As a firm laser-focused on cybersecurity recruitment, each member at our firm wish to underscore the implications of publicizing Chief Information Security Officer (CISO) or Chief Security Officer (CSO) roles online.
The digital age has amplified concerns surrounding the exposure of sensitive company information, particularly related to security infrastructure and personnel. This public availability can inadvertently paint a target for cyber crime. Mandiant’s Cyber Security Forecast 2023 underscores this issue, highlighting LinkedIn job postings as a prime intelligence source for cybercriminals.
The convenience of reaching potential candidates through online job posts for CISO or CSO positions is enticing. However, it’s crucial to recognize the associated risks. To curb these risks, I propose a more tactical approach to job descriptions and recruitment processes.
Rather than broad, vague descriptions, craft them with sufficient detail to entice suitable candidates but withhold sensitive details. For instance, if you want to hire a CISO proficient in the NIST CSF framework, by mentioning this, you indirectly disclose your usage of NIST CSF, your “security controls”, to potential attackers. Contemplate alternative recruitment strategies, such as collaborating with industry professionals or using confidential headhunting services, to secure the ideal candidate.
At Recrewmint we believe there is strong correlation between companies posting their CISO positions online to being targeted, attacked, and breached because of it.
Should you wish to delve deeper into these considerations or explore how Recrewmint can aid in sourcing and recruiting your perfect CISO / CSO candidates, confidentially, we welcome your communication.