Recruiting from the Help Desk
Digest
This episode of Defense in Depth explores the often overlooked value of help desk workers in cybersecurity. The hosts, David Spark and Steve Zaluski, argue that help desk employees possess valuable entry-level skills in areas like engineering, analysis, awareness, architecture, and identity access management (IAM). They have a deep understanding of an organization's IT infrastructure and the challenges faced by various departments. Guest Sasha Pereira, VP of Infrastructure and CSO at Wash, emphasizes the importance of help desk workers' firsthand experience and their ability to provide valuable insights into security processes. She shares a personal anecdote about a user who panicked after clicking a fraudulent UPS email, highlighting the need for empathy and crisis management skills in help desk roles. The discussion also touches on the importance of customer service skills and the ability to defuse tense situations. The hosts and guest agree that while coding skills are important for specific technical roles, they are not essential for all cybersecurity positions. They believe that help desk workers can be a valuable asset to security teams, providing a unique perspective and understanding of the user experience. The episode concludes with a call to action for CSOs to recognize the value of their help desk teams and leverage their expertise to improve security processes and user experience.
Outlines
Introduction
This Chapter introduces the topic of the episode, which is the value of help desk workers in cybersecurity. The hosts, David Spark and Steve Zaluski, discuss the cybersecurity skills gap and how help desk workers possess valuable entry-level skills.
Help Desk Insights from a CSO
This Chapter features Sasha Pereira, VP of Infrastructure and CSO at Wash, who shares her perspective on the importance of help desk workers in cybersecurity. She emphasizes their firsthand experience, their ability to provide valuable insights into security processes, and the need for empathy and crisis management skills in these roles.
Push Security Sponsor Message
This Chapter is a sponsored message for Push Security, a company that provides browser-based security solutions to prevent identity attacks.
Coding Skills and Help Desk Roles
This Chapter delves into the discussion of coding skills in cybersecurity and whether they are essential for all roles. The hosts and guest debate the importance of coding skills for security engineering positions and discuss the various help desk roles that may not require coding expertise.
Keywords
Cybersecurity Skills Gap
The shortage of qualified cybersecurity professionals in the workforce. This gap is often attributed to factors such as the rapid evolution of technology, the increasing complexity of cyber threats, and the lack of sufficient training and education in cybersecurity.
Help Desk
A department or team within an organization that provides technical support to users. Help desk workers typically handle a wide range of issues, including password resets, software troubleshooting, and hardware problems. They are often the first point of contact for users experiencing technical difficulties.
CSO
Chief Security Officer, a senior executive responsible for the overall security of an organization. CSOs typically oversee security policies, procedures, and technologies, and they are responsible for managing security risks and incidents.
Empathy
The ability to understand and share the feelings of another person. In the context of cybersecurity, empathy is crucial for help desk workers to effectively communicate with users, understand their concerns, and provide support in a sensitive and helpful manner.
Identity Attacks
Cyberattacks that target user identities, such as phishing attacks, credential stuffing, and account takeover. These attacks aim to steal sensitive information, such as usernames, passwords, and financial data, to gain unauthorized access to accounts and systems.
Push Security
A company that provides browser-based security solutions to prevent identity attacks. Their browser agent helps organizations detect and respond to advanced phishing attacks, enforce sensible controls, and protect user identities.
Generative AI
A type of artificial intelligence that can create new content, such as text, images, and code. In cybersecurity, generative AI is being used to automate tasks, improve threat detection, and enhance security tools.
User Experience
The overall experience a user has when interacting with a product or service. In cybersecurity, a good user experience is essential for ensuring that security measures are effective and do not create unnecessary friction for users.
Q&A
What are some of the key skills that help desk workers possess that are valuable in cybersecurity?
Help desk workers often have entry-level skills in areas like engineering, analysis, awareness, architecture, and identity access management (IAM). They also have a deep understanding of an organization's IT infrastructure and the challenges faced by various departments.
Why is empathy important for help desk workers in cybersecurity?
Empathy is crucial for help desk workers to effectively communicate with users, understand their concerns, and provide support in a sensitive and helpful manner. It helps them defuse tense situations and build trust with users.
Are coding skills essential for all cybersecurity roles?
No, coding skills are not essential for all cybersecurity roles. While they are important for specific technical positions, such as security engineering, many other roles within cybersecurity do not require coding expertise.
How can CSOs leverage the expertise of their help desk teams to improve security processes and user experience?
CSOs can recognize the value of their help desk teams and leverage their expertise to improve security processes and user experience. They can involve help desk workers in security initiatives, gather their insights on user needs and pain points, and use their knowledge to make security measures more user-friendly.
What are some examples of how help desk workers can provide valuable insights into security processes?
Help desk workers can provide valuable insights into security processes by identifying areas where security measures are burdensome or difficult for users to follow. They can also provide feedback on the effectiveness of security controls and suggest improvements to enhance user experience.
Show Notes
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH.
In this episode:
-
Is working the help desk a great place to get entry level cyber security skills?
-
So why is it so often overlooked or even looked down upon?
-
What kind of experience do you need?
-
What is the ideal path to break into the cybersecurity industry?
Thanks to our podcast sponsor, Push Security!
Prevent, detect and respond to identity attacks using Push Security’s browser agent. Enable Push’s out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR.
Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.
Table of contents
United States
