. Part of it was a gut feeling. Genuinely part of it was a gut feeling. I was talking to them. I have a relationship with this person. I know them decently well, as well as I can without having met them, but you know what I mean.

Gabriel: Yes, of course.

Jon: And from the conversations that I’d had and knowing the kind of person that they were, I just had this gut feeling of, I know they’re good enough to get through technical, but maybe they’re not going to be good enough for exactly what the company is looking for.

Gabriel: Fine. Let me run that by you. Yeah, good. No, that’s fine. I know, because I do the same. So the difference between a good and a bad manager is the ability to quantify structuralize system to systematize. No. There’s a proper word for that systematize. Systematize. That’s the word systematize. That gut feeling into operational metrics. Right. So what you perceived through your pattern detection mechanisms, right? Instinctive pattern detection mechanisms. There are some really smart people out there that they’re capable to take what this is generally called art, and turn it into science. Art and turn it into science. So here’s the trick. Problem solving ability.

Jon: I was going to say, you know what this candidate has in common? ADHD.

Gabriel: ADHD, of course. ADHD are pattern detection machines. Look. So problem solving ability, number one. Number two, the pattern detection mechanisms, the ability to perceive and identify patterns. It doesn’t matter whether they are threat hunting patterns or whether they are forensic patterns. The ability to follow a system in a methodological fashion, right? Generally, all of these things tend to be somewhat associated with IQ. And when you’re talking about psychometrics so the measurement of personality the most trusted nowadays personality measurements is called the big five.

64.27 The big five

Jon: The big five?

Gabriel: The big five personality test. So this covers things like extraversion, um. Openness. So openness to experience the willingness to try out new things. Conscientiousness, which usually means how organized you are or how hardworking you are. Neuroticism, which generally is your aversion to threat, right? So how risk adverse you are and how emotionally in vested you are to risk detection. And what’s the third one to go extraversion openness? Conscientiousness neuroticism. And I forgot the other one. Give me 2 seconds. I literally can google this.

Jon: What I’m hearing is a lot of these traits are traits that neurodiverse people have.

Gabriel: No, everybody has them, but then it’s like a spectrum. It’s a personality spectrum.

Jon: Okay, let me rephrase that then. A lot of the traits that you’re talking about, I think ADHD or neurodiverse people maybe show to a higher extent, like ADHD on the whole are more risk tolerant.

Gabriel: Correct. Lower nervous system.

Jon: I picked up and moved from the US to the UK with hardly a second thought. I literally was like, okay, I’m going to sell my car. Everything I own, I’m just going to pick up, I’m going to move, and it’s going to figure itself out. I think very few neurotypical people would do that. Whether or not that’s a good trait is up for debate. But it’s something that I.

Gabriel: Because of object permanence. So in ADHD, the lack of object permanence, the fact that you forget things easily, right? It means you don’t remember risks as pretty much as permanently as neurotypical people.

Jon: So yeah, maybe maybe a way, maybe a way to address the economic impact of bad management and neurodiversity is let’s say we bring more neurodiverse people into I’m not saying that we have to bring them in as managers. That one specifically. That won’t change things.

Gabriel: Well, what I’m saying is in cybersecurity you have preponderance of autistic and ADHD managers. I know, but what does not solve the problem,

Jon: that’s not let’s bring them into the hiring process, right? So let’s say we have a neurotypical hiring manager and that neurotypical hiring manager is like, okay, this is what I want, this is what I want, this is what I want. And then let’s say I put five CVS in front of the neurotypical manager and let’s just presuppose one of them is going to get the job, right? No matter what, one of them is going to get the job. And the five CVS are all of different qualities. They all match or don’t match for varying reasons. Now, the hiring manager might go for the shiniest CV because again, let’s prespose the neurotypical. They might go for the shiny CV and say all the buzzwords are there, blah, blah, blah. Great, now let’s take a neurodiverse person then whether ASD doesn’t matter or ADHD doesn’t matter and we give that person the same five CVS, there is a chance that they would look at a CV that isn’t pretty. Maybe the candidate is a bit jumpy, they’ve moved every nine months to a year or something. They don’t have as much technical information. Or maybe they have too much. They’ve waffled it too much. Right. But they have that level of intuition on that CV that the neurotypical hiring manager doesn’t. So what then could happen? Well, that neurodivergent person could then go to the hiring manager and say, hey, I know you like candidate A, but candidate D here, they are really good and this is why. But you have to be able to quantify that and break that down and have that relationship with that hiring manager. Maybe I’m convoluted it way too much.

Gabriel: No, I think there’s a lot of assumptions in the sense there’s the assumption there that the neurodiverse person will always 100% of the time, be better at detecting a diamond in the rough than the than the neurotypical.

Jon: Yes, that is an assumption that’s made. That’s the thing. It’s an us versus them approach which is not going to make things better, that a neurodiverse person is going to be always better at the job. I’m not trying to take an us for a Stem approach. I’m trying to find an approach of how can we, as neurodivergent people work with neurotypical people to help solve this problem?

Gabriel: Ignore the label system. That’s the solution.

Jon: Just ignore neurodivergent neurotypical. Just ignore the labels.

Gabriel: No, in the sense of the label won’t be the differentiating factor when it comes to hiring or promoting or retaining. Because here’s the thing a neurodiverse manager is just as likely to drive an employee into resigning as a neurotypical manager.

Jon: That’s true.

Gabriel: And they’re just as easily misled when it comes to identifying the right candidate. Because you said it earlier, that gut feeling. Now, some neurodiverse people have that gut feeling, some don’t. Some neurotypical people have that gut feeling, some don’t. How do you solve the problem? You take the gut feeling and you systematize it so that everybody can do it.

Jon: But how do you quantify or systematize something that is. But I don’t even know how to describe it.

Gabriel: Easy. That’s why I was saying the personality traits

70:42 Personality Traits

Jon: Oh, this is where you’re going with it. Okay, I see where that’s where I was going.

Gabriel: Yes. So you have to find, for example, you want to find a hard worker conscientious people and their tests done with this repeatedly, ad nauseam. People that are high conscientiousness are known to work harder. It’s a fact.

Jon: You would want to test candidates with this personality test.

Gabriel: It’s the most successful personality test in psychology ever, and it’s being developed even further. They say now there’s even a big six model with H being honesty right. As an additional factor to it. So here’s the thing. If you want somebody to be creative, if you’re hiring for a creative role, openness, you want somebody high in openness, happy to experience new things.

Jon: But there you’re having to presuppose that candidates are going to be willing to take this test

Gabriel: 100%. I know. I know for a fact that that is a factor. But this is one way of, let’s say, solving the problem. Now, if you don’t want the candidates to take these tests, you can narrow them down as part of an interview process. You can ask them during your interview.

Jon: Oh. And just kind of create, like, an internal scoring like, system, right?

Gabriel: IQ what does IQ what does intelligence quotient measure? Do you know?

Jon: Yes, but supposedly it measures the which is what? The innate intelligence of someone or their ability to problem solve.

Gabriel: Problem solve, yeah, exactly. It measures two things pattern detection and problem solving. So your ability to visualize a solution to a contextual problem instinctively. So how quickly does your brain process the problem, how quickly it processes a simulation to identify a given solution, and how quickly you will pattern match a solution on paper to the solution in your mind. Right, so most IQ tests, you’re given a question, which is the problem, and you have to embed that problem into your brain and simulate it. And then you’re given a set of multiple choice answers and your brain will come up with the answer. And then you have to pattern match from the multiple choice the answer that your brain came up with. That’s how IQ tests work. So at the end of the day, at least, that’s the Culture Fair version. Right, the Culture Fair being the images and geometric shapes one, and you’re identifying rotation. So you’ve got a clock at twelve, a clock at three, a clock at six, and then he asks you, what’s the next one in the sequence? Nine. Yeah, exactly. So that you have to be able to imagine the problem, which is the rotation of the clock. You’ve got the sequence. That’s what it’s measuring. So if you want some body in a job that is an engineering job.

Jon: You want to be looking for someone that has that same kind of intellectual acumen, if you will.

Gabriel: Yeah, the ability to problem solve, to engineer, simulate. Yeah.

Jon: Whereas if you were looking for someone for like a GRC role, you wouldn’t be looking for the same thing.

Gabriel: You’d be looking for no, you’d be. Looking for somebody that’s conscientious, potentially a little bit neurotic because you want them to be risk adverse.

Jon: Right. I was thinking about this. We were talking and I think you’ve actually dressed I basically had a question. I think you’ve actually dressed it because there are different types of intellect, if you will. Right. You have logical intellect, emotional intellect, psychological impact intellect, social intellect, even physical intellect, where you’re intellectually, maybe you’re not as smart and smart, but, you know,

Gabriel: Good visual and kinesthetic.

Jon: Yeah, you’re kinesthetically intellectual. That was going to be my rebuttal. But it seems like you’ve actually thought this through, where if you have an engineer, you’re going to be looking for one type of intellect because that’s the thing that engineers need. Whereas if you’re looking for, you need.

Gabriel: To match the intelligence to the role. You can’t pick somebody that is a beautiful artist. They are an amazing musician, they have. A high IQ and they are high in openness. And then they’re going to try to do a GRC role.

Jon: Yeah. Or like a pen testing role. Yeah. They’d hate it.

Gabriel: Right. They’d hate it. It’s not open enough for them. It’s not creative enough. So it’s too procedural. Right. So that’s the thing. You need to match the role to the candidate. And sometimes experience not just experience, but experience with a particular tool, particular process is not the best predictor of capacity to do that job. So what you had with your gut feeling is you identified in that candidate an ability to do pattern detection, an ability to problem solve, particularly. A heightened consciousness, the ability to be very dedicated to the job. Somebody might be a quick learner. And if you’re capable of assessing during an interview how quick a learner somebody is, give them a case. Right. And don’t give them time to prepare. Surprise them with a case study during the interview and see how quickly they will remember the facts of that case study. That’s somebody’s ability to learn.

Jon: So this is kind of your solution to it’s. Not bad.

Gabriel: I’m saying you need to systematize the hiring process, because decade, a whole generation of bad managers have killed the hiring industry. They’ve killed the science behind hiring. They’ve really killed it. And you can use the same thing for performance and promotion. Somebody is on the job, and you need a new manager. Rather than giving it to the person that’s been in the company the longest, you need to give it to the person potentially with a higher agreeableness, because a disagreeable person is not a good manager. Yeah, disagreeable people make good directors, very good directors.

Jon: But they don’t make good managers. Yeah. They can’t make an advertiser. They can’t work well with others.

Gabriel: Correct. So you see the idea. So you need to find the right skill set for the role, and you need to find ways to measure that skill set. And that’s what’s been missing. That’s why neurodiverse people are losing out. That’s why neurotypical people are losing out. That’s why companies are losing out on a lot of money. Right. The whole economic system is broken because of this fact. Poor measurement of productivity, right? So that’s when it comes to personal management and companies need a whole lot better outcome measurement. Outcome measurement. When it comes to productivity, how do you know if somebody is being productive? The traditional approach how many hours have you done a day? If that doesn’t mean that you’re being.

Jon: it’s like in recruitment. How many calls have you made today?

Gabriel: How many calls have you made today?

Jon: You haven’t been productive today.

Gabriel: Yeah, but how many candidates did you successfully place in a job?

Jon: Or it’s like how many calls were actually how many calls connected, or how many calls did you actually get something out of? Like, how many people of those 20 were interested in the role? A good fit match the salary, it could produce results.

Gabriel: Call to offer ratio. Your call to offer ratio is your performance.

Jon: Not even that. I go off of interview to offer ratio.

Gabriel:  Well, even tighter. Yeah, even tighter.

Jon: Very tight. Yeah.

Gabriel: So interview to offer ratio is once you’ve got an interview set up, what’s the percentage of those interviews that result in an offer?

Jon: I don’t know off the top of my head.

Gabriel: No, I’m not asking. I’m saying. A good measurement for productivity, because you can mathematically calculate how good you are at finding the right candidate. But that can be gamed, you see? That can be gamed, let’s say by sending less candidates into interviews.

Jon: Yeah.

Gabriel: But if you’re really good. At selecting. If that gut feeling of yours is really good at preselecting the right candidate, then you know that this candidate will be successful.

Jon; Yeah.

Gabriel: So you send less. So you’re boosting your ratio. Right. Hopefully, you can see, so every metric has its way to be gamed, but at the very least, it’s a metric that is measured on the basis of something productive. If the company made an offer, that means they liked the candidate, so it’s undeniably a good outcome. So even if you can game the ratio, the outcome is still good. But then you’ve got companies that make some measurements that are ineffective that leads to bad outcomes.

Jon: Well, they’re arbitrary measurements at best.

Gabriel: Arbitrary at best, outright disruptive at worst. And people are smart. Employees are smart. They’ll learn to game the measurements. They’ll learn to game the metrics, and now they’re gaming the metrics that are irrelevant, arbitrary at best. So you’re teaching employees to become more arbitrary. So why else would we have a stagflation? Why would productivity be low if you’re not training employees?

Jon: All of a sudden? It comes around circle.

Gabriel: Of course it does. Yeah. And this is what game theory teaches. You see, once you start identifying these things, okay, managers being bad managers, they’re measuring your productivity with the wrong metric. And now you’ll see a lot of articles saying, oh, employees are lazy. Are they? Or have you trained them to game the wrong metrics? Yeah. It’s.

Jon: And you’re and you’re measuring them on the wrong metrics, not on the you’re measuring them. Yeah. You’re not measuring them on things that matter. You’re measuring them on things that someone put in place to make themselves feel more important while having to do less work.

Gabriel: Yes. Here’s the thing. Productivity at the country level or at the company level is measured appropriately, roughly. Right. GDP and monetary values are a good measure of success. Sure. But here’s the thing. How does your team, your individual team performance correlate to how much profit your company makes? If you can’t prove that the metric you’re using for your team actually increases the profit by either lowering cost or boosting revenue? Yeah. Your metric is irrelevant. It’s literally that simple.

Jon: Oh, I think we’re going to have some upset people at the end of this episode.

Gabriel: But it’s the truth. Blaming employees for being Jocko Willink created a beautiful book. Extreme ownership. I don’t know if you’re familiar with it, but I’m sure some people listening to this podcast would know. Extreme ownership is brilliant. And basically, every manager that tries to or every executive, every CEO director that tries to blame employees for being lazy or less productive, particularly around this conversation about working from home, right. Oh, we want employees back in the office because they’re less productive when they’re working from home. Let that book. Extreme Owners should be a lesson. The buck ends with the accountable executive every time. Every time.

Jon: I didn’t know there were accountable executives.

Gabriel: Well, great point. Exactly. So the idea is if your employees are being less productive. Maybe you’re not measuring productivity correctly. Maybe you’re not measuring incentive correctly. Right. Because there’s the idea as well. How are you incentivizing people to be more productive?

Jon: Yeah. But then that would mean if you’re not measuring that correctly, then you’re also not measuring your hiring needs on what you actually need, but on what you exactly.

Gabriel: And then who suffers even more? Neurodiverse people. Because we’re now being managed by bad managers and they are not happy with us because we’re not that social. Or maybe we’re too social, or maybe we’re grumpy because you’re measuring us badly.

Jon: Or we’re taking it too literally, but you’re telling us what to do, and we’re doing it very literally.

Gabriel: Yeah. So all of these things and we end up getting the short end of the stick and being fired because the manager can’t measure productivity well, they can’t measure hiring skills well. They can’t. Right. So that is the key. So once a good manager that is capable of measuring things correctly, they will go to a low salary, they’ll open a role at a lower salary, and they’ll have the cream of the crop of candidates. Because here’s what they’re going to do. They’re not going to measure candidate skill on the basis of experience or knowledge with a particular tool. They’re going to measure the candidate on the basis of actual measurable metrics to find if they’re a good fit to that role. No. What’s their IQ? Roughly? What’s their conscientiousness? How hardworking are they going to be? How good are they problem solving? How good are they at pattern detection? How good are they at learning? How fast a learner are they? And then you’re going to find, actually, there are some really good candidates here that don’t have that experience.

Jon: Yeah. But they would have otherwise missed had they not done it that way.

Gabriel: But within three weeks, they’ve learned it’s literally that quickly. Three weeks they learned how to use the tool. Yeah. Three weeks they learned how to detect patterns that they had never seen before.

87:01 Last Comments

Jon: Yeah. Well, Gabriel, I think we’ve run out of time for this, but I do genuinely believe that we could be talking about this for hours yet. So it would definitely be good to get you back on at a later point, and we can just keep going into this.

Gabriel: But I think we’re reaching the end anyways. The three main solutions are better hiring and recruitment, better performance management and productivity monitoring and people management training. Because at the end of the day, it’s good enough. Not good enough. Yes. Okay. You can measure an engineer productivity, you can measure an analyst productivity, but how are you going to measure management productivity? So you need good people management training and a good way of assessing their skills yeah. Within their role. And train them to do better. Train them to do better. Train them on how to handle neurodiverse employees. If you’ve got a neurodiverse manager, then train them so that they can handle things despite being neurodiverse, they can manage better. Yeah. Everybody needs training. Everybody

Jon: Everybody needs training. I completely agree on that. I need training. You need training. We do. Yes. It is just something that yeah, we all have something to learn every day. It doesn’t stop. Yeah, I think that’s really well summarized. It’s a really complex subject. Maybe we haven’t solved anything. Maybe we have. Hopefully we have. All I can hope is that the people that have been listening have gotten something out of it. But yeah. Thank you to everyone that’s been listening or watching. Thank you guys for listening to Hyper Focus Hour, which has been hosted by myself, obviously, and Gabriel here through Via Resource, which, again, we are a recruitment company. So if you need us, I’m right here. Gabe, thank you so much for your time today, for your wonderful insights on neurodiversity management and the economy. You have a lot of thoughts into it. You’ve obviously put a lot of time and effort into it. It’s been amazing getting to hear you. Just wonderful to get the challenges on my ideas, my presuppositions. It’s been really informative, and I just really appreciate it. So, yeah, thank you again. And for everyone else, stay tuned for the next episode. Don’t forget to take a break, drink some water, and take a stand up and walk around for a few minutes until next time.

The importance of IoT penetration testing

The importance of IoT penetration testing

Internet of Things (IoT) connected devices are an unexpected source of intense and preventable security breaches, and it’s time they get the penetration testing treatment just like other hardware. Why is it essential to give IoT devices special treatment and how can companies defend them successfully?

What is IoT penetration testing?

An IoT penetration test is the assessment and exploitation of various components present in an IoT device solution to help make the device more secure.

The first step of IoT penetration testing is to map the entire attack surface of the solution, followed by identifying vulnerabilities and performing exploitation, followed by post exploitation. The testing concludes with an in-depth technical report providing insights into the risks, and of course suggestions for remediations.

What’s the Importance of Penetration Testing for IoT?

As IoT devices rely on connectivity, their utility crumbles in the face of a threat actor or power outage. Because such devices are growing in popularity at a rapid pace, security professionals are presented with growing challenges and a need to provide as much assurance as possible in this space. Since IoT devices connect from countless routing points, servers, and regions, few connections are reliably the same meaning there is a larger scope for attacks.

Penetration testing of IoT devices reveals unknown security gaps as trustworthy professionals simulate the techniques of malicious actors. They dig through firmware and hardware for vulnerabilities and accessibility oversights.

Testers get inside the mind of a hacker, trying to find sneaky ways into systems, tease out the most valuable exploits and extract the most priceless information. Analysts need to perform these tests — especially with rising technologies like IoT — so their reputation for being insecure and modern technologies quickly dissolves.

1. Identify Security Vulnerabilities

Security vulnerabilities vary from hidden back doors to out-of-date software and firmware with default passwords, which is why you need to know which pathways could impact systems the most. For instance, if your organisation uses IoT systems, the level of risk can increase since these are some of the most overlooked networked devices when it comes to cybersecurity.

IoT devices are sometimes mobile and can connect and disconnect at any given moment. Therefore, security teams may lose track of their usage and even avoid mentioning them in reports.

This doesn’t mean your organisation should not use IoT systems or devices. Like most widely adopted technologies, the use of IoT devices can bring a wide range of benefits, however, it also comes with a need for enhanced cybersecurity measures. Where, you can use penetration testing in combination with AI-powered security tools to determine if any of your users are engaging in risky or malicious behaviour.

Subscribe To Our Newsletter

2. Improve Security Posture

The great thing about penetration testing is that there’s no one single way to do it. There are different types of testing you can apply, and specialists recommend combining several different methods to get the best results.

Diversity of penetration testing methods is what keeps your organisations data secure and help improve the company’s security posture. That’s because different methods produce different results, which, when combined, provide decision-makers with a well-detailed map of the company’s weak areas.

3. Complying with Regulations

Cyber security regulations help organisations understand different security standards and push for a more secure business environment. This is why many of these regulations require organisations to undertake regular penetration testing and audit their IT systems to ensure compliance.

Failure to comply will often lead to a data leak, which can follow to a fine and an investigation into the business’s cybersecurity practices and decreased customer confidence.

4. Reduced Costs

Penetration testing can help reduce costs in the long term as any identified vulnerabilities can be addressed before outsider ill-intended entities will discover and exploit them. It’s also a good way to get your employees used to the idea of always being on the lookout for suspicious activity and taking everything with a grain of salt when it comes to dealing with people online.

However, this shouldn’t be used as an excuse to forgo cybersecurity training sessions, which also need to be an ongoing occurrence. Combining a good security system with well-trained employees, the security posture will improve significantly.

Top 3 IoT Security Testing Tools

It is essential to perform IoT security testing to ensure that your device is not part of the next big hack. The following are the top 3 IoT security testing tools: 

    • Firmware Analysis ToolkitFAT is built to help security researchers analyse and identify vulnerabilities in IoT and embedded device firmware.
    • PENIOTPENIOT is a penetration testing tool for the IoT devices. It helps you test/penetrate your devices by targeting their internet connectivity with different types of security attacks.
    • AWS IoT Device DefenderAWS IoT Device Defender is a fully managed service that helps organisations protect their fleet of IoT devices from external threats. AWS IoT Device Defender gives you the ability to monitor your fleet of IoT devices’ health continuously and detect and remediate potential threats.

PCI DSS Compliance – Why you need it

PCI DSS Compliance – Why you need it

Financial data is one of the most sought pieces of information in the darknet marketplaces. As a result, merchants handling it are prime targets for cyberattacks. Where, five major credit card companies outlined the security guidelines to combat this situation.

This is known as PCI DSS, which aimed to tighten the card-processing ecosystem against various vulnerabilities. For organisations looking at how to protect cardholder data, it’s an essential document. At first glance, it can be a bit difficult to wrap your head around.

What is PCI DSS?

Payment Card Industry Data Security Standard (PCI DSS) is an operational requirement for cardholder’s data protection. The standard applies to all entities that store, process, or transfer financial customer data.

Obtaining this certificate can be costly as it requires yearly certification. This can also include additional lines in the budget for people training, onsite audits, required remediation to hardware and software, etc.

The primary purpose of PCI DSS is to provide an international framework to establish secure cardholder data handling mechanisms, these are classified into 6 categories:

    1. Building and maintenance of secure network and systems
    2. Cardholder’s data protection
    3. Vulnerability management plan
    4. Access control restrictions
    5. Network monitoring
    6. Information security policy

Each category governs vital security controls of payment data protection. The highest security standards can’t be achieved if at least one of the categories is neglected. Each of them supplements the remaining one, creating a solid foundation for users’ financial data security.

Who needs PCI DSS compliance?

PCI DSS compliance requirements apply to all companies involved in storing, processing, and transmitting credit card information. For instance, online shopping your bank, merchant’s bank, and website’s payment technology provider are all subject to PCI DSS regulation.

PCI DSS covers all merchants, credit card issuing banks, processors, intermediaries, developers, and other involved parties. Its purpose is to make sure that there are no weak links in the system that could be exploited. A rule of thumb is – during your line of work you come into contact with credit card information, you’re probably regulated by PCI DSS.

The compliance is enforced by the major credit card payment brands that established the Payment Card Industry Security Standards Council:

    • American Express 
    • Discover Financial Services 
    • JCB International 
    • MasterCard 
    • Visa Inc.
    • UnionPay (while this one didn’t establish the standard it provides banking card services supervision in mainland China)

Risks if you aren’t PCI DSS Compliant

Fines are the primary risk if your organisation is found to be non-compliant with PCI DSS requirements. Depending on the scope and violation’s severity, they can vary from $5,000 to $500,000 per month. Fines can also increase depending on the length of non-compliance time which increases the total amount.

Each card organisation involved in the PCI DSS guidelines has its separate compliance validation requirements. Compliance for American Express might have different requirements from MasterCard even though they both follow the same PCI DSS guidelines. Non-compliance to a specific brand’s set of rules may impose additional fines. For instance, the merchant is held responsible for covering all card re-issuance and remediation expenses after the data breach. Even if the merchant survives after such a financial blow, they still risk getting their privileges revoked.

The 12 requirements of PCI DSS

The requirements set by the PCI SSC are both operational and technical, and the core focus of these rules is always to protect cardholder data. The 12 requirements of PCI DSS are:

    1. Install and maintain a firewall configuration to protect cardholder data
    2. Do not use vendor-supplied defaults for system passwords and other security parameters
    3. Protect stored cardholder data
    4. Encrypt transmission of cardholder data across open, public networks
    5. Use and regularly update anti-virus software or programs
    6. Develop and maintain secure systems and applications
    7. Restrict access to cardholder data by business need to know
    8. Assign a unique ID to each person with computer access
    9. Restrict physical access to cardholder data
    10. Track and monitor all access to network resources and cardholder data
    11. Regularly test security systems and processes
    12. Maintain a policy that addresses information security for all personnel

Benefits of PCI Compliance

Complying with PCI Security Standards seems like a daunting task, as the standards and issues is a lot to handle for large organisations, let alone for smaller companies. However, compliance is becoming more important and can be easy to follow if you have the right tools.

According to PCI SSC, there are major benefits of compliance, especially considering that failure to comply may result in serious and long-term consequences. For example:

    • PCI Compliance standards mean that your systems are secure, and your customers can trust you with their sensitive payment card information; trust leads to customer confidence and repeat customers.
    • PCI Compliance improves your reputation with acquirers and payment brands – just the partners your business needs.
    • PCI Compliance is an ongoing process that aids in preventing security breaches and payment card data theft in the present and in the future; PCI compliance means you are contributing to a global payment card data security solution.
    • As you try to meet PCI Compliance, you’re better prepared to comply with additional regulations, such as HIPAA, SOX, and others.
    • PCI Compliance contributes to corporate security strategies (even if only a starting point).
    • PCI Compliance likely leads to improving IT infrastructure efficiency.

Difficulties Posed by PCI Non-Compliance

PCI SSC also points to potentially unfortunate results of failing to meet PCI Compliance. After working to build your brand and secure customers, don’t take a chance with their sensitive information. By meeting PCI Compliance, you are protecting your customers so they can continue to be your customers. Possible results of PCI Non-Compliance include:

    • Compromised data that negatively impacts consumers, merchants, and financial institutions.
    • Severely damaging your reputation and your ability to conduct business effectively, not just today, but into the future.
    • Account data breaches that can lead to catastrophic loss of sales, relationships, and community standing; plus, public companies often see depressed share price as result of account data breaches.
    • Lawsuits, insurance claims, cancelled accounts, payment card issuer fines, and government fines.
    • PCI Compliance, as with other regulatory requirements, can pose challenges to organisations that are not prepared to deal with protecting critical information. But protecting data is a much more manageable task with the right software and services. Choose a data loss prevention software that accurately classifies data and uses it appropriately so you can rest more easily knowing that your cardholder data is secure.

Hyperfocus Hour: Hyper fixation and Up-Skilling with ADHD 

Hyperfocus Hour: Hyper fixation and Up-Skilling with ADHD 

Hyperfocus Hour podcast discusses hyper fixation and upskilling with ADHD in the cybersecurity field with guest Chris Roberts, a Cyber Threat Intelligence Manager, emphasising the importance of understanding and playing to the strengths of neurodiverse individuals in the workplace. Chris discusses their experience with ADHD and how it can be an advantage in cybersecurity due to the ability to quickly extract information from limited data. Hyperfocus Hour discusses the challenges faced by neurodiverse individuals in obtaining qualifications and succeeding in the cybersecurity industry, emphasising the importance of curiosity and hands-on experience over qualifications alone. Chris suggests researching potential employers to see if they have an inclusive culture for neurodiverse individuals.

Overview Of Podcast

    • Introduction & your ADHD tax
    • Hyper fixation 2.49
    • Hiring Process 19.06
    • Exams and certifications 26:28
    • Undiagnosed in cyber security 34.41
    • Chris Advice: 45.20
    • Last Comments 47.58

About Our Host Jon and Guest Chris

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit.

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

 Chris Roberts, Cyber Threat Intelligence Manager

Chris Roberts, an accomplished expert in cybersecurity, brings over a decade’s worth of experience to the table. His professional journey in offensive and defensive cyber threat intelligence, as well as information security, is characterised by adversary-based breach and attack simulations. His record illuminates a dynamic fusion of profound technical acumen and leadership skills. Beyond his professional pursuits, Chris cultivates a well-regarded security blog and news aggregator. His interests extend to photography, music – where he showcases his talent on the drums and cinema. A fervent explorer of modern technology, Chris delves into the world of machine learning during his free time.

Transcript:

Introduction & your ADHD tax

Jon: Welcome to Hyper Focus hour. We are a podcast that is dedicated and focused to neurodiversity ADHD and also to the neurotypicals that want to learn about neurodiversity and ADHD in the workplace. What is that workplace? It’s IT it’s cybersecurity. And today I have a very special guest. It is Chris Roberts, who is a Cyber Threat Intelligence Manager, and he is going to be helping me talk about what hyper fixate and upskilling with ADHD looks like in his field. So, Chris, welcome.

Chris: Thanks for having me.

Jon: Pleasure. It’s an absolute pleasure. And I honestly cannot wait to get started on this. We’ve talked a few times in the past. You always have great insights on LinkedIn, your posts, everything. You seem to know quite a bit. You’re really passionate about this and I can’t wait to dig a bit deeper. So I’d say, before we get started, I have one question for you. The ADHD tax, what was yours this week?

Chris: So I’d probably say this week is prepping presentations for me. When you want to put a good presentation together. The sort of ADHD brain just wants to put all of the information in there because I’ve done all this research and I’ve got all this information, but it’s on purposely trying to strip that back and get it into a succinct format and then being able to present that in a decent way. For me, there’s a lot of prep that goes into getting that done. So that’s been my tax this week.

Jon: You know what that sounds at least it’s productive tax.

Chris: Yeah, I suppose so.

Jon: While you’re talking, I was thinking about my tax. I spent the weekend in Liverpool with my family. Right? Crazy, I know. You wouldn’t believe I’ve got scouse blood in me from the accent, would it.

Chris: I wouldn’t have guessed that. Yeah, no, don’t worry.

Jon:
But I spent the week in Liverpool and my uncle has a has this really cool magnetic bottle opener that you just push down and it opens the bottle, keeps bottle cap on the opener. So I decided I was going to buy it. Problem is, I don’t drink bottles of beer or bottles of soda or anything. I don’t actually have my house that much. So I spent ten quid on something I will probably use over the course of the next six months. Maybe three times.

Chris: That whole impulse control, right?

Jon: I just couldn’t help myself. It looked so cool and so satisfying just to do that with it. Okay, so I guess we’ll jump into it. We’ve covered a little bit of kind of that forgetfulness of the inattentiveness hyper fixation.

Hyper fixation 2.49

Jon: Anyone that is neurodivergent, that has ADHD, whether it’s inattentive, whether it’s hyperactive we know what hyper fixation is, don’t we? We live and breathe it. So I’m curious to kind of get your sense what is hyper fixation to you? What does it look like for you?

Chris: So, for me, I’ll get something stuck in my head. I get like a bug or just something that I’m really fixated on a problem, something I’m researching, something I want to buy. Just something that I’m really sort of just wanting to understand all of it. Right. And before I can let that go, I need to just get it done, I need to complete it, I need to finish it, I need to get the output that I need from wherever it is I’m doing. And that can last for hours, sometimes even days. If I’m troubleshooting a bit of code, for example, and I go to bed and I think, well, I haven’t managed to fix what I’m doing, I’ll be up the next morning, straight away, straight back on that thing trying to do, because I can’t leave it.  It’s just got to get done. Um, and it can seem obsessive to some people. I guess it depends on your perspective. And a lot of people may have given up by that point, which I think is actually positive for people with ADHD. They have that drive to see things through. But it’s because I know there’s a way to make it work. I know that this thing can be done, I just haven’t found how to do it yet, or I’m still researching the thing. I know there’s more to find out, and it’s either because I’m really interested in it or I’m really frustrated with it. It’s the two ends. There’s no middle ground, is there? Yeah. I’ve got to be really annoyed that I can’t do this thing, so I’m not going to let go till I’ve done it to prove I can do it. Or I’m just really interested in this thing and I’m just going to do all the research because I want to know everything about it. And you can’t choose when to kick it in. It just happens. And like I say, it’s typically because you’re interested in something,

Jon: or, as you said, you’re so annoyed by it that you can’t even though you want to go, you want to stop.

Chris: You’re just like, I can’t. Yeah. You just got to get it out the mind and get it done. And that can be really great for work. So some work situations, you can do this really amazing bits of work, and you can hyper focus for a whole day, and you can get up from your computer and think, oh, my God, it’s time to go home. I didn’t realize. But sometimes it can interfere with your personal life a little bit, where you’re so obsessed or interested in this thing and you just forget the hours of the day and you should have done some washing or put a dishwasher on or whatever it is, and you just totally forgot because you’re so interested in this thing. And sometimes it can just take, like, an external you need an external force to snap you out of it. Otherwise you just sit there and carry on doing it.

Jon: And I think the the problem with that like you know, with an external forces, you know, sometimes even if it does snap you out of it, you can still be thinking about it, can’t you?

Chris: Totally.

Jon: Yeah. It’s so frustrating and yeah, it’s just awful. But at the same time, like you said at work, it can be such a I think gift actually might be the right word or like no superpower. It can be such a superpower at work when you’re actually able to hyper focus on the right thing and you can smash out 8 hours of work in 2 hours and then for the rest of the day you’re like I’ve done basically everything I need to do. I’m free to pursue the new projects that we didn’t have time for.

Chris: It definitely can be like that. It’s strange because if you really aren’t interested in that thing you just can’t get it to kick in, you just can’t make it happen. And you think, well I’ll come back to it later. I’ll do that later. It’s a fascinating subject and there’s probably a sort of a neurological sort of biological aspect to it that we’re not looking at it from but just from the sort of cybersecurity from the recruitment side. It can be a blessing. ‘

Jon: Yeah, no, definitely. So I’m actually curious when you hyper fixate at work, has it ever strained or has it ever impacted your relationships with coworkers or managers or even the people that you lead on your team? Has that ever kind of made an impact?

Chris: So so I’m up front with everybody. I say look hey, I’ve got ADHD and I’ll tell them how it affects me and stuff like that and tell my managers and all of that. So there’s not really any surprises. I’m not trying to hide anything from anybody and I think that is a benefit. You know, if if people can’t understand why you behave in a certain way and you can’t tell them why, that can cause issues, I guess, but it’s not really caused me any issues at all in my company. I think it does also depend on if your sort of company is equipped to deal with neurodiverse people and if managers are aware of how it affects you and why it’s important to have those one to ones with your managers and say, okay, look, I’m not ready to tell the rest of the company, but I do need you to know that this is how I think. And I may seem like I’m a bit direct, but I don’t mean to be. I’m just trying to get my point across. Or it may seem that I’m forgetful and I’m not hitting deadlines or whatever the person may be struggling with, but this is why. And I have neurodiverse people that I work with, and obviously, coming from that background, I’m fully aware of other people’s struggles. So I’m quite aware of how to help people with that. So it hasn’t caused me any issues so far. Yeah. But I think I may have been lucky with the sort of team I have and the sort of companies that are well placed to look after the people with neurodiversity.

Jon: Yeah, I’ve had a couple of experiences where my hyper fixation I don’t want to say detrimental, I wouldn’t go that far, but it’s definitely caused some tension with managers I’ve had or coworkers because I’m focused on, okay, I need to fill this. Going to just hammer it out for the next kind of, like 8 hours. And my manager is like, you have meetings for the rest of the day. Like, you have training. You have to do this stuff. And I’m like, I don’t want to do that. That’s boring.

Chris: Yes. When I get this done.

Jon: Okay, so it’s not really been an issue for you, but I mean. Know, you said you had other kind of neurodiverse people on your team, and I appreciate you may not want to talk about that too much, but when they hyper fixate if they do on tasks or duties and you kind of need them to do something else, I’m just curious to get a sense of how you may have handled that.

Chis: Yeah, I mean, it can be difficult am trying to snap somebody out sometimes. I mean, I’m just trying to think from my personal experience if I’m on a bit of work and I’m just so engrossed in it, I just want to get back to it and get it done so it can be. What I find sometimes is jumping from one place to another doesn’t suit everybody. So some people can go from back to back to back to back meetings and they can jump from subject to subject to subject and they’re fine with it. But some people need to cool off after some of these meetings, so they’ll need to have their meeting. They’ll call off, write their notes, get their thoughts and stuff out, and then they can carry on with a task. So it’s really about understanding the people and playing to their strengths. So if you know someone really can’t do back to back meetings, then you try and support them when they plan their day to not put them in that situation. And I think being a good manager is being somebody who can support those sorts of people. So if you say, hey, look, you can’t do it, fine, what is it you need? I’ll try and step in and maybe take that over from you and help you with that. But yeah, I try to let my team choose what they want to do because that’s the best way to keep them focused. Right. If you want to do something that you’re interested in, as we’ve just discussed, we’ll high all day on there and we’ll get it done. There’s obviously tasks that come up that nobody wants to do and you just got to be sort of sensible and say, well, it needs to get done, and pick it from our Jira board and just get on with it. And if you do struggle, give me a shout and I’ll help you out of it. And that’s the way that.

Jon: Okay. So it sounds like probably because you are neurodiverse yourself. It sounds like you really have a good way of handling when people hyper fixate or like I said, when they don’t want to do a low dopamine task. And it sounds like it’s going quite well for you. Would you say that something that could be kind of carried across the board beside of security?

Chris: I don’t know. I think it’s a difficult one, I think because I have a history of it and my family have got neurodiversity and people at work have got neurodiversity and I have it, I understand it, so I know how to deal with it. There’s a lot of people that don’t understand it at all, don’t understand not just ADHD, but just neurodiversity as a whole. So they’re not always well placed to be able to manage that type of person. So yes, I think there’s an element of training that will help with that, but I also think it’s having neurodivergent people in management positions who understand the people to help push that through. But there’s no easy way to fix it, I don’t think.

Jon: Yeah, there really isn’t. I know there’s a big statistic out there. Oh gosh, I’m going to butcher this, but I’m going to try anyway. I know it’s a big number. I believe like 25% neurodiverse people are like 25% more likely to struggle in their career or to essentially job hop, which obviously means if you’re hopping jobs, you’re struggling more in a career, you’re less likely to get into senior leadership or even management positions. So. It’s it’s it’s interesting to hear from your perspective, as you know, as a leader in your you know, in your field and in your in your industry, how you manage other people with neurodiverse people and also kind of recognizing that ironically well, not ironically, but yeah, ironically. One of the things that would help is if we had more neurodiverse people in management positions and also realizing that we we as kind of a group, if you will, struggle to get into those positions, basically because of the way that our brains are wired, isn’t it?

Chris: Yeah. And it does take practice, and it does take having coping mechanisms and little cheat sheets in your brain to sort of get that done. But yeah, I do believe neurodiverse people have a lot to offer. They just need the opportunity sometimes. Sometimes it just takes that one person to give you a chance and then you’re away.

Jon: Yeah. Could you elaborate a little bit on how your ADHD because if I remember correctly, you were combined, aren’t you, in a sense of anticorruptive?  Yeah. So would you be willing to elaborate a little bit on how your ADHD has affected your profession and if there’s any superpowers? I know you’ve already talked a little bit about the hyper fixation.

Chris: Cybersecurity, there’s a lot to take in. There’s so many elements of it. You got all the research, you got to understand all the technical side of it. You got to make connections pretty quickly. And I do think people with the ADHD brain are very good, putting two and two together really quickly and extracting information from limited data and coming up with an answer really quickly, and nine times out of ten, they will come up with the right answer. When somebody’s only sort of halfway through their conversation, they’re like. I already know what this is. And that can actually be quite frustrating because somebody can be talking, they’ll be explaining the thing and go, right, I know what this is, I’ve got the answer. But they’re only halfway through what they’re saying, so now I’m sitting there waiting for them to finish talking and I don’t want to forget what I now know is the answer. So either I have to go and write it down, or if I have to try and keep in my brain, I’m now not listening to what you’re saying because I’m just waiting for you to stop so then I can say my big because then I’ll forget otherwise. Right, so it’s having those coping mechanisms in place to say, right, well, I need to also listen to what you’re saying now, so I’m going to quickly write that down. And yeah, I’ve noticed that a lot through not my team, but just peers across the industry that have ADHD and neurodiversity and that’s why I’ve always got a notepad on my desk. I’ve got a phone with a stylus. So if I really am out and about and I’ve got nothing, I can always write a little note on my phone. Sometimes you just need a little reminder just to get you back on track so you can be doing all this amazing work and getting all of these conclusions from little bits of data, but you might just need someone just to guide you back onto course. And I think having a good manager helps there. Like I said, it’s good that you can put all these things together, but you also need to stay on focus of what we’re trying to achieve is so having someone that can say, brilliant, excellent, great work, but we also need to focus on this as well. I think there’s an element of that as well.

Jon: Yeah. No, I completely agree. I can’t tell you how many times I’ve been to meetings and like you said, someone says something like, we need a solution or we need to figure this out, or they start talking. I actually just had. Actually just had our annual review meeting about a week ago, and halfway through one section, I was sitting there listening to it, and I was like, I already know what they’re going to say. I’ve already figured it out. And there was no clear context or kind of indicators or anything. I can’t describe how I knew what they were going to say, but I knew what they were going to say, and so my brain switched off and immediately went to the next thing. Was that’s the next thing on the list? Okay, I’m going to try and figure that out. And by the time they got to what I figured out, they said it, and I was like, I was right. Yeah. And that’s what I’m saying.

Chris: Right. So ADHD brains are very good at troubleshooting and fixing problems, and we generally come at it from a different angle than other people. Like, you’ll say something, oh, this is the answer, and they go, I didn’t even think about that. That was really obvious to me. Like, within seconds I got that. So I don’t know. I think it’d be weird to not think the way that I think I always have done. Right. And it’s got me where I am today in my career by being good at doing that.

Hiring Process 19.06

Jon: Yeah. About thinking outside the box. Yeah. I’m curious to get an idea of this. Obviously, interview processes, hiring processes can be a bit they can be scary and challenging for 90% people already. When it comes to neurodiverse people, a lot of us are very visual people, and we especially struggle from rejection, sensitivity, Dysphoria, all of this stuff. I don’t know if you’ve hired on your team personally, but if you have, did you change the process at all for neurodiverse people, or if you haven’t, what would you ideally. You know, change about like a hiring process just to try and help ADHD neurodivergent people. I know it’s a very long question.

Chris: Yeah. So I have done some interviews and hiring for my team and I don’t change interview process for any specific type because the way that I do it is very sort of accessible to everybody anyway, right. So the way that I do it, a neurodiverse person, obviously, if they ask for specific things, then you obviously tailor it for that. But if they don’t ask for any adjustments, then I just try and keep it as simple as possible. Which means no matter who I’m interviewing, it should work for everybody anyway. Right? Yeah. Personally, the whole sort of interview side, it’s the unknown, right. And it doesn’t mean you don’t know what you’re talking about. You just don’t know what’s going to come up in that interview at that time. So if you can offer an agenda to somebody so if somebody wanted to come to my team and said, what questions are you going to ask me? I said, Well, I’m going to be talking about this subject. I want to know about that subject and I might ask you about this sort of thing. So you’re not given specific questions like answer ABCD, but you’re saying, these are the topics we’re going to talk about. They can then go and write their notes. So I’ve got no problem with somebody being on a call with a notepad and looking at their notes and answering my questions because there’s no point in me having an interview with somebody who can’t answer anything because they just can’t think of it on the spot because that’s a wasted interview. Right. But if I’m saying read your notes, fine, but at least you can answer my questions and we can have a proper conversation because you’re prepared. And and so, so I like to do it that way. But if there are adjustments that need to be made, then of course, you know, you you say that to to the person.

Jon: But yeah, I think that’s really good, actually. So so you let them have, like kind of you like you said, you kind of let them have notes to cover. Not the specific questions, but the topics that you’re going to interview them over. Yeah, I’ll be honest, I’ve never seen or heard someone on your end, especially, do that before. Let an interviewer or sorry, an interviewee have kind of a notebook about the potential topics, and I can’t tell you the amount of times that would have been helpful for me.

Chris: And again, it’s because I know what it’s like on the other end of this. Right. So I think because I have a full understanding of what it feels like to be on that side, I can put that in place for the other people.

Jon: The amount of times I’ve had questions of I’ll use Bartending for an example. It’s it’s a bad example in this case, but it makes sense. If I was interviewing for a new bartender position, if I had a note on, have you ever created a cocktail? I’d be like, yes, and this is why, and this is what we did, and this is the flavor profile. But then if they ask me straight up, have you ever created a cocktail? I’d be like, yes, I have. I know the ingredients, but I couldn’t tell you the flavor profile or the reasoning behind it because my brain is just suddenly fogged over, and then that’s.

Chris: Not useful for anybody. Exactly. So you’re like, yes, he does know, but he can’t tell me why. Let’s get rid of him. Because he doesn’t know how to answer the question when actually if you’d have played to their strengths and give them that opportunity to say, this is the actual answer here. This is what I wrote, and this is the thing that I made, I just couldn’t remember off the top of my head. You actually get to know the person there. You get to understand their capabilities. And when you think in real life, it’s people look stuff up in your job, you don’t have everything in your head, and they’re ready to access it. People will always go and Google something. They’ll go and ask a colleague, oh, do you remember how we did so and so? Oh, yeah, you do this. Cool. So why should an interview be any different, you know?

Jon: Yeah, exactly. Well, just yesterday, I spent the weekend in Liverpool with my family, took the train down, got into Houston, and just last night, even though I know the way home, I still pulled up my phone and thought, okay, what’s the best way home? There’s two or three routes that I can take, depending on the time of day, blah, blah, blah, and how lazy I’m feeling realistically. But I still wanted I still wanted to look it up just to see that I was making the right decision. It’s not because I don’t know it it’s literally to reinforce my own my own knowledge or information of where I’m going in the situation to make sure that I’m making the right decision, the fastest decision in this situation. And it’s the same thing, isn’t it?

Chris: Yeah. And it makes sense. If it works for you, it works for you. It might not work for someone else, but that’s fine. They can do it their own way.

Jon: Yeah, I think. And that’s one of those cases where if you have someone that’s going to be interviewing for you, if you give them the general concept or idea or topic, they could hyper fixate on that and they could actually end up remembering it and not need the notes. That’s so possible. And then you’re getting the best of both worlds, aren’t you? Because then that person is like, oh, man, I’m really passionate about this right now. I can show off.   I know my stuff. You’re impressed. You’re like, I want this person right here. Let’s not even bother with the third stage.

Chris: But when it comes to interviews and stuff, there is a stigma around, um, ADHD and neurodiverse people. Not every employer wants to or has the capability to take somebody on with neurodiverse issues. So I do think there’s a lot of work in the recruitment area that needs to be done around. Hiring neurodiverse people and taking their stigma away.

Jon: Yeah, no, absolutely. And obviously that’s one of the points. One of the things we’re trying to do here with this podcast with Hyper Focus Hour is we’re trying to reduce that stigma on ADHD, what it looks like neurodiverse, particularly in the security field, and try and help people. Such as ourselves or yourself. More specifically, break into security and equip them with the tools that they need to be able to interview better and succeed when they hyper focus and how to break out of that when they need to do meetings. Everything we’ve talked about so far. But yes, there is a long way to go, but that actually leads into something I also kind of wanted to talk about was exams and certifications. Obviously, there’s a lot of exams, there’s a lot of certifications, there’s a lot that goes into security.

Exams and certifications 26:28


Jon: Security is, by its nature, you have to constantly be learning. You have to have your brain essentially open as a book, don’t you? Yeah. If you’re a visual person how do I put this? Let’s see if you’re a visual person and if, like you said, you don’t necessarily remember, you’re not built to regurgitate, essentially. How do you or how have you handled the certifications and the exams and stuff? First of all, types of ADHD.

Chris: So there’s the inattentive and there’s the hyperactive, and then there’s the combined, and then on top of that, there’s a scale along that as well. Right. So not everybody has the same sort of types of ADHD. So. When it comes to exams, for me at least, my weakness is on the spot. Memory recalls just that executive function sort of issue, right? And the way I try and explain it is, think of like Google’s website, right? In the back end, they’ve got this database, they’ve indexed all the websites in the world and they have the information, it’s all there and you know it’s there. And when you go and do a search on their search engine, for whatever reason, it just didn’t work. And it’s not because the information isn’t there, because we know it’s in their database on the back end, but the search button didn’t work. So you’re thinking, I know, I know this, but I just can’t get the result, I can’t think of the answer right now. And then all of a sudden it’ll take something like a little hint or a bit of the word or an external prompt or whatever it is, then all that information comes back and you go, I know what that is now. But you need that cheat sheet, that external prompt, that note, that something to kick that memory back in. And that’s why with exams, a lot of them are closed book exams, you just need to remember the stuff. So for people who already struggle with just keeping things at the front of their brain for memory, they’re already a disadvantage for the exams. If you had open book exams, and there are some, but there aren’t many, but if you had open book exams where you could take some notes and obviously they could vet them in some way before you come in to see that you’re not just got the answers written down. Yeah, but you can say that, here’s my notes, here’s the highlighted bits that I’m interested in, and then you can go and do that exam, you get that visual reminder, you get that external prompt and you can go and answer the questions. So I struggle with exams purely because my memory isn’t as designed for it to work that way. Some of these exams are free hours, 4 hours long. So that’s 4 hours worth of stuff that you need to just remember when you already know that you struggle to remember things off the top of your head anyway. So I prefer to go down the route of doing courses and getting that education. So I’m still learning the same stuff, I’m still knowing how to do the job, I’m still doing that but I just don’t have the qualification at the end of it. Um, and, you know, I think I probably could do the qualifications, but it would take me a lot longer than other people because I have to train my brain in a way that’s not used to, and I have to try and find a way to sort of memorize things that other people may just be able to do naturally.

Jon: So you almost have to embed yourself, you almost have to take the hyper fixation and then multiply it and fully embed yourself. And let’s just use like CISSP, just fully immerse yourself in it but probably for twice as long and for double the intensity than a neurotypical person just to be able to pass the exam.

Chris: Yeah, it has to be all consuming because I can’t think of anything else because I just need to get through this exam. And that can be a detriment to your personal life. They can be detriment to work because you’re going to have to say actually I need to book a week off work because I just need to spend this next week just studying intensely just to get this thing done. And you know, I’ve always preferred to do be hands on and be self taught because I know that’s how it works better for me and you know so so it, it can be difficult. And like we were talking about interviewing earlier. So if we see two people with a qualification and one with that doesn’t necessarily mean I will always go for the one with the qualification because I’m more interested in the way people think. You can have someone who’s really curious, they just want to. Know how that things work and they’ll rip it apart and they’ll sort of take it down to the bones and they’ll put it back together again. And you can’t always teach that. You can teach those people things, but you can’t teach people to be curious if they don’t have that mindset. Sometimes they can be people that study, they know the stuff from the book. But when it comes to these real world situations, they don’t actually know how to trouble shoot, they don’t actually know how to rip things apart and understand the fundamentals of how they work. So qualifications, yes, they’re a good benchmark for somebody’s ability to remember and sort of apply knowledge in situations, but that doesn’t necessarily mean they’re the best person for the job.

Jon: Yeah, okay. And again, that kind of goes back to the hyper fixation, doesn’t it? If you’re a naturally curious person, then the chances are let’s go back to interviews. Again, if you’re naturally curious person comes out in interviews, let’s say for hypothetical reasons, obviously well, no, that’s not the word. Anyways, for curiosity’s point, ironically, let’s say you have someone in an interview that has disclosed prior that they’re ADHD, we tailor the new view for them, and then you ask them that question what are you curious about? Or what have you hyper fixated on? And they tell you, oh, I’ve never worked with MIT or an attack, I’ve never used it. Now, obviously it would be a bit ridiculous, but again, just for argument’s sake, then they say, I’ve never worked with it. So I hyper fixated on this entire framework. I’ve done courses on it, I’ve watched YouTube videos, I’ve read books, I’ve done everything. Now, what would you think of that?

Chris: Yeah, like I said, for me, that person has because they’re curious, they’ve gone and they’ve got that self. To go and understand something, whereas somebody who said, Well, I passed my Ceosp. I don’t need to worry about understanding this because I’ve got the qualification. Yeah, okay, you do have the qualification, but if I asked you to go and do the same sort of thing and take that whole framework in, they may struggle with that. Not everybody, of course, but they may struggle with that because it’s just not the way their brain is designed. And they don’t have that desire to pull that framework apart because they don’t understand it. It’s not to say that everybody on the team has to have a neurodiverse issue. You want people to complement each other on a team. So you may have someone who’s really good at this thing, but not so good at something else, whereas a non neurodiverse people might be really amazing at this thing. So it’s about having that team balance. Yeah.

Undiagnosed in cyber security 34.41

Jon: Do you think that’s why the more cyber professionals I talk to, such as yourself, entry level, even CSOs and things, I’ve been seeing a trend of it’s. A lot of security engineers, a lot of threat intelligence people, and a few DFIR specialists that are, if not ADHD, are definitely neurodiverse, maybe have ASD. Do you think there’s kind of like a silo in security that maybe fits the ADHD brain more so than others?

Chris: Yeah. So I think there’s a lot of people in security that may be undiagnosed with neurodiverse issues. And I think it’s maybe it’s the technical side of it. Maybe it’s the troubleshooting side. There’s something about that. You need that thing to fix, that thing to focus on, that drive to want to understand. And I think those more technical roles generally provide that for people. Um, I mean, there there may be other roles around the business that do a similar thing, but from a cybersecurity perspective, there are a lot of people with neurodiversity diagnosed or undiagnosed that sit in that function.

Jon: Without doubt. Yeah, because I’ve worked a couple of GRC roles and I’m thinking about it, I’m like, why would anybody want to sit there just on an Excel spreadsheet for 8 hours a day or something? I could never do that. But then I talked to yourself or to some technical security engineers and I’m like, yes, I want to hear all about what you do. This is awesome.

Chris; Yeah, there are elements to it. There are elements to it that are boring. Right. You have to sit in that spreadsheet, but that’s where you lose that hyper focus and you have to train yourself, say, look, I’ve got to do a job and I just need to do this task. And it’s sometimes just forcing yourself to get around and doing these things, even though it may not be the thing that you want to do. You might want to go and do that formula somewhere else. It does take a bit of self control, which is what we struggle with anyway. Right, so it’s just practice really. But when we’re talking about the sort of education side of things, I think with the AI tools that are coming out now, like the Chat GPT and some of the other local language models that are coming out, they’re allowing education to tailor it for specific people. If you got a classroom of 30 people, a teacher can’t does doesn’t have the time to individually tailor content for each person it’s designed here’s a course for a class and I’m just going to present it to the class. Whereas if you could take that education from the teacher, then take it back into one of these AI chat tools and say. My teacher was talking about XYZ the other day and I didn’t really understand this part of it. Can you tell me as a five year old or a ten year old or a 20 year old, how this works? And then they can give you an answer and you can follow it up and go, okay, but what about this bit? And then you have that tailor bit. So whatever you can use to make you understand it is a benefit, I believe, and I think you’re going to see that more in the future with these AI Chatbot tools to allow. I mean, I know schools are banning them at the moment because they’re worried.

Jon: That exams and stuff, yeah, worried students. Are going to cheat.

Chris: But I think that doesn’t that show that the education system needs to come up modernize, to come up with the times, to be able to work with these tools instead of work against them. So use things like Chat GPT in the classroom and say, go and ask the tool an answer to this, and then everyone submit your answers and sort of integrate it into their education system. But I don’t think we’re there yet.

Jon: This is a tangent, but what’s funny is, with Chat GPT, while schools are banning them, I would not be surprised if there are teachers that are going on to Chat GPT. I’m hungover or something. Can you please write me a lesson for tomorrow?

Chris: I can guarantee there are yeah,

Jon: I know a couple of teachers and I can definitely say they haven’t done that yet, but I’m waiting for the moment that I meet them in the pub or something and they’re telling me, like, oh, yeah, one of the teachers at the school got in trouble for doing that. I’m just waiting for that because I know it’s going to be hilarious, it’s going to be great, but, yeah, no, I see what you mean. With AI tools, the more you can tailor that to the specific person, and that’s a trend we’ve been seeing for the last, what, probably 15-20 years. It’s more about the individual now. Than it is about the company or the masses. It’s how can we make a bespoke experience for the individual? And I think with neurodivergence and our struggles with hyper focusing or lack thereof, and because it’s a low dopamine task or something, I actually think that can be that’s really powerful. Because, you know, spaces where we where we traditionally struggle. The more it’s tailored, it’s more bespoke to us, which I think some people would argue could be special treatment or something like that. And maybe to an extent it is, but we’re neurodivergents living in a neurotypical world, so should we have that special treatment in quotes?

Chris: I don’t know. It’s a difficult subject if you try and put it the other way, if you had a neurotypical person that said, right, today you’re going to work with an eye patch on one eye, so we’re going to take a bit of you away that you’re used to having, see how you get on. We’re going to play darts today. Right. And hang on, that’s not fair. Yeah, I know, but that’s what it’s like sometimes. We’re missing something and we’re making up for it by putting 110% effort in. So I may not be able to understand your way of thinking, but I make up for it in my own way, so I’ll do it another way to sort of get around that.

Jon: That might actually be one of the best descriptions I’ve ever heard of what it’s like to be neurodiverse. I’ve never thought about it that way.

Chris: Because think about it, right? So by default, we’re already not underdeveloped, but we’re struggling with executive function or impulse control or whatever your sort of diagnosis is. So for you to appear normal. In air quotes. You have to put extra effort in to do that. Sort of ties in a bit with introvert and extrovert. I think for me, I’m a bit introverted anyway. And every time I interact with someone, you can think of it as like the coin system, right? So I spend a coin, I start the day with ten coins, I’ve interacted with you. I spent two or three coins ends, I’ve got some left for the rest of the day and that’s enough to get me through the day and that’s my energy level is gone by the end of the day. I’ve used all my ten coins up, I’m exhausted, I’m done. I just sit in bed and watch Netflix. Whereas the extroverts are the other way around. They start the day with no coins. Every interaction they have, they get a coin. So they’re taking a coin each time they’re getting their interaction. By the end of the day, they’re buzzing. They’ve got their ten coins. They’ve spoke to loads of people and they’re really happy. And I think some of the neurotypical people, like, like I say, they, they have that that ability already to do things that we can’t, right? So, so they, they’ve already got the coins. We already start with a couple less. So if you took took their coins off them at the start of the day and say, actually, you’re going to start with two less and we’re going to give ourselves those two and see how it levels up. It’s not as simple as that, but.

Jon: The idea of it, that’s the general idea. How would you think from your perspective and experience? How could educators I’m going to backtrack because I just thought of this when we were talking about exams and certifications. I’m obviously American. I don’t know how the I don’t how the system works here, but at least in the States, when I told my university I had ADHD, I was given special time for exams. I could even take note cards in. I don’t know if it works like that here and if it doesn’t. More so for security exams than for actual kind of higher education. How do you think that these security exams or certifications and employers potentially could try and be more inclusive or give us the coins that everyone else kind of already has?

Chris: Yeah, so I think there are and obviously, I’m not an expert in the exam space, but there are some boards, examination boards, that will give you that extra time. They’ll allow you to sit in a room by yourself so you don’t get those distractions, which is the equivalent of you having those extra two coins right, that the other people you would have taken away from. I believe there are systems in place to deal with that. How widely adopted that is across the whole industry, I’m not too sure. But I do know from wider family, when they’ve done exams and they’ve said they’ve got ADHD, they have had systems put in place to allow them the extra time, to allow them that room. I don’t know about notes and stuff, but they have had some sort of allowances in place. It may be a common thing, but I’ve not gone too deep into that.

Jon: Yeah. Okay, so it’s not all doom and gloom. It’s not all doom and gloom anymore. Okay, so there’s some progress being made, but maybe there’s a little bit more we could be doing. Yeah.

Chris: And I know with a secondary school. So, again, my son’s got ADHD as well, and they are putting systems in place for that, for when the exams and stuff come up.

 

Chris Advice: 45.20

Jon: Okay, I realize we’re nearly out of time, but last kind of question for you. Let’s say for someone who’s coming into cybersecurity, who has ADHD or is neurodiverse just in general. What kind of encouragement or advice would you like to give to them?

Chris: So for coming into the cybersecurity area, I would recommend starting off going down a help desk route. Okay? So you learn a lot very quickly, you have a lot of different environments, different situations, different, um, things to troubleshoot and fix and that will build up a good foundational knowledge of sort of It and cyber in general. So that’s the route that I would suggest coming down. In terms of the neurodiverse part, like I say, it’s difficult because if you declare too early that you’ve got ADHD, that might put some employers off, whereas some others are fully happy for you to do that, right? So I think if you’re worried about mentioning it, it’s looking at the employer going to see if they mentioned about neurodiversity on their website, if they have that inclusive and diversive culture. And you’re probably more likely to be able to be in a safe place then to be able to discuss it and talk about it. But otherwise I would just mention it at the interview. I would just say, sorry, I don’t know. The answer to that question is, because of my ADHD, can we maybe rephrase it or put the question in another way, or can you explain it in a different sort of way? I don’t find it anything to hide behind. I’m not ashamed of having ADHD because it’s me, that’s who I am. And maybe it’s because I’m a little bit older and I’ve sort of just been through my life. When I was a kid, ADHD didn’t exist. I was just the kid that couldn’t sit still or my leg was fidgeting under the desk and stuff like that. So I’ve just had to cope and deal with it. So I think that sort of put me in a better position and. It, but, yeah, I’d say just be yourself, honestly.

Jon: So be yourself. Go through it kind of help desk route. Okay, yeah, I think that’s good advice. From my side, I would say reach out to recruiters anyone that is wanting to start your career, reach out to recruiters. We’re here to help you, especially myself. If you have ADHD, you’re neurodiverse, I will put my arm and leg out for you. More than happy to do that. Can’t always help you, unfortunately, but I will always give you my best and I will, obviously, if I can’t help you, point you in the direction that I think might help you the best as well.

Last Comments 47.58

Jon: But, Chris, thank you so much for your time, your experiences, your insights. It’s all been so valuable. Last thing for me to you and to the listeners, to the watchers, to the viewers, everyone, don’t forget to stand up, drink some water and take a break.

Chris: That is good advice because I should probably go and do that now myself, actually.

Jon: All right, well, next week we will be talking about something entirely different. It’s going to be a little bit more generic. Chris, I hope that you tune into it. Everyone else obviously hope you do, and I can’t wait to see you again. And Chris, again, thank you so much.

Six-month update on data breaches 2023

Six-month update on data breaches 2023

Data breaches have been on the rise for several years, and this trend isn’t slowing down, where 2023 has been no different. Data breaches have affected companies and organisations of all shapes, sizes, and sectors, and they’re costing businesses across the world millions in damages.  With the US Government, Discord, and Twitter have all disclosed cybersecurity attacks over the past six months.

High profile data breaches include:

May 12 - US Government Data Breach

Personal information pertaining to 237,000 US government employees had reportedly been exposed in a Department of Transport data breach. It was reported that the breached system is usually used to process “TRANServe transit benefits”, which are effectively transport expenses that government employees commuting into offices can claim back. The Department of Transport released that it had “isolated the breach to certain systems at the department used for administrative functions”. No systems that deal with transportation safety have been affected.

May 12 - Discord Data Breach

Messaging and video chatting platform Discord has told users that their information may have been exposed in a data breach after a malicious actor gained access to it via “a third-party customer service agent”. Discord has told users that their email addresses and customer service queries – as well as any documents sent to Discord – may have been accessed. The customer service agent’s account has been locked and the company is in the process of ensuring that no persistent threat remains on their devices or network.

May 1 - T-Mobile Data Breach

T-Mobile has suffered yet another data breach, this time affecting around 800 of the telecom provider’s customers. According to recent reports, customer contact information, ID cards, and/or social security numbers were scraped from PIN-protected accounts, as well as other personal information pertaining to T-Mobile customers. A data breach notification letter sent out to customers by T-Mobile, and published details the full extent of the data accessed by the threat actors.

Unfortunately, this is the ninth data breach since 2018 and second this year already. In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems in November last year and stole personal information, like names, emails, and birthdays, from over 37 million customers. Once they identified the data breach, they were able to track down the source and contain it within a day.

May 12 - US Government Data Breach

Personal information pertaining to 237,000 US government employees had reportedly been exposed in a Department of Transport data breach. It was reported that the breached system is usually used to process “TRANServe transit benefits”, which are effectively transport expenses that government employees commuting into offices can claim back. The Department of Transport released that it had “isolated the breach to certain systems at the department used for administrative functions”. No systems that deal with transportation safety have been affected.

April 10 - Pizza Hut/KFC Data Breach

Yum! Brands, has informed a number of individuals that their personal data was exposed during a ransomware attack that took place in January of this year. The hospitality giant confirmed that names, driver’s license, and ID card info was stolen. An investigation into whether the information has been used to commit fraud already is currently underway.

April 6 - MSI Data Breach/Ransomware Attack

Computer vendor Micro-Star International has suffered a data breach, with new ransomware gang Money Message claiming responsibility for the attack. The group says they’ve stolen 1.5TB of information from the Taiwanese company’s systems and want $4 million in payment – or they’ll release the data if MSI fails to pay.

A member of the ransomware gang said to an MSI agent in a chat “Say to your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios.”

March 24 - ChatGPT Data Leak

A bug found in ChatGPT’s open-source library caused the chatbot to leak the personal data of customers, which included some credit card information and the titles of some chats they initiated.  “In the hours before we took ChatGPT offline,” OpenAI said after the incident, “it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”

January 4 - Twitter Data Breach

Twitter users’ data was continuously bought and sold on the dark web during 2022, and it seems 2023 is going to be no different. According to recent reports, a bank of email addresses belonging to around 200 million Twitter users is being sold on the dark web right now for as little as $2. The data is still being leaked by various threat actors.

How do I prevent my organisation from data breaches?

Prevention is the best protection when it comes to cyber security, although 80% of data breaches are caused by external actors, therefore rigorous training of staff to help recognise phishing emails and malicious activity is a must. IBM Cyber Security Intelligence Index Report states “human error is a major contributing cause in 95% of all breaches. Human errors, meaning breaches caused unintentionally through negligent actions of employees or contractors, were responsible for 21% of breaches in organisations.”

In addition, unauthorised access to networks is often facilitated by weak business account credentials. So, whilst passwords are still in use, a password manager will allow to create robust passwords that are sufficiently long and different for every account held. However, additional security measures are needed, like 2-Factor Authentication, wherever possible, to create a second line of defence.

Tech Layoffs – What is happening?

Tech Layoffs – What is happening?

Layoffs have been making the headlines, and this seems to be centred around one job sector: tech. According to The Challenger Report, the tech industry increased its layoffs by 649% in 2022, which is the highest since the .com bubble more than a few decades ago. Where more tech employees were laid off in 2022 than in 2020 and 2021 combined.

Overview on few tech companies incurring job losses

ZipRecruiter

Job losses: around 270 staff

Recruitment platform ZipRecruiter announced it was laying off 270 of its staff, due to economic pressures leading to a poorer than expected demand for new employees. According to the company, half of those affected are in sales and customer support. CEO, Ian Siegel, also agreed to take a 30% pay cut.

BT

Job losses: around 55,000 staff

BT announced that it was shedding 55,000 jobs by the end of the decade, reducing the number of employees from the current 130,000. Cuts are expected as the firm finishes work on the UK fibre network, and fewer requirements for maintenance. In addition, CEO Philip Jansen stated that a fifth of the roles are expected to be replaced by AI.

Vodafone

Job losses: around 11,000 staff

Vodafone’s newly appointed CEO, Margherita Della Valle, announced that the company would be cutting around 11,000 roles over the next three years, from one million employees. The CEO stated that the results of the company’s financial year were ‘not good enough’, and that the new priorities were to ‘simplify our organisation’, and reallocate resources to better serve customers.

LinkedIn

Job losses: around 716 staff

LinkedIn is to cut 716 roles, CEO Ryan Roslansky states that the cuts to jobs in sales, operations and support teams were designed to streamline the decision process. However, Roslansky also stated the move would create 250 new roles. It was also announced that it would be removing its service from China.

Dropbox

Job losses: around 500 staff

Dropbox announces job cuts of 16% of its company workforce. CEO Drew Houston blamed the company’s stalling profits on the economic downturn, and the need to pivot to an AI-driven strategy.

Lyft

Job losses: around 1,200 staff

Lyft announces restructuring measures, including cutting around 1,200 roles at the company, around 30% of the company’s 4,000 staff.

Buzzfeed

Job losses: 180 staff

Buzzfeed announced job closures, including the shuttering of its Buzzfeed news division. In a memo to staff, CEO Jonah Peretti stated that the company could “no longer afford to fund” the news outlet.

EA

Job losses: around 800 staff

EA announces that it is cutting 800 jobs, around 6% of its global workforce, as well as reducing office space. CEO, Andrew Wilson said that the company was moving away from projects that don’t contribute to the company’s strategic priorities, and carry out restructuring.

Indeed

Job losses: around 2,200 staff

Indeed announces that it was cutting 2,200 roles at the company. CEO Chris Hyams said that the cuts were hard to make, but taken ‘with care’, and blamed the losses on a diminishing job market and the expectation of fewer openings in 2023/2024.

Amazon

Job losses: around 9,000 staff

Earlier in the year Amazon already announced 18,000 redundancies, however, another 9,000 job cuts were made recently. Roles affected included those in Amazon Web Services, gaming division Twitch, advertising, and human resources. In a statement, CEO Andrew Jassy blamed the job losses on an ‘uncertain economy.’

Meta

Job losses: around 10,000 staff

Meta confirms that it is laying off 10,000 members of staff. CEO Mark Zuckerberg releases a statement on the company blog stating that from here on, efficiency will be a key goal of the company.

ebay

Job losses: around 500 staff

eBay intends to lay off around 500 of its staff, globally. Which amount to around 4% of the companies total workforce, where CEO Kamie Iannone, state this will allow additional space to invest and create new roles in high-potential areas – new technologies, customer innovations and key markets.

Zoom

Job losses: around 1,300 staff

Zoom announces that it is laying off 1,300 staff, around 15% of its workforce. Zoom experienced a meteoric rise during the pandemic, with its name becoming synonymous with web conferencing to the general public. Now however, the company is tightening its belt, blaming the “uncertainty of the global economy”, as chief executive, Eric Yuan, put it in an official statement.

Why are there so many big tech layoffs?

Over hiring

Tech companies hired big during the pandemic. With a vast majority of the world stuck at home, the demand for tech was higher, and tech companies were innovating faster to keep the world communicating with each other. Where users were spending more time online than ever before, and to keep up with demand, tech companies needed more people.

With the pandemic over, the reliance on tech has subsided slightly, and with that, many tech companies have felt the need to prune their staff.

Investor pressure

It only takes one big tech firm to make layoffs to start a domino effect among other companies. When investors see competitors making cuts, they’ll demand the same too. Unfortunately, job cuts are a quick way to make substantial savings for companies, and keep investors happy. For example Twitter cutting its workforce, and remaining operational for a much lower cost, investors are bound to notice.

Artificial intelligence

The huge boom in AI has certainly cast a shadow over the big tech workforce. Recently Goldman Sachs predicted that a massive 300 million roles could be automated, and there are plenty of jobs at risk from AI.

With also starting to see some tech companies cite AI in their layoff statements. Dropbox dedicated a lot of space to AI in its most recent layoff communication, which resulted to 500 workers losing their jobs.

Inflation/economic uncertainty

It’s an inescapable fact that consumer’s spending power has declined in the last year, with demands for tech services and products declining with it. The cost of living has hit many hard, and multiple factors such as inflation and the war in the Ukraine severely affecting the global economy. While the UK and US isn’t officially in a recession, many financial experts suspect it’s more a case of when, rather than if.

How to avoid redundancies?

If you’re concerned about performance at your company, tech solutions may be able to help optimise your workflow, maximise performance and save you money on a monthly basis. This could help reduce the need for redundancies in some situations.

This is where Via Resource can help, by providing solutions to streamline project management, improve communications (enabling staff to work efficiently from anywhere, and reducing office costs) and defend against cyberattacks that could majorly disrupt your plans. For more information please contact us.

Subscribe To Our Newsletter

Job losses: around 270 staff

Recruitment platform ZipRecruiter announced it was laying off 270 of its staff, due to economic pressures leading to a poorer than expected demand for new employees. According to the company, half of those affected are in sales and customer support. CEO, Ian Siegel, also agreed to take a 30% pay cut.

Why Continuous Security Testing is On The Rise For Organisations

Why Continuous Security Testing is On The Rise For Organisations

The global cyber security market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026.

One big area of spending includes the art of putting cyber security defences under pressure, commonly known as security testing. MarketsandMarkets forecasts the global penetration testing market size is expected to grow at a Compound Annual Growth Rate (CAGR) of 13.7% from 2022 to 2027. However, the costs and limitations involved in carrying out a penetration test are already hindering the market growth, and consequently, many cyber security teams are making moves to find an alternative solution.

Continuous security testing is a dynamic way to identify and counter the risks that exist in the digital world and may put the organisation’s data and safety at significant risk, compromising brand integrity and client trust. Continuous Security Testing is believed to be the best possible approach to take when it comes to any organisation’s security strategy. Adu Ansere, Principal Consultant Via Resource explores how continuous security testing can help you deal with a multitude of security challenges that you may be currently facing or may encounter in the future:

Evolving cyber threats

Every day, we hear about companies and large organisations that suffer from successful cyber attacks that compromise their data security and integrity. As technology continues to progress, attackers are finding new and improved ways to counter even the most advanced security measures, exploiting the smallest windows to sneak into a protected system and wreak havoc. Continuous security testing is arguably one of the most effective counter to the question of these ever-evolving cyber risks.

Improved bug fixing

Most of the currently available tools only give you a limited picture of the current security operations at your organisation. Your operations and the makeup of your infrastructure will change regularly, whether there is a change in policy, the introduction of new technology, or a change in staff. Not accounting for the evolving IT environment will create gaps and blind spots that expose the organisation to risks and threats. With continuous security testing, you can acquire a more complete and reliable idea of the current security status of your organisation as it is highly dynamic and provides information in real time.

Secure agile development

If your organisation operates with an agile approach, continuous security testing becomes something of a necessity. With every change you make to your applications throughout the product life cycle, you can perform simultaneous testing to detect emerging vulnerabilities and nip them in the bud before they potentially go unnoticed and create post-deployment problems.

Subscribe To Our Newsletter

Reduce costs

While security is undoubtedly a critical part of your company’s strategy, you do not want to spend half of your budget in this regard. Typical penetration testing practices tend to be quite straining on the budget and end up using most of the resources without providing many benefits in return. The goal is to maximise the ROI with the tools you choose to use for this purpose. Continuous security testing allows you to do exactly that, letting you identify risks early in the process that helps you extract maximum information in a quick time.

Combining the advantages

While continuous pen testing offers a host of benefits, it should not replace an organisation’s existing pen testing schedule. The best results are gained through a combination of both approaches, with the two types of tests complementing each other. Continuous penetration testing helps to reduce the volume and severity of issues identified by annual pen tests, giving you a more complete picture of your security posture.

Meet regulatory compliance more effectively

Organisations are under pressure to comply with a huge range of compliance standards and regulations relating to information security. In many cases, pen testing is required – either specified directly within the standard or implied by a need to build audit or assessment processes to mitigate cyber risk. Continuous pen testing can help companies achieve this by providing more up-to-date and specific evidence at a specific point in time.

While continuous security testing provides consistency, organisation’s aversion to accepting and adopting any automated procedure can make sense on some levels. However, security is essential for any business. With continuous security testing in place, the result is indisputably greater overall security with significantly less manual effort.

As a result, organisations that embrace continuous security testing will not only be safer but will also have an advantage over the market’s ever-increasing competitors.

Hyperfocus Hour: ADHD In the Workplace

Hyperfocus Hour: ADHD in the Workplace

Welcome to the first Hyperfocus Hour episode, brought to you by Via Resource. This podcast is dedicated to ADHD/Neurodiversity In the workplace; where guest speakers join forces with Jon Wakefield a consultant at Via Resource to navigate and build tools for neurodivergent people in tech and cyber security to succeed in building a successful career.  Our first guest speaker is Beth O’Malley Co-Founder of Astral Digital and ADHDer, where she shares her experiences with ADHD, what employers should be informed about and how to tackle your way in the workplace.

Overview of podcast

    • Introduction & your ADHD tax
    • ADHD In the workplace 04:36
    • Interview Process 19.35
    • What would be a good job for an ADHD 23.23
    • How can employers be more informed on ADHD 40.47
    • Beth’s advice 17
    • Last comments 54.14

About our host and guest:

Jon Wakefield, Consultant at Via Resource

Jon joined Via Resource with a year of recruitment experience in the Cyber Security market, where he specialises in Security Engineering and DFIR.

Having placed candidates from Senior Manager Security Engineering to mid-level in highly regulated industries such as finance; Jon has built a comprehensive understanding of both candidate and client needs and addresses each role, and person, on an individual basis to find the perfect fit. 

As an avid Star Wars fan, you will often see or hear Jon making connections and references to cyber security. Jon has ADHD and is an avid supporter of neurodivergent talent in the workplace.

 

Beth O’Malley. Co-Founder at Astral Digital

Queen of Chaos, Co-Founder of Astral Digital and ADHDer. Beth was diagnosed with ADHD over 2 years ago and it’s given her a new purpose; to use her brain to wrangle even the unruliest of CRM and marketing projects with her clients and to make change for other ADHDers and neurodivergents in the professional world. ADHD is Beth’s greatest strength and greatest weakness, but she keeps it real, bringing you real life experiences and a disruptor who’s rewriting the all the rules.

Transcript:

Introduction & your ADHD tax

Jon: Welcome to Hyper Focus Hour, a podcast on ADHD neurodivergence in the workplace. Today with me, I have Beth O’Malley, who is a CRM specialist who has launched her own business and is an ADHD advocate. So, Beth, welcome and really, really glad to have you on today.

Beth: I’m so pleased to be here, Jon. Thank you so much. Can’t wait to talk about everything ADHD with you today.

Jon: Yeah, I’m really excited as well. I’ve had a couple of conversations now with you. We’ve talked a lot, and you have some great things to say. Just really excited for that. But before we get started, I have one question for you.

Beth: Go for it.

Jon: ADHD tax. What has your ADHD tax been this week?

Beth: This week. Right. So just pausing here for a second. When you say that, do you mean what do you mean? So ADHD tax, as in what I’ve struggled with?

Jon: No, as in what did you impulsively spend on that you forgot you were going to buy? You forgot you bought? Did you leave your wash in the machine for too long and now it smells like damp? Just like that? Something that’s so simple.

Beth: I impossibly bought a car. A few weeks ago, and then I got it fixed and I just got on a site, five minutes later, I bought a new car. So that’s what my ADHD taxes this week.

Jon: Wow. Okay. That I was not expecting that, I’m going to be honest. It’s a big tax to have.

Beth: Yeah.

Jon: Especially the taxes afterwards as well.

Beth: Yeah. No, honestly. Well, I’m having loads of problems with this new, like, buying this whole, like, new car, and I’m like, you know, when the dopamine wears off and then you’re like, what have I done? I don’t want it anymore. So now I’ve. I’ve got a new car coming for this weekend.

Jon: Oh, man, I know the feeling when I am I have a giant Lego set, right? It’s a Star Destroyer. It’s like a 600 pound Lego set. And it was the same thing. I’d been wanting it for years and years and years and years. Finally bought it when I started building it. I opened the box, I was like, yeah. Oh, why did I do that? I cannot even afford this. No, I can’t. It’s too late. But in fairness, it’s now sitting in my living room and it looks amazing and I’m happy with it. There you go.

Beth: That’s always the way.

Jon: I would say my tax this week. I have a couple they were all smaller things. Like, I was in Liverpool. I was in Liverpool this weekend, and my uncle has this really cool bottle opener, right? And you just press down on the bottle, and it opens it up. It doesn’t bend the metal or anything. And then it’s also magnetic. So, I bought that on Friday night and then completely forgot about it. Got home last night and had a package. We had, like, five packages waiting for us. And my girlfriend and I were like, what have we bought? And then I opened up that one. I was like, oh, yeah, completely forgot about that. I would say, yeah, that’s probably my tax. It’s like ten quid.
Beth: I do that all the time.

Jon: Yeah, well, I also bought, like, a small Lego set, and of course it’s Lego. And just was going through my emails the other day from Lego looking for something, and I saw an invoice for that, and I was like, I don’t remember buying that.

Beth: It’s it’s what I do all the time. I’ve got a pile of stuff here that I bought. Like, I bought all these really nice files and planners and, like, plastic wallets with all this stuff to do all my filing for guys there. And then stuff comes as well, and I’m like, oh, yeah, I remember when I I wanted that right then in the moment. Now I don’t care. So, yeah, it’s a daily struggle, but it also keeps you on your toes.

Jon: Yeah, it is a daily struggle, but yeah, it definitely keeps you on your toes. And I think it’s kind of fun because especially if you forget that you bought something and then it comes, then it’s almost like Christmas.

Beth: Yes. I love that. I always think that whenever I get a parcel, I’m like, oh, so excited. I get that dopamine hit and I’m like, I want to go shopping again.

ADHD In the workplace 04:36

Jon: Yeah, that retail therapy is strong in ADHD, I think. Yeah. To kind of just move on to the topic, we’re obviously discussing ADHD in the workplace now. Of course, we have neurodiversity in general, whether that’s ADHD, ASD, Dyslexia, dysgraphia. I have a few of these myself. Obviously, it can be a real struggle to be in a professional working environment with I don’t want to call them disabilities.

Beth: No,

Jon: I really don’t like calling it a disability. People say it is even the name ADHD attention, hyperactivity disorder. I don’t think it is a disability, but I can’t think of a there was a TikTok, actually, of a guy that wanted to rename ADHD as Dave.

Beth: I think I’ve seen that. I think I’ve watched it.

Jon: Yeah. And I can’t remember what dave, I’m. Going to have to get that. I’m going to have to find it. Yeah. But I don’t want to think of this as a disorder. It’s just a different way that we think that we operate, but obviously we are in the minority of people. That’s why we’re neurodivergent, isn’t it? So when we look at working in a neurotypical world. The big question. You’ve seen this in the polls that you’ve done on LinkedIn and other websites. I’ve seen this as well. And this is a question that a lot of people have posed to both of us, I think. Is it a good idea to be honest about your ADHD with your employer?

Beth: This is a huge question. And you know what? If you’d asked me this six months ago, I’d be like, yes. Yes. Yes. Absolutely. And then I had a really rubbish experience because one of the things we found so I did that amazing poll and 36% of people said yes, which was really, really great. The rest of people were like, no or not sure. And there were so many questions that were asked, and it was really great because two things came out of that. There was a question of, is it safe to do so? Which is the first one? Which I think you also can question, actually. How do you know if it’s a safe space? So I disclosed my ADHD to an employer. Well, actually, it was before I got the job, so it was through my interview process and they made me feel really safe and I felt they embraced it. Getting the job and actually settling in was a completely different story. And it then became an unsafe spy. So I think that’s a question. But then also, I had somebody comment on it and her name is Sarah. I don’t remember her last name, but she made some really good points. She was like, Right. Is this job somewhere that you see a whole career here? Like, are you invested in this job? Is this a place where you want to build up that professional skills, where you want to climb the ladder, where you can see yourself working for how many years? She said, if it is, then you need to sit down and talk to yourself and say, actually, it’s probably worth disclosing this. And then she flipped it and said, Is it just a means to an end? Is it just that you’re working on something bigger in the background and you’re just trying to get your money and you’ve got your other goals? Is it worth it? So there was two questions. Is it safe to do so? And is it worth it? Yeah. And I’m always honest and open, and since I’ve had my diagnosis, I have not shut up about it. And it probably does annoy some people, and I will always tell people, but there’s some spaces where I think, especially in the workplace, you have no idea what that reaction or what that bias of that person has in their brain about ADHD. When you say those words, it’s like you’re coming out, and as soon as you disclose it, it’s either going to be a snowball effect, and they might even have a really positive conversation with you about it. Like me, they were like, this is great, we love this, tell us what you need. But then behind closed doors, they might start micromanaging you, and indirectly you get that. So to answer the question, it really depends on the situation, and everybody’s different. But is being honest always the best way with this? No. But to caveat this as well, I think the fact that we’re even having to ask this question and go through this is just completely wrong.

Jon: It’s bad, isn’t it? It’s horrible. Yeah. The very fact that we’re having to discuss on whether or not it’s a good idea to, like you said, to disclose this, that in and of itself, I think the fact that we’re even having to discuss if it’s safe to disclose something that by law is protected is, I think, a really bad sign of where even it’s a bad sign of how aware people are of ADHD. And what you were saying as well. Can you see yourself having a career in a company? And I’m going to go a step further with that. What is it, like 20 something? Like 25% of of ADHD people either don’t, you know, aren’t aren’t in employment have have difficulty getting a job, or on the third one, keeping that job. And. I would say the majority of ADHD people that I’ve at least that I’ve known, they tend to leave jobs every one, two and a half kind of years, and then their CV looks jumpy. So then you kind of have to even go a step further with, is this a good idea? Can I see myself in a career? But then you have to go a step further and think realistically, even if I want a career here, genuinely believe that I’m going to be at this job in two or three years.

Beth: That is such a good point. Such a good point, because it’s exhausting looking back now on my career history. Well, before I was diagnosed with ADHD, I would make myself stay in a job. But actually it has had that effect on me, where I have imagined that I am. And also I’ve impulsively made decisions as well to go and get a new job, because one day I’ve decided I’m bored. That’s another thing. But something as well. What you said there is like, obviously thinking that far ahead, I’ve lost my train of thought. But for us, I think I’ve lost. My child of thought,

Jon: The executive function, to think ahead that much. It’s not easy for us to think ahead like that.

Beth: And also, it breaks my heart. Like, you imagine a career somewhere and you disclose your ADHD with a manager that you’ve got a really great relationship with, and things change. Ultimately, for me, personally, I don’t want a career there anymore. I’ve written that rule to myself that actually, if there’s anyone in my life, whether that’s work at home, in my personal life, whatever it is, if they basically stigmatise me, generalise me, and they are learn about it, you’re out of my life. But not everybody is in a position to be able to walk out of a job and go, well, no, I’m not dealing with that, because there’s so much pressure on keeping the jobs. And like you said, you might want to build a career there, but are you going to be there in a year? Are you going to be able to do it without that support? It’s a really intensive argument because as much as I want to tell people, like, yes, being honest and open, because I think there’s no divergence. We’re really self aware. We’re really empathetic. Not everybody’s like that. And you can’t control then what somebody else says and does in relation to you coming out, if you like, or if you disclosing that information. It’s really challenging.

Jon: Yeah, it is. And I mean, it’s what you were saying as well. You had that experience where the interview process and everything, it went great. They were super accommodating. And I had a very similar experience with the previous employer as well in the interview process, except for on my side, I didn’t disclose that I had ADHD, so I chose not to. I’d been in interviews with a couple of other agencies, obviously, as I’m a recruiter prior to this company, and I disclosed it. And about three separate companies said, came up with BS reasons to reject me. And so I went into this company, and I didn’t disclose it. It was fine. I got the job. A couple of weeks into the starting off, I was like, okay, I’m going to disclose this because I can already see myself struggling. The responsibilities, the role isn’t exactly what I was told it was going to be. There’s not as much freedom or liberty, flexibility as I was told, blah, blah, blah. And people kept saying, oh, it’s because you’re an associate. You’re an AC. I was like, okay, well, I have seven months of experience on my belt already. Like, I’m an accelerated program, blah, blah, blah. Anyways, tangent disclosed my ADHD. Basically as soon as after as soon as I did that, my manager goes into micromanagement mode and, you know. Talking to me about, oh, you’re not communicating enough. And if you’re going to leave for an hour to do something, you need to tell me. And I didn’t go to the company party. Their summer party. Right? Reason I didn’t go, very simple. Reason I was not explicitly told that the company party was mandatory, that summer party was mandatory. I thought it I thought it was an opt in. And everyone just wanted and everyone just opted in because that’s kind of the culture. And so I thought to myself, well, I have a lot of work to get done. If I work or if I work hard in the morning, I can finish early because everyone’s going to the company party, and I can go home and have the rest of the day to myself. Yeah. And so that’s what I did. I then got a call from my manager, why are you not at the company party? Blah, blah, blah. And I was like, I didn’t know it was mandatory. Nobody told me it was.

Beth: Why is it mandatory? Why is a party mandatory?

Jon: That was my reasoning. I was like, if this is a company summer party and in nowhere, under no circumstance and I remember I went through every single email. Nothing said it was mandatory. And so I genuinely just believed and no one talks about it being mandatory. Genuinely believed it was up to the person if they want to do or not. I was like, I don’t want to go, so I’m not going to go.

Beth: That’s literally like my old place to decide. They would never, ever tell you that it was mandatory. But if you didn’t turn up, you’re in trouble. Like, what are you doing? But also, for an ADHD, those social situations also can be quite, one, intimidating. And two, those social interactions aren’t easy for us sometimes, and they’ve just put you in a really hard position. So what happened? Did you end up turning up later?

Jon: No, I just said, I’m so sorry, I didn’t know it was mandatory. I finished the day early and I went home and then I was like, I can come if you want me to. And manager was like, no, don’t bother, but next time let me know. This is the thing as well. So when I was at my company before that, that was my first corporate job. Before this company that I’m talking about now, before that was my very first corporate job. Before that, I’d been in hospitality and I’d been like a bar supervisor and leader and manager, stuff like that. So I was used to working quite independently, being able to do what I felt was necessary to do, when to do it, how to do it, blah, blah, blah. When I went to my first corporate job, it was very similar. I had a manager who he was managing a team of 20 people. He was also the UK and Ireland national lead for a different team, so he didn’t have a lot of time for me. Then my team lead left a couple months in and so I was basically left my own devices. I could ask the questions I wanted to ask, people would help me when I needed help. That was great for me. That was absolutely fantastic because that’s how I learned, that’s how I work, I can work and I do work well with teams. I’m not saying that I don’t, but on the whole, I am one of those people. And I think a lot of ADHDs are the same way. A lot of neurodivergence, at least, are very similar. They work better by themselves,

 Beth: 100%.

Jon: So that first company was really good. And then I got to the second company where the intra team dynamic was like, always talking to each other, always bouncing ideas off of each other. You’re sitting at the desk and conversing, blah, blah, blah, and so much communication, and I get in and I’m just like, I want to make the calls that I need to make. I want to send the emails I need to send. I want to do the admin I need to do and I want my headphones on for 80% of the time. My manager could not understand that. It’s not his fault, it’s not his fault. We were just different. It was crazy because we had another person on that same team who had ADHD as well. But I’m primary, so my diagnosis is primarily inattentive. Right? His diagnosis is primarily hyperactive.

Beth: There’s a massive difference.

Jon: So he was managing me the same way he was managing my coworker, which worked for my coworker, but not for me, because it’s a totally different type of ADHD.

Beth: No, I’m a mix of both. So I have this really inattentive side of me where I want to put my headphones in and I like, the communication stuff just stop. And then I’ve got this hyperactive, real social side of me. And the problem is, you don’t know what Beth, you’re going to get that day. And that can be a problem when you’re managing somebody like me, because, actually, I could wake up, have a day full of meetings and talking and collaboration, and I can’t, and that can be a huge struggle. But going back to what you were saying about when you were kind of you didn’t disclose your ADHD deliberately in an interview.

Jon: Yeah, that was a long tangent, but, yes.

Interview Process 19.35

Beth: it’s good. We’re all good. So I was speaking to somebody, I met them on LinkedIn Love LinkedIn. And he had been looking for a job for quite a while and he said that, I think I’m Nora diverse, I think I’ve got ADHD and he got his diagnosis or something else, where he was looking for a job and he was like, I don’t know whether to disclose it in the interviews. Blah, blah, blah. And he decided to kind of do a test where he did for some and he didn’t for others. And the funny thing was the ones where they didn’t hire him and this was actual feedback. Is, they said that he went off on a tangent. He would talk too much in his questions and go off the subject. Now, as somebody that one day would hope to have employees and have my own business and be able to employ people, I think that’s amazing. Somebody has got a question and they have decided to talk passionately about it, because I know him, he’s very passionate. He then told talking with yeah, well, he then told another potential employer that he had ADHD and he said they said, do you need any requirements? He said, Look, I’m going to be open, honest, you’re going to ask me a question, I’m probably going to run away with it. I’m going to tell you about X. One said it went really, really well and they sort of gave him the classic example, like, we don’t think you’ve got enough experience and they’re never going to say it. But the problem was, I think what my point I’m trying to get is you can’t win. You can’t win because you’re going to get win in some aspects. So he was able to do an interview and they understand why he does it’s, an explanation for why he is the way he is. But then it’s just like the whole thought, maybe, of employing somebody with ADHD for some employers, maybe is, one, quite scary, and two, they’ve got their own bias about what that entails.

Jon: because there’s still such a stigma about it, especially in the workforce. Isn’t there.

Beth: like, massive I’m trying to think recently, I’ve been told I’m very different now. I embrace that. Like you said at the start, I don’t have a disability, I have something that makes me bloody amazing. But I’m always seen as different and my whole life I’ve grown up and I have been different and that’s fine. I don’t want to be I don’t want to be the same as everybody else, but to feel that from your colleagues and like your workplace, it can sometimes be quite hard. And also I’ve been questioned, like, have you even got ADHD? Because my cousin’s got it, their ten year old boy cousin, who clearly. Presents that in a different way than an adult woman with ADHD. So there’s so much mis education and misinformation out there about it, which is exactly why we’re doing this podcast. So it’s amazing.

Jon: Yeah, exactly. And that’s the thing. From my experiences, I’ve had a lot of jobs over the years. And part of that is because we’re obviously because of the ADHD, part of it is because I was trying to figure out what career path I wanted to take, what I wanted to do. For the longest time, I actually wanted to be a commercial airline pilot. And funnily enough, only about six months ago, I learned that if you have ADHD, that’s an automatic disqualifier from becoming a pilot. So because of the nature of the job, which honestly, it actually does make a lot of sense, because it’s a lot of rules, procedures, you have to follow everything very specifically I don’t want to say able to discriminate I don’t think that’s the right word. Yeah, they’re able to automatically rule ADHD people out from the candidate pool because our brains are wired differently. And that’s really upsetting for me because that was a lifelong dream for mine. Right. But in that specific work environment, it actually does kind of make sense. But for 99% of professional service jobs, whether that’s your infrastructure, or if you’re in cybersecurity or if you’re in CRM like yourself, or recruitment like myself, there’s nothing inherent about any of these jobs. That means we can’t do our jobs. It just means we do them differently.

What would be a good job for an ADHD 23.23

Beth: That’s exactly what I’m trying to get through to people. When I write about this and I talk about this. We don’t fit in a box. And just because you start a new job, you learn these processes. You learn these systems. Now let’s talk about demand avoidance for a second. You get a set of instructions, you need to learn this system, you need to do this, you need to do that. I can’t follow your instructions because that’s not how my brain works. I learn things. And also a massive perk of this is like you could be a company, could doing something for ten years in the same way. You just tell me what your outcome needs to be and let me figure out the rest. And I will highlight gaps and opportunities that you guys have missed. Because we come at it with such a different view. Our brains are wired in such a way that we can see different things and be able to create this amazing solution focused outcome. But unfortunately, companies like, well, we’ve always done it like this, so that’s how you’re going to do it. And I think that works for everybody. Nor atypicals as well. You go into an organisation and just because you’ve done something for ten years doesn’t mean it’s the right way to do it. But you’ve got to embrace people that ask questions as growing up with ADHD. I mean, I didn’t know I had ADHD when I was a child, but I’ve always been told that I’ve always got an answer for everything. I don’t know if you’ve ever heard that, but I’ve always got an answer for everything growing up, and that’s true to this day. As a 26 year old woman, I have always got an answer for everything. I’ve always got a question for something.
And unless you’re working in an environment that embraces that with leaders that embrace that, you’re going to probably run into problems. And that’s where people end up losing jobs, quitting having overwhelm and then start self sabotaging because you’re just not being embraced to allow your brain to be you. It’s really an easy problem to fix, but people don’t want to do that.

Jon: Leading into that, I think we’ve established there’s no kind of easy answers to really any question about ADHD, but I’ve got a couple of mind here, but. When it comes to jobs, what would be a good job for an ADHD? I can say, you know, as as a recruiter, I can say in the right in the right environment, in recruitment, an ADHD will thrive if you’re hyperactive. You will probably be better in recruitment if you’re in the office four or five days a week, because you’re going to take the energy from the people around you. If you’re inattentive like me, and you want to be a recruiter, you need to be more home based. One, two days a week in the office. The rest of the time you’re working at home. But then you have to have everything else kind of in place to help you remain productive at home. Or else you pick the thing that’s more fun.

Beth: Absolutely. That’s a really good example, though, Jon, of reasonable adjustments. So that’s a really good example of you saying, well, this is why you shouldn’t treat me like everybody else, because actually I get more work done. I’m more productive in this environment. So what jobs? I’m not going to generalise. I think everyone with an ADHD brain will thrive in different environments. Like you said, I think maybe like jobs that haven’t worked. For me personally, I was a barista for one of my first jobs, and now, looking back on it, I am really clumsy. I have no object awareness at all. So I broke things, I smashed things, I messed things up, I forgot orders. You know what? That remembering stuff. So actually taking that information in. No, I would be going over to customers like, did you say you wanted that? What am I doing? The fast place worked for me. That was great. But that side of it, it just didn’t and I had no interest in it. I had no passion for me personally. In my experience, if I’m passionate about something, I will excel at that. And luckily I’ve been able to find a career that. One I am super passionate about in CRM and that might sound really boring to everybody else, but finding something that I’m really good at, where I can look at things differently, is really important. And I think it’s important to note as well, ADHD is our brains are motivated by pressure, interest, passion, competition and novelty. Like you said, if there’s something more fun, we’re going to do it. And it’s not that we don’t want to do the other thing, it’s that we can’t do it. So I think it’s important to note that a job that doesn’t have any of those things. So I’m going to generalise here and say it may be a truck driver. Unless you are super passionate about driving a truck, you’re probably going to struggle because you are sat doing a repetitive job that isn’t going to give you any kind of competitive nature. You haven’t really got any tight deadlines either. To be like, oh no, I need to get this done, because you are having to drive at the same pace, doing the same routes every day. So I think if you’re looking for a new career.

Jon: Equally with a truck driver, you could also argue that that might actually, in some sense could be a good way, could be a good fit for an ADHD because you have that consistency of I know I have the deadlines, I know I need to be at X place at X time. But then you also have the variability and the two same cars are never on the road at the same time. Traffic is always changing, construction is always changing. So you could also argue, and this. Is difficult. I would say kind of like how being a breeze didn’t work for you. I was a cocktail bartender and although I was really good at talking to customers and upselling basically being a salesperson, which is essentially what I do now anyways, I was really good at that part of my job. But the actual cocktails, oh, God. I’d just be like. 50lml vodka here’s. 60. Okay. I don’t remember the rest of the ingredients. I’m going to make it up and hope for the best.

Beth: That sounded like me at my smoothie bar.

Jon: Now, I would say one kind of job it’s not necessarily a job, but one facet of working that I think arguably is quite consistent. That wouldn’t be good for ADHRs is a role where you need to be in a different place, like every day. Not necessarily truck driving, because you have the consistency with the truck and driving, but more like multisite work. So I worked for a charity for a short while, and I loved the work. It was awesome. It was really fulfilling. It was great that the kids I worked with were amazing. The problem was I was working, I think, four or five different site. No, I think I was working five or six different sites, and I was having to lug the stuff from the office to each site each day. And I could make as many lists as I needed to. But because each site had a different lesson or something, there were different equipment, and each site had different things that they had there so that I didn’t need to take it. And so I was always forgetting something, or I would just forget to do a lesson in general. So I think because we have that lack of object permanence an executive function.

Beth: That’s the same sort of thing. I used to do events, and if I was in charge of, like, Beth, you’ve got to bring the stand, the leaflets, this and that the pressure that I would feel, and I would know that something would I don’t know if you get this, but I’ll put something down right there, and then it’s gone. And I’m like, where’s it gone? And it’s the pressure of having that on. You know, trying to keep a job and, you know, excel at your job. You’re having to turn up every day and you’re working intensively harder than a Norotypical, because you are like, I’m going to forget something, or something’s not going to do that. And also getting out on the house, you’ve then got to get out on time. If you’re doing public transport, that is a whole other ballgame. Like, you’ve got to make sure. So I think you’re absolutely right there if you’ve got to get around a lot. And it’s quite overwhelming. Just kind of like leaving house. I mean, I struggle going in to visit clients or going into an office in a different place because I did that. Leave it out. I left my glasses at home. The one thing that I wear on my face every day, I left my glasses. I mean, it’s cool. That was like my ADHD tax that week was like, I left my glasses. But I think for me, the takeaways of a job is, and this is again personally, to my experiences, is it needs to be flexible, 100% and flexible in terms of like, your employers being flexible, the job being flexible. We’re so rigid in these nine to 5 hours and, you’ll know, jump. You just can’t do that because we just don’t fit into that box. So you could find a truck driver job that would be flexible. It needs to allow you to use your brain in a way that it’s stimulated, so whatever that is. So if you’re looking for a job and you’re not sure what gets you going, what gets you thinking? Is it problem solving? Is it creativity? And lots of ADHD are entrepreneurs, so we’ll talk about that for a quick second. There’s a massive thing around I don’t ever want to say as well, like, well, if you’ve got ADHD, the 95 doesn’t work. You need to start your own business because that’s not at all the message. And employers should be creating a space and jobs that work for ADHD. We shouldn’t just have to be forced to go and start up our own business because that’s not what everybody wants that’s feasible.

Jon: A lot of people don’t have the funding or something like that.

Beth: Yeah, it’s not something that we should have to do. Personally, I’m doing it too, because I absolutely love what I do. And do you know what? I would say one of the factors is because I don’t fit into that box, it’s not working for me. I could probably work for a job for three years at a corporate company, nine to five. But is that me? Is it going to get me what I want in my life? No. But that’s why I think as well ADHD is so successful.  Neurodivergent owning their own businesses because they are just responsible. They’re responsible for their own workloads, their own deadlines, they’ve got a passion, creativity, pressure, all of that stuff that we thrive off in one place. But it’s not to say that a nine to five can’t work. We just have to get employers on board. We have to change that narrative.

Getting employeers onboard 34:16
Jon: I think that’s something that the tech sector is actually doing. In some cases, the tech sector is doing really well. I’ve obviously recruited into cybersecurity, specifically cybersecurity by nature, you’re constantly learning, you’re constantly evolving in what you’re doing. There’s new resources and text that you’re using, stuff like this. And in that sense, it’s actually really good for the ADHD brain because everything is different. And then you’re essentially actively fighting against malware phishing and you’re also trying to protect people, which a lot of these obviously security professionals are obviously passionate about protecting other people’s, other people. And on top of that, they’re basically fighting, or best way, they’re trying to protect people from bad people, from threat actors. I think security is really good in that sense because every day is very different. And then in another sense, a lot of cybersecurity, especially cybersecurity and tech roles, are, if not remote hybrid. They offer that flexibility for people to, okay, I don’t want to start at 08:00 in the morning, I’m going to start at ten because my brain doesn’t function at 08:00 in the morning. It starts functioning at ten. So they start at ten, and instead of working until five, they work until seven. They have that flexibility, and a lot of different fields don’t offer that flexibility.

Beth: I mean, I’ve not I’ve not heard of that. I’ve not heard of any company doing that. And that’s amazing. Like, they’re actually making it, making it work for for you. Yeah,

Jon: I’ve, I’ve, yeah, I’ve made placements with people where, you know, they very explicitly, from like, their very first stage, they were like, I know that the contract is going to say start at 08:00 a.m., and they very explicitly told the hiring manager, like, I’m not starting at 08:00 a.m., I can’t do it because I’m neurodivergent. I need to start at noon. Or it wasn’t noon. It was like 10.30am for them because they were like, I won’t roll out of bed until 9.30am. And they were honest about it. In fairness, they got the job and they started at 10.30am. It’s been a year, and that person’s still there.

Beth: And that’s just an amazing example of actually employers making it work.

Jon: And it’s all about results for employers. We got to stop thinking that you’ve got to work 8 hours a day, nine till five. Like, this person has now got a brilliant opportunity. They’re probably going to stay in that job for a while, aren’t they? But this is the thing that person was looking for. Because of the way they knew how their brain works. That person was looking for a role for like, nine months. Interview after interview after interview, rejection after rejection after rejection, before they finally, you know, before I finally, you know, reached out to them, was like, hey, I have a role. And basically, he basically just got lucky. It’s, it’s luck of the draw. And that’s I think that’s what’s really difficult about having ADHD or being neurodiverse in the workplace. Our brains are just wired so differently. And there’s in a lot of fields. Again, tech very lucky that they’re quite flexible on the whole. But a lot of fields don’t offer that flexibility.

Beth: No, like I said, I went through a period of job hunting not so long ago. There’s no flexibility in the UK. My role is quite techy like. CRM specialist, CRM consultant. It’s in that box and it’s just yeah, but my hours, like I get the best out of me probably like ten to twelve and then in the afternoon and then the evenings, I’m on a super hyper energetic hyper focus where I can get so much done. But you put me in front of the computer at 08:00 a.m., you ain’t getting anything out of me.

Jon: Yeah, it’s very similar with me. I usually open up my computer about 8.30am for the first half hour. It’s just kind of scrolling through LinkedIn, eating breakfast, whatever. Nine I’m starting to wake up. My meds have kicked in a little bit, but I don’t get properly productive until about 12.30pm. Yeah, so I usually take my lunch about 11.30am. And then once 12.30pm hits, that’s when I get productive. I smash out all of my work from about 12.30pm until probably about 3.30pm or 04:00 p.m.. Yeah, about 04:00 p.m. My brain starts to go. You’ve been going because I don’t take breaks, I just work.

Beth: We don’t and the thing is, like you just said, you get all your work done in such a short space of time, but the problem that you’ve got is if you start doing that in a corporate company, one, you can’t really shout about that. I can get my work done faster in 4 hours time because one, they will pile on more work and two. I mean, they just don’t understand. But that’s the beauty of it. Literally. Some days when you are that hyper focused, it’s not healthy to not move. I mean, there’s been times where my mouth is dried in the desert and I haven’t had a drink and I need the toilet and I’m like, I haven’t moved, but I haven’t done this and I haven’t finished it. I mean, the outputs are crazy, but it’s not healthy. But like you said, you’ve got this like the way that you’ve done it is amazing. Like, if you were to work for yourself, there would never be a problem with that. Your client be like, well, you’ve done my work, you’ve done amazing outputs. But because you’re employed, it’s a different story.

Jon: I’ve been quite lucky with my company is very understanding. They’re very supportive of my aged, obviously, because they’re helping me with the podcast. But they’ve been very supportive and very understanding. And I signed in for the meetings at 09:00am. That we have. That’s great. And then after that I’m relatively left alone until usually about noon, maybe 11.30am at the earliest. Basically, as long as I get the work done I need to do. And I have outputs to show that that’s all they care about. But that’s not the majority of companies. That’s a very small minority of companies. And it’s like what you said, ADHD people are usually better either working for people that have ADHD or starting their own business. And that’s something that just really needs to change. But I don’t know. And that’s part of this is how can we make sure basically what can we do to make employers make sure that employers are more well informed about ADHD besides the podcast? What can we do? I have ideas, but I don’t have solutions.

How can employers be more informed on ADHD 40.47

Beth: I think there’s like a piece around education, so like, all this sort of stuff. I mean, I’m just going to say, like a pet hate of mine. Is an employer that is like, well, we’re big on mental health. We do all these webinars. What are you doing to change action? So are there objectives of this within your leadership team? So, like, reasonable adjustments? I hate this word. I hate that phrase because first of all, what’s an unreasonable adjustment? Just get that out of your mind. No. As a noid divergent, my needs are changing daily. So employers, first of all, need to learn about it. They need to ask questions, and they need to create a safe space. So this is what we talked about earlier. Is it a safe space, one, to be your authentic self, two, to be open and honest about it. So if I disclose I’ve got ADHD, the first thing they need to say is, tell us about it. What does that mean for you, and how can we support you? But also, having policies in place as an employer is just a tick box, in my opinion. You’ve got a reasonable adjustment policy or a noid divergent policy. It’s not about that. I want to see action. I want to see exactly what you’ve done to support your employees. So, like you said, they can start at ten and finish at seven, or they can work whatever hours they want. We measure on outputs. Because for me, I’ve been asked before by HR departments and managers, so what do you need? Because you said you’ve got ADHD, what do you need? And for me, it’s a really overwhelming question because sometimes I’m like, I don’t know what I need, because I’ve been doing this my whole life by myself. Like, literally masking getting through dealing with it by myself. When you ask me that, I’m like, I don’t know. I don’t know what I need, but I need that flexibility. So employers need to understand how ADHD should up for its employees. They need to help them work out how to navigate those challenges and harness those strengths. So whether that’s change of working hours, whether that’s working from home and having one dedicated day in the office, whether that’s. Running sessions with leadership and putting that into the objectives of the organisation so they know it’s basically help us reach our potential, and we’ll help you get the best results for your business. So it’s a joint partnership. It’s definitely not one or the other, because you said they’re like, what can we do? It’s definitely both. It’s our responsibility as well to inform and educate, but it’s up to the employer to say, right, well, we’re going to make sure you’ve got a flexible, safe environment. You tell us what we can do, and we’ll work together to do it. And I think your example was great because that is a perfect way of working. It’s kind of like you’re just trusted you’re trusted to do that. So without the alarm bells going off, when you say you have ADHD and the micromanagement starts going, it’s a different conversation. It’s really about, okay, well, what does that mean for you? And I’m here when you want to talk about it. You don’t have to sit down and be like, okay, let’s get a policy out, and you need noise canceling headphones. Okay, we’ll put that through the expenses. It shouldn’t be like that at all. That’s the thing as well.

Jon: It’s what you said, if you need to work from home or if you need different hours, those are I agree with you. The idea of reasonable adjustments is ridiculous because every time I’m asked that, I’m like, I genuinely don’t know what’s unreasonable. There’s no definitive guide to what’s unreasonable. So asking for noise canceling headphones to you could be an unreasonable adjustment. It’s not well enough to find to actually have any idea. And then, of course, you have different disorders. Not disorders, but different things. One thing that I was thinking is I was talking to someone quite recently. It was actually this morning, another guest speaker, actually, and he was saying that when he does interviews for when he’s hiring people, when he does interviews, he sends an email to the candidate. With basically general, like generic topics that are going to be covered in the interview and says to them, these are going to be the topics that we’re going to discuss. You can bring a note card, essentially to read back on during the interview. I have been on the receiving end of hundreds of interviews in my lifetime and I’ve never, ever heard of a client or hiring manager ever do that. You know the reason why he does that? Because he has ADHD. He understands

Beth: there you go.

Jon: He understands that if you are neurodivergent and you’re in an interview, he understands that you may be asked a question and you know you know it. You know you know the answer. You just can’t remember in that moment. But that doesn’t mean that you don’t know how to do your job.

Beth: I’d love that it’s not even about just anyone. I think going into an interview should not be seen as this like, it needs to be a conversation and it needs to feel safe. This is exactly why I interviewed start the year when I left my toxic job. And I said at the start of the interview, like, I have ADHD, I’m really sorry. I’m probably going to talk to you about all my passions and I’m going to end up on table. And the response I got back was, you’ve got an allotted time slot of an hour we can’t run over, so keep your answer short. And they even stopped me halfway through a presentation that I had put together. And I always go, my presentation had like extra bits on and we were at the extra bits and it was like, I’ve seen this and I found this opportunity and we could do this. And I just got cut short. And it was like, we have to give everybody fair and equal chances so you can’t go over. And I was thinking, but is that a fair and equal chance? For me? That’s not. For that, for that guy to do that, that hiring manager. I applaud that because I know exactly how it feels to sit in an interview and not be able to get my words out or to either go off on a tangent for half an hour. But he understands, and I think that’s what it is. There’s a lack of understanding, a lack of empathy, and I just don’t think people want to think outside the box anymore. It’s harmful.

Jon: I would disagree with you slightly on that. I would say people want to think outside the box. And I had this thought earlier today, actually. I would say in the last, what, maybe 10-15 years, we’ve been seeing a big push in culture and society in general for the individual, for bespoke experiences, for things for the individual. I don’t know how else to describe it. And that’s great luxury holidays being made affordable for the average person to be able to go and do what they want, how to customise your phone, however, your screen, however you want, stuff like this. This is all individualised, personalised, bespoke things for one person, right, that anyone can do any way they want. We haven’t seen that shift, that shift of bespokeness or personalisation to the corporate side yet.

Beth: No, you’re right.

Jon: And I think that’s where a lot of ADHD, because I’m 26 as well, especially our age, are really struggling because we’ve grown up in this Internet age and this age of personalisation and being able to express ourselves any way that we want and just know that we are who we are. But then when we get to the corporate. Kind of world we actually get into the workplace. The workplace is like, no, and we know we’re not. It’s just like, stop. And we know that we may not change the world. That’s fine. We don’t care. We just want to be who we are, and we just want people to recognise that and let us work in the way that we want to, or not even necessarily want to, but our best working at need to, it’s not.

Beth: A want, it’s not an excuse. It’s an explanation as to why we need to do that to get X, Y, and Z. And I think you’re completely right. I think we are in a generation where we are allowed to express ourselves in a certain way, and I embrace that, and I absolutely love that. But like you said, you get into a different environment like that, and it’s just like it’s all been stripped away and you’re put into it, molded into a box. And I think like somebody looking back to when I first had my marketing apprentice, the amount of masking that I did, because obviously I was just starting out in my career, I think that’s a very important thing to talk about another time is like, when you’re starting out in your career. I don’t think Beth back then would have said, if I knew I had ADHD, I’ve got ADHD because I’d be too scared because I’m only an apprentice. I think there’s all sorts of factors. There’s all sorts of things, but yeah, you’re right. You’re totally right.

Jon: Yeah. I think when we see that shift to where ADHD’S neurodivergent people can work in the way that we need to, when people recognise that, which might take it might take a little while until some of the older people retire or something like that. When that shift happens, a lot of these companies I have a genuine feeling, are going to be like, why didn’t we do this earlier? Because the productivity is so much better, and they’re going to stop caring about the in office requirement. They’re going to stop caring about. Putting people into box, into such specific boxes. But until then, we have to carry on with things like this podcast where we’re just trying to raise that awareness and try and help people to understand we’re not lazy. It’s not that we don’t want to work. It’s not that we want to quit or we’re incompetent or we don’t know how to do our job. We know how to do our jobs. We’re hard workers. Hell, we’re putting in 120%. You’re just asking us to do things in ways that we can’t do, and you’re asking us to do jobs that we can’t excel in. So something needs to change.

Beth: We haven’t got an environment where we can do what we need, and that’s it. I think the amount of times I’ve been called lazy, I’m not lazy. I work my ass off. But it’s just in a different way to you. And unfortunately, you deal with the tools that you get given. And if you’re giving me a nine to five job in an office, in a really overstimulating, loud, bright office that people like, I mean, people are microwaving fish, and then the lights are flashing and the people are walking past, I’m done. I need to get out of there.

Jon: I know the feeling painfully well.

Beth’s advice  52.17

Jon: On the ever ending and amazing note of fish, I have one last question for you. For people that are starting their careers, that whether or not they want to get into tech or they want to go in a CRM like yourself at the early stage of their careers and they’re struggling, what advice would you like to give them?

Beth: So one thing I wish I’d done sooner is build your network, because you can always learn skills. You can learn anything. You can learn anything you want to learn. But having the right network around you and the people that make you feel like you can is the most important thing. So LinkedIn for me is oh, LinkedIn is my baby. I absolutely love it. And the people that I have met, I mean, Jon, I’ve met yourself on there. The people that I have met on there has not only brought opportunities to me, but I brought opportunities to other people I can support. And it’s the one place where I found less lonely in my ADHD journey. Because you know what? If you have a full time job, you go into work, the likelihood is there’s other people there that are Nora divergent but nobody that you know of. And you kind of come online to this community and share your experiences and you can start to also you can learn a ton of stuff on there as well. So you’ve got all these people that are going to boost you support you, engage with you. You can learn about yourself, you learn about different perspectives. And I wish I’d harnessed that sooner because honestly, it’s great for opportunities because all it takes is one conversation with somebody like that hiring manager you talked about to speak to you and go, actually, well, I’ve got a role, or you’re just getting into it. Like I actually understand I’m neurodivergent. It’s amazing. So I think that’s probably my piece of advice. Build your network.

Last comments 54.14

Jon: That’s really solid advice. I like it. Well, my advice, and I would suggest both of us do this as well, drink water, don’t forget to take breaks and don’t be too hard on yourself.
To yourself, to myself, all of the viewers, everybody, we’re different and we should be proud of that. But yeah, we need to drink water breaks and we also need to stand up and move our legs.

Beth: You’ve just reminded me I’ve got no water. I haven’t had water for hours. I need a drink. I love that. And I think that on the back of that, just be you never apologise. Mean, your ADHD is obviously never an excuse for anything, but it’s an explanation. And it never wear that mask to the point where you’ve lost yourself, like be you, because embrace it and drink the water and eat to eat. I never forget to eat. I mean, who am I kidding? But yeah, get up and move those legs.

Jon: Thank you, Beth, for coming on. It’s been absolutely pleasure having you. Yeah, it’s been so insightful. It’s been a great, really great. And I hope everyone else has gotten a lot of this, has learned things out of it, and we will wait and see what happens in the next episode. It’s going to be surprise.

Beth: It’s been great. Thank you.


How to write a good cyber security CV in the age of AI screening

How to write a good cyber security CV in the age of AI screening

Hiring managers spend a huge amount of time screening CVs as part of the traditional hiring process, where CV screening can take up to 23 hours for just one hire. Historically, candidate screening was a time-consuming, manual process. A hiring manager would receive a stack of applicants and spend time reading each one to find the right candidates. According to LinkedIn Insights a cyber security role is likely to have an average of 100 plus CVs for the hiring manager to sort through, sometimes more depending on the role.

The rise of high-volume hiring has made manually managing the resume screening process virtually impossible. Also, with unconscious bias impacting their hiring success, companies are turning to machine learning and recruiters to help with screening candidates fairly.

Hence, a robot will probably read your CV before the hiring manager does. Now that CV scanning software is becoming commonplace, you’ll need to make it through the screening stage before you can impress a potential employer. Your best chance of success is a well-written CV with enough strategy to please the bots and enough personality to engage an employer/recruiter.

AI screening software

An Applicant Tracking System (ATS) is software designed to help recruiters filter, sort, and track job applications. It scans incoming CVs for specific keywords to help isolate the candidates best suited to a role.

For example, the software will scan incoming CVs for the skills and qualifications an employer has outlined in the job description. CVs with all or most keyword terms will go to the top of the pile, and those without may go to the bottom.

So how do you get your CV past AI screening?

Keywords

Using the right wording, phrasing, and even repetition in some areas when cv writing for AI is key.  Highlighting the right skills matched against the job description, picking out the words used the most in the advert and transferring these to your application.  

To help, there are various CV templates AI where you can copy and paste the job description into the system, and it will highlight what it believes to be the keywords. We have created information and cyber security job descriptions as examples.

However, don’t overdo it on the keywords; use keywords approximately two to three times at most. Anymore and the system will flag you as suspicious, and you could be deemed as a poor fit.

Transferable Skills

Using transferable skills can also increase your chances of passing to the next stage—skills such as time management, flexibility, teamwork, and communication, etc.

Skills and Experience

Focus on your professional background, ensuring that your skills and experience are front and centre.

Prioritise the most relevant information, place everything in chronological order, and ensure that it matches the job description perfectly.  

When highlighting your experience, you should always look to quantify results. We recommend not to list experiences dating back more than ten years, including only the most recent and relevant information.

Subscribe To Our Newsletter

Formatting

Using AI, it’s important to avoid images, graphics, and logos as the system will not read these formats. So make sure to use plain text as the most suitable option. This means avoiding any fancy formatting, and by converting your file into `plain text` before you upload the information, you will be able to check if anything looks out of place, missing, etc.

Unlike traditional CVs, we also recommend that you don’t put any information in the header or footer of the document, as AI systems will not pick this up.

Language

Keep language straightforward, avoid using jargon, and commonly used generic phrases. There should also be no mistakes with spelling or grammar, as any errors will rule your CV/application out completely.

AI and recruitment

With so many more candidates now applying for roles, screening without AI can almost seem impossible.

However, there are still doubts about how effective these programmes and systems are to the recruitment sector and if employers genuinely understand how these algorithms work. Although doing the above can get your CV through the door, an employer still needs to read and understand it! Your ability to make a human connection with the employer is still a crucial part of getting called for an interview.

 

At Via Resource, we help candidates tailor their CV and application appropriately. To ensure you don’t miss securing your dream job.

If you’re interested in looking for a new role in the information and cyber security sector or have a vacancy you’re looking to fill, Via Resource can help. Working with you as your recruitment partner, we can draw on our vast talent pool of professionals and help candidates advance in their careers. Contact us today to find out more