Security Job – Director Cyber Security / NERC CIP Solutions & Business Development

Job Type: Full-time employee
Job Location:  Either TX or could be based anywhere USA. Call for details
Compensation: Base of $120,000 up to mid $100,000 plus bonus.  (Call for details)
Telecommute: Possibly –  this is an option for the right candidate.
Education: Strongly prefer a BS Degree. MBA a plus
Travel %: 30%
Relo Paid: Yes – case by case basis
Status: US Citizen or Green Card – Sorry, no Visa Sponsorship
Insurance / Benefits:  Available day one
SecurityHeadhunter.com, a Security Search Firm, has been engaged to conduct an exclusive search for a Director Cyber Security / NERC CIP Solutions & Business Development. My global reaching client is a leader in providing innovative software solutions and services to industrial facilities worldwide. Their software solutions and services not only improve Human Reliability, but enhance regulatory compliance, increase safety and improve facility profitability. My client, who has a reputation of engineering several industry first solutions, has now developed a very unique NERC CIP / cyber security solution that will truly improve a company’s ability to be in compliance with their Security & NERC CIP regulations, and other guidelines in a much more effective and time efficient manner.

The candidate I seek will have a solid Cyber Security background coupled with both a solid understanding of NERC CIP. They will also be someone who is engaged in  and business development experience to be able to help drive my client’s cyber security solution to the power industry and other markets from a technical and business platform.  Having experience with automation such as SCADA, DCS, PLC is a plus.

Role Description

In this role, you will have responsibility to further define and market this unique cyber security solution.  Tasks will include:

• Assisting / leading development of a business plan and marketing plan to educate the market on this unique solution.
• Determine software and services requirements for the solution to be delivered.
• Work to become a recognized industry expert on Cyber Security and NERC, attending multiple trade group related events and so forth.

Qualifications

The successful candidate should have the following qualifications:

Minimum 5 to 10 years experience in the field of cyber security, with solid experience in NERC CIP and business development.

• Prefer a 4 year Bachelor degree in related technical field (Computer Engineering, Electrical Engineering, Computer Science, etc.).  MBA a plus but not a requirement
• Preference will be given to candidates with automation experience (DCS, PLC, SCADA, etc.)
• Excellent written and verbal communication skills, experienced in delivering technical presentations to industry groups.
• Experience in both technical “hands-on” work, as well as business roles (sales, marketing, business development, etc.).

To confidentially discuss many more details of this position, please contact Wils Bell directly at 407-365-2404 or email a confidential resume to: Bell@SecurityHeadhunter.com

Wils Bell
President
SecurityHeadHunter.com

POB 620298 * Oviedo, FL32762
Direct: 407-365-2404
Bell@SecurityHeadhunter.com l SecurityHeadhunter.com

 

Follow me on Twitter for the latest news, jobs, and breaches.

Security Breaches & Security News

To follow Security Breaches and Security News throughout the day, follow me on Twitter

Council data breaches increase by ‘alarming’ 1,600 per cent

BMO Harris warns customers after laptop stolen

Bank vs. Customer Claims Rejected

Cyber-espionage Mahdi virus spreads further in Middle East

Hacker collective leaks one million records, vows ‘hellfire’

Frankenstein malware: a monster stitched together from trusted code

Virus on virus – set a thief to catch a thief

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Latest SAP Security News

How Do You Change an Unhealthy Compliance Culture?

Link spotted between Wiper virus and Stuxnet, Duqu

Kaspersky looks at the wreckage of Wiper malware

More password problems from Windows Registry

Survey Tracks Security’s ‘Bad Mood’ Trend, Need for Improvement

Researchers Identify Second New Java Bug

Second LulzSec Member Arrested for Sony Pictures Attack

Analysis Shows Traces of Wiper Malware, But No Links to Flame

REALLY – Most firms do not protect sensitive data in databases, survey finds

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

• HELPFUL LINKS
•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches & Security News

Follow me on Twitter @Security_REC for news, jobs and…

• German official wants Facebook to delete biometric profiles of users’ faces

• Dozens of Atlanta police socially engineered into giving ID thieves their personal info

• Bitcoinica, twice hacked in 2012, is being sued

• FinFisher: The Cyber Espionage Tool Found Everywhere

• Serious Vulnerabilities Remain in Reader After Huge Patch Release, Researchers Say

• Researchers Find Flaw in Dirt Jumper Bot

• Startup Envisions CISO Collective to Share Cyberattack Information

• Breaking Into Security: Planet Earth Edition

• Not Providing Education is the Dumbest Idea for Infosec

• Citadel Malware Used to Infiltrate Airport VPN

• Adobe Patches Critical Flash Bug, Releases Massive Reader Update

• NSA chief seeks help from hackers

• Security experts push free Gauss detection tools

• Google exec urges two-factor authentication in wake of tech reporter hack job

• How to Talk Security to the Board of Directors

• Heartland Takes Aim at POS Fraud

• Symantec’s CISO on Security Leadership

• Third-Party Breaches on the Rise

• High Roller Attacks

• Tripwire asked the question: What is the hardest part of security? Here are the answers.

• 10 Ways to Ease Public Cloud Security Concerns

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Are You a Hiring Companies – visit our website
• Are You a Security Professional – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Security Job: AVP Infosec

 

AVP Information Technology Security

 

Job Type: Full-time employee

Job Location:  Boston, MA area

Compensation: Base of mid $100’s plus bonus plans. (call for specific details)

Telecommute: No

Education: BS Degree and a Masters is a plus

Travel %: minimal

Relo Paid: Yes – case by case basis

Status: US Citizen or Green Card – Sorry, no Visa Sponsorship

 

 SecurityHeadhunter.com, a Security Search Firm, has been selected to conduct a search for a top shelf AVP candidate to manage the Security Operations Center (SOC) for a fortune 500 organization.

As the selected candidate, you will have knowledge of INFOSEC best practices and be responsible for overseeing the overall state of security for the organization and for working with management to ensure that INFOSEC objectives are aligned with corporate risk tolerance and strategic goals. You will also be responsible for developing and keeping up to date security policies and procedures to ensure operational compliance.

You will need a minimum of 8+ years of IT experience with at least 5 years developing and implementing security policies / best practices within a multi-platform environment. You will need good project management skills and excellent oral and written communication skills. Managing staff for at least 4 years in technical leadership roles is required.

Additional responsibilities and duties include:

• Managing and mentoring a staff (2 direct and 25+ indirect) and developing them for future growth within the security department in additional to conducting performance appraisals, interviewing and proper discipline.
• As relate to the needs of the SOC and OGC (operational governance groups), oversee the development and management of RFP’s, expense budgets and business plans.
• Contributing to the design, maintenance and execution of Corporate Security Policy and Incident Response Plans.
• Reporting on the state of Security of the computing environment to the executive level.
• Must be knowledgeable of INFOSEC systems including SIEM platforms, firewalls, virus protection and vulnerability testing.
• Must be knowledgeable in a broad range of technologies including OS, mainframes, mid ranges and client server.
• Must be knowledgeable in SOX and PCI and understand how to deal with regulators when needed.
• Must be able to make appropriate recommendations (and coordinate implementation) on the design / purchase of security tools to be utilized by the SOC, Operational Governance and the Security Intelligence groups.

• Directing and creating remediation priorities based on level of vulnerability / scope of impact.
• Implementing policies that will ensure there are correct levels of scanning, monitoring, and incident response when needed.
• Developing procedures which will ensure there is as minimal impact and disruption to business operations and systems during any remediation of vulnerability issues.
• Providing the appropriate direction and methodology for forensic analysis and reporting.
• Developing and implementing security standards and procedures for controlling access / authentication to many systems and applications.
• Must maintain or create procedures to continually evaluate security administration standards and procedures to ensure compliance with best practice standards and audit requirements.
• Ability to partner with other departments and groups to understand the user needs for access to corporate data and applications and ensuring that data has been appropriately classified as public, private, sensitive, or confidential.
• Reviewing and evaluating projections on the needed resources for INFOSEC projects (i.e. capital costs, FT staff, contractors, etc.)
• Reviewing and prioritizing INFOSEC projects portfolio.
• Partnering and/or working with other IT groups to secure participation from key people /contributors from other departments and notifying senior management for additional resources. Allocating resources as needed to support strategic company goals.
• Collaborating and working with other departments (App Dev, Systems, Infrastructure, Architecture, etc) to clarify INFOSEC expectations for securing systems to ensure adherence to policies and standards.

To be considered for this position, please contact Wils Bell directly at 407-365-2404 or email a confidential resume to: Bell@SecurityHeadhunter.com

Wils Bell
President
SecurityHeadHunter.com

POB 620298 * Oviedo, FL32762
Direct: 407-365-2404
Bell@SecurityHeadhunter.com l SecurityHeadhunter.com

 

 

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Security Breaches & Security News

To follow Security Breaches and Security News throughout the day, follow me on Twitter 

Massachusetts hospital to pay $750,000 for 2010 data breach

Senator wants more info on data breach at federal government’s retirement plan

Malicious PowerPoint File Targeting Flash Player Vulnerability

California IT technician sentenced to nearly five years for identity theft

Survey Shows Consumers Still Openly Risking ID Theft

Linkedin Hacked: A Few App Suggestions For Protecting Your Online Passwords

LinkedIn Investigating Password Leak That Could Affect 6.5 M

Top 4 Malware-Related Issues for 2012

What’s the Meaning of This: Flame Malware

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

Hackers Don’t Like to Work Weekends

Serco: ‘Sophisticated’ Attack On U.S. Govt. Pension Plan Nets Info On 123k

N.J. Mayor, Son Accused of Hacking Political Web Site

Company Fined for Distributing Malicious Android Apps

WHMCS victim of social engineering; over 500,000 client records stolen, deleted from server, and dumped publicly

IXESHE Malware Avoids Easy Detection to Remain a Persistent Threat

FBI Tells You Everything You Wanted To Know About Online Frauds But Were Too Afraid To Ask

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

• HELPFUL LINKS
•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Latest Infosec News

Follow my Twitter feeds for daily breach and security news.

Researchers uncover causes of MilitarySingles.com hack

NASA denies Iranian cyberattack

Absinthe 2.0 Jailbreak for iOS 5.1.1 Devices Released

New York Lawmakers Want Anonymous Comments Banned

FBI Warns Top Firms Of Anonymous Protest Hacks on May 25

The Virtual Sky is Falling!

Internet Fraudster Back in US After Being Fugitive for 12 Years

Join the Fight Against Cyber Spying Proposals in the Senate   

UK’s new cookie law came into effect Sunday

Yahoo and TalkTalk confirm human error as weakness security link

Flame proves cyberwarfare is active

Why Boards of Directors Don’t Get It

Mass. Hospital Pays Breach Settlement

Insider Case Exposes Security Lapses

Fighting Hackers With Public Relations

Olympic-themed spam emails carries malicious PDF  

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

• HELPFUL LINKS
•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Where’s that document I signed?

Several years ago when you started that new position it was a very exciting time.  That first  morning down in Human Resources getting ready for your orientation and filling out and signing paperwork.   There was the health insurance paperwork,  the life insurance paperwork, the tax withholding paperwork, the retirement account paperwork, and perhaps  the employee conduct handbook. Was there anything else that you signed?

Hey, what about that Non Compete Agreement / Non Disclosure Agreement paperwork. Did you sign one of those also? Chances are you did, but what exactly did it say?

Now, fast forward to present day. Do you know where your signed copy of your agreement is located? Just what were those restrictions or limitations you’re subject to if /when you leave this employer.

According to a lot of people I have asked that question to recently, very few people know the exact location and can put their hands on the agreement today. Some folks have no idea where it is or did they even keep a copy, while others think maybe they might be able to  find it, but aren’t sure.

These type agreements should be considered a very important document to you for many reason.

Most people who know exactly where it is , simply scanned it after they took it home and it’s on the hard drive AND backed up. Others have it in the safety deposit box. It doesn’t really matter where you keep it as long as it is safe and you can put your hands on it when needed.

Having to call your employer’s HR department and ask for a copy just might alert someone as to your career plans.

The point of this whole article is that it only takes you a minute to save your signed agreement securely so you’ll be able to access if and when the times comes. It could and can save you a lot of headaches and other issues down the road when you decide it is time for a change and you need to know just what it says.

Just my 2 cents worth.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

• HELPFUL LINKS
•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

• Zeus Trojan Takes Aim at Cloud Payroll Services
• Four Tips for Teaching Your Staff About Social Engineering
•  Are there serious cyber threats that target medical devices
• When Will PCI SSC Stop the Mobile Payment Insanity?
• Chase Hit in ATM Skimming Attacks
• Apple Developing Fix For Flashback Malware
• SAIC Explains Insurance for Breach
• Social security numbers publicly available on nonprofit tax forms
• The Fight For the Internet Continues — Could CISPA be the Next SOPA?
• 4 Steps to Securing Mobile Devices and Apps in the Workplace
• Number of victims in state of Utah breach significantly rises
• Sophos Takes Down Partner Portal After Signs of Hacking
• LulzSec hacker reverses guilty plea for Sony Pictures attack
• Hackers target Medicaid claim forms in Utah
• Twitter sues five over spamming, providing automated tools
• Questions Abound On Size and Makeup of Flashback Botnet

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

• HELPFUL LINKS
•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

Is Global Payments the Only Breach?

Pump Up Your P@$$w0rd$

Real Questions about Huawei for US Rep. Frank Wolf

Active Zeus C&Cs Remain Following Microsoft Takedown

Flight check-in emails lead to Zeus infection

Facebook Users Targeted by Ice IX Malware in Credit Card Grab

Infographic: Infections from 25K Sites Hit 10M Victims in February

US Airways Spam Redirects to Blackhole, Zeus Infection

 Mozilla Adds Older Java Versions to Firefox Blocklist

ACLU finds widespread warrantless cell phone tracking by local police

Ten Takeaways from the Tilded Platform

FTC to Link Do-Not-Track and Big Data Concerns

The Technical Debt Bubble and Its Effect on IT Security

Check Point Fails to Renew Domain Name CheckPoint.Com

LulzSec Hacker Ryan Cleary Put Back in Jail for Emailing Sabu

Anonymous: We Don’t Agree with LulzSec Reborn

Cyber Criminals Top Secret Service Most Wanted List

Shackleford: What’s RIGHT with Infosec

The raid on your medical records 

Sensitive personal information on 800,000 California residents lost between IBM and state office

Rogers-Ruppersberger Cyber Bill Gains Momentum

The First Cyber Shot in a Chinese Jasmine Spring

Wils Bell – President Direct: 407-365-2404 Email: Bell@SecurityHeadhunter.com HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

• Microsoft co-founder Paul Allen victim of ID theft

• FTC releases proposed settlement order in RockYou breach; $250k fine for breaching COPPA

• Chris Aragon, partner in Carders Market, pleads guilty in massive ID theft/fraud scheme

• Malicious Exploits: Hitting the Internet Waves with CSRF Part 2

• Can DNS Attacks Threaten the Internet on a Large Scale?

• Here’s How Law Enforcement Cracks Your iPhone’s Security Code

• Facebook Has Self To Blame For Employer Privacy Mess

• Money Mules, Not Customers, The Real Victims of Bank Fraud

• Hackers turn credit report websites against consumers

• NSA Denies Warrantless Wiretaps Despite Evidence

• Huawei Symantec: Fear of Chinese Espionage Ends Venture

• CyberPatriot Announces National Championship Winners

• Healthcare Breach Tally: 409 Incidents

• PwC report highlights senior management complacency about security

• Apple Clamps Down, Begins to Reject Apps Looking for UDID Numbers

• Seven Problems with Cell Phone Forensics

• Installation of Vendor’s Patch Does Not Guarantee Security

• Study Finds China Censorship Of Social Media Is Real, Pervasive

• New TGLoader Android Malware Found in Alternative Markets

• MA: Property Management Firm to Pay $15,000 in Civil Penalties Following Data Breach – But Why?

• MilitarySingles.com hack exposes over 160,000 users’ information 

• Microsoft and Law Enforcement Hit Zeus Botnet Servers

• Hacktivists Surpass Organized Crime in Volume of Data Theft

• Open source code libraries seen as rife with vulnerabilities

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

Can Health Care Orgs Maintain Trust With Electronic Records?

iOS JavaScript Bug Can Lead to Spoofed Sites

Facebook Warns Users About Timeline Adware

Incident Response and PCI Compliance

Public Key Infrastructure 1998 – 2012

Is a W-2 Considered PHI Under HIPAA?

Department of Defense Developing Cyberspace ‘Rules of Engagement’ Framework

8 Arrested in $4.5 Million Scheme

Key Components of a Social Media Policy

In Australia, secure your Wi-Fi — or face a visit from the police

NSA Chief: Cyber Becoming More Perilous

NSA Chief Denies Wired’s Domestic Spying Story (Fourteen Times) In Congressional Hearing

ISPs Signal Support For Anti-Bot Code Of Conduct

Some Thoughts on Sandboxes

Vulnerability Remediation: No More Traffic Signals

Wireless Security: Wi-Fi Hacking Burglars Get Busted

Hackers Target Social Media for Social Engineering Attacks

Experts Tell Senate: Government Networks Owned, Resistance Is Futile

Verizon: Hacktivists Steal Most Data In 2011

Six High-Risk Flaws Fixed in Google Chrome

Follow-up: Two men who stole bank info from Michaels customers headed to federal prison

Breach Leaves Thousands Of Kaiser Permanente Employees Checking Their Credit Report

Verizon: Hacktivists #1 Breach Threat

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my TWITTER feeds for daily breach and security news.

• Paper Chase: The Huge Security Risks In Your File Room

• Pwned List Launches As A Breach Monitoring Service

• TRICARE Breach Victims Report Fraud

• NSA Chief: Cyber Becoming More Perilous

• Do people in security tweet too much?

• Changing of the Guard: A Perspective on the Changing CISO Role

• Assessment of Visual Voicemail Security

• Newly Compiled Driver Shows Duqu Authors Still At Work

• IT pros lack confidence in public cloud’s perimeter defenses

• Cost of data breaches outstripping inflation

• New twist in social engineering rogue AV

• GAO takes IRS to task – again – over information security lapses

• Russia government appoints Krutskikh as cybersecurity coordinator

• Researchers discover flaws in SSO that leave websites vulnerable

• Nearly Five Percent of All Smartphones Lost Every Year

• Russian Agencies Take Down Carberp Gang

• Governments Tip-Toe Toward the Cloud

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

 

• Mobile devices open corporate floodgates to malware

• Schneier reveals three biggest information security risks in 2012

• Trust in our Digital World is in Jeopardy

• 2012 : Expect DDoS botnets to be smaller, more effective and more of them!

• Debate Over Active Defense and Hacking Back Crops Up at RSA

• Fake Chat Screen Malware Hijacks Banking Customers

• The Most Outrageous Job Interview Mistakes

• Android Malware Being Distributed via Facebook

• Anonyomous Hackers Hit Prison Management Company

• Roland Corporation Hacked

• Yellow Pages Hacked by Mad HackerZ Team

• Infragard Hit Again by Anonymous Hackers

• Most organizations lack adequate oversight of SSL certificates. Is your company one of them?

• IBM Expands QRadar to Deliver Security Intelligence

• An 8-Word Social Media Policy

• Demanding Stronger Card Security

• Bruce Schneier on Liars and Outliers

• Tangled Web: A Guide to Securing Modern Web Applications

• Careless management of crucial security instruments

• Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents

• Agari expands use of DMARC email security standard through new program

• Add the Ontario Association of Chiefs of Police to any list of law enforcement agencies attacked by Anonymous or its affiliates.

• Wikileaks Dumps First of 5 Million Stratfor E-Mails

• A Checklist for a Move to the Cloud

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Security Breaches, Security News & More (week ending 2-17-12)

• Anonymous Plans To Take Down The Internet: 
• Low-Tech Fraud Targets Banks, CUs
• 4 Crime Rings to Watch
• NC: Online security breach hits Charlotte college campus, officials warn
• Auditor IV: The Card Data Breach
• Central Connecticut State University server infected with Z-Bot; over 18,000 notified of incident
• Best Practices to Prevent Document Leaks
• Lessons from the Nortel Networks Breach
• The Truth Behind Data Breaches
• What You Need to Know About the RSA Key Research
• Court Orders Defendant to Decrypt Her Computer
• Coping With a Lost Laptop
• The 15 worst data security breaches of the 21st Century
• Romanian police arrest alleged hacker in Pentagon, NASA breaches
• Analysing the cyber scam that tried to fool an infosec professional’s wife
• Profiling Advanced Persistent Threat (APT)
• Are Self-Signed SSL Certificates As Insecure As They Say?
• Twitter Admits Storing IPhone Contact Data
• Disclosures: How Much Sharing is Too Much?
• Did A Decade-Long Hack Trigger Nortel’s Demise?
• Weak RSA Keys Plague Embedded Devices, But Experts Caution Against Panic

Follow my Twitter feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches, Cyber Crime & Security News Highlights

** Remember to follow me on Twitter  for daily breach and security news.**

Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions

Anonymous-Linked Attacks Hit US Stock Exchanges

Security practitioners weigh in on the 15 worst data security breaches in recent memory.

Republican senators want to put the brakes on cybersecurity bill

Audit reveals Maryland inmates had access to social security numbers

Local government discloses employee social security numbers

Offer to ‘test’ iPhone 5 is a scam

The escalating cost of US cybersecurity plans

The rise of information stealers and pay-per-install malware

Malware Network Threats Rising, How to Defend Yourself

Senators Unveil Cybersecurity Bill to Empower Homeland Security

Mozilla wants CAs to stop issuing and revoke MITM certificates

Horde FTP server hacked, files modified to include backdoor

Gap in patch priorities vs cybercriminal targets

Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report

Annual Breach Reporting Deadline Looms

Security Falling Short When It Comes To Dealing With Growing Cyber Attacks

U.S. Commerce Department Infected with Malware

Alabama and Texas law enforcement sites fall to hackers

7 Steps to Building a Security Program

78% of organizations that Trustwave investigated had no firewalls at all Adobe’s Security Chief Talks About Driving Up The Cost of Exploits

Symantec Verifies Stolen Source Code Posted By Anonymous is “Legitimate”

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches & Information Security News

Follow my Twitter feeds for daily breach and security news.

 

Ernst & Young loses 401k information of bank employees

Food and beverage industry has unsavory history of data breaches

Disaster Recovery is health industry’s biggest headache

2011 review: CNI targetted, spam down, botnets up

Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Role of Ethics in IT Security

Data Loss Doesn’t Always Mean Getting Hacked

Hackers Infect WordPress Web Sites

VeriSign Hacked – But Why?

Number of patient record data breaches nearly doubled last year

Why Infosec Forced Me to Get an MBA

The Most Technologically Secure Super Bowl Ever

Acts of Terrorism vs. Cyber Threats: New Offense Scenarios

How to Win Friends and Steal Their Facebook Accounts

How To Spot A Fake Facebook Friend Profile

New Guidance on Payments Processing

Healthcare Breaches: Behind the Numbers

Verisign Breached Several Times in 2010

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Breaches From Across the Net Week ending 1-13-12

Follow my Twitter feeds for daily breach and security news.

 

• Phishing Campaign Using Spoofed US-CERT Emails

• Leahy promises to amend Senate version of SOPA before vote

• Can You Trust Data-Recovery Service Providers?

• Teenager Sentenced for Card Skimming

• Stratfor Website Back Online After Hack, CEO Apologizes

• Microsoft Readying Real Time Hosted Threat Intelligence Feed

• Class action lawsuit seeks $4.9 billion over TRICARE data breach

• Homeland Security gets $888m for infrastructure protection and information security

• The Lords of Dharmaraja Faked Indian Gov’t Memo

• Ten Years After Gates’s Memo, Effects Still Being Felt

• Malicious URLs being disguised by QR codes

• Carrier IQ detection tool converted to premium SMS Trojan

• Vermont tax agency posts social security numbers, federal tax IDs online

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

•  Hiring Companies – visit our website
• Security Professionals – visit our website

• Twitter (Follow me for latest Jobs, Breaches, and News)
• LinkedIn (I accept all security professional’s Invites)

Security Job: Due Diligence Marketing Representative

Security Job Title:   Due Diligence Marketing Representative

Job Type: Full-time

Job Location:  May be based anywhere

Compensation: Base of $80,000K to $120K  plus solid commission structure

Total Package:  Average Rep’s earn between $200K – $300K or more

Education: Prefer BS, but will consider work / education combination

Travel %: minimal

SecurityHeadhunter.com, an Executive Search Firm, has been retained to identify and recruit a solid candidate to join an established and growing (20-30% annually) firm that performs due diligence background reports on both companies and individuals around the globe. My client works with a large variety of Corporations to include but not limited to 25% of the Fortune 100 Companies, Regulatory Agencies, Multinational Law Firms, Governments and other Service Providers who specialize in the Energy, Defense, Gaming, Technology, Medical, Manufacturing and Finance Sectors.

Corporations are expanding their services, products and brand globally. As such, many of these same corporations need to attain due diligence reports on partners, vendors, employees, etc. This is my client’s specialty and is one of the factors propelling their solid annual growth.

As a successful candidate you need to have solid experience in client development and sales. Experience selling a business risk product or service is a big plus.

My client’s service is generally sold to C Levels executives; General Counsel, Chief Legal Officer, Chief Risk Officer. As such, having relationships with these contacts is a must and will accelerate your sales cycle.

Duties & Responsibilities

• Must have solid sales / marketing experience to C Level executives (General Counsel, Risk Officer, Legal Department) and have relationships with these levels
• Must be able to develop new business through referrals and cold calling
• Must be able (after training) to explain how due diligence services can and will benefit clients and what separates company from competitors
• You must understand that client service is major selling point of the company
• Will act as primary the point-of-contact for the client
• Will thoroughly read due diligence report and discuss findings with client
• Must have ability to maintain current client relationships while building new relationships
• Ability to work independently and in a telecommuting capacity in required
• Must be very detailed oriented
• Must have good written and verbal communication skills

Contact:

Wils Bell

407-365-2404

Bell@SecurityHeadhunter.com

SecurityHeadhunter.com 

Breaches and Security Articles from Around the Web

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

 

Application Security Guide For CISOs

GSA Final Rule Requires Vendor Proof of Security

More than 51,000 security pros employed in Q4, up from 37.000 employed in Q1, study says

FBI Warns: Game Over

Cisero’s sues processor and bank over pass-along fines following alleged breach

Ramnit Worm Threatens Online Accounts

Cyber Attacks May Be Revealed to Investors as SEC Rules Push Disclosures

Researcher Releases New Version of P0f Fingerprinting Tool

Gamers Seek Beta Versions, Download Malware Instead

US and China headed for CYberWar in 2012: 

 

 

 

Breaches & Security News from Around the Internet

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

Top Tech Trends for 2012

Manhattan District Attorney Charges 55 with Cybercrime

Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers

Feast of the Seven Phishes 2011

On 2011: The Year of System Failure

Government Can Save Millions Reforming Security Policy

Hackers Publish Information on 90 Million in China

Hackers Release More Information from STRATFOR

The six worst data breaches of 2011

United flyer finds dozens of passengers’ info online

If it’s Friday, it’s time to reset almost 18 million passwords?

Hackers to exploit vulnerable infrastructure in 2012, McAfee warns

Attackers could remotely exploit flaws in Siemens industrial control system app

US-CERT warns about security flaw affecting millions of wireless routers

Japan’s cyber defense weapon: a virus

Breaches & Security Articles from Around the Web 12-14-11

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

Microsoft Patches Windows Flaw Exploited by Duqu

Restaurant Depot Admits They Were Hacked, Customer Data Stolen

Don’t Fall Victim to Poor Network Segmentation

2,000 live typosquatted domains discovered

The risks of unauthorized access

Top software failures of 2011

RSA breach tops list of 2011’s most significant cybercrimes

Experts tie cyber attacks to Chinese government-backed hacking groups

Homeland Security releases roadmap to improve security in cyberspace

ENISA on Cyber Security: Future Challenges and Opportunities

Cyber Security and Illegal Information Operations

DHS Releases Blueprint for a Secure Cyber Future

Common Errors in Firewall Configurations

FTC Takes on Super Cookies

ENISA Releases DigiNotar Report: Operation Black Tulip

House panel mulls compromise cybersecurity legislation

Adobe patches critical zero-day flaw in Reader and Acrobat

Top Ten Password Cracking Methods

Breaches & Security News From Around the Web 12-06-11

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

 

Ex-Army researcher links Conficker to Stuxnet

Russian media, election watchdog silenced through cyberattacks

Small firms have fewer resources to deal with more cyberthreats, House panel told

MIT researchers: US needs single agency to protect electric grid from cyberattacks

Getting Past Security’s Fuzzy Math ROI

Is the Security Response System for SCADA-ICS Broken?

Holiday Shopping At Work Raises Risks

Raytheon Acquires Cybersecurity Firm Pikewerks

Executives Lack Confidence in Infosec Strategies

Controls Have to be Executed Perfectly Every Day

Carrier IQ Controversy Spawns Lawsuits

FBI Warns of New Fraud Scam

Congress Probes TRICARE Breach

Organizing a Breach Notification Team

 

Wils Bell

Bell (at ) SecurityHeadhunter.com

407-365-2404

Breaches & Security Articles From Around The Web 12-2-11

If you missed my Twitter (Security_REC)  posts on Security News and breaches this week, here’s a recap:

AT&T and Sprint acknowledge use of Carrier IQ

Norwich Airport database breached

FBI Warns of Coordinated Malware and DDoS Attacks Designed to Drain Bank Accounts

Twitter snaps up Marlinspike’s mobile encryption startup

Carrier IQ Rootkit Logs Everything on Millions of Phones

Health Care Data Breaches Increase by 32 Percent: Ponemon Report

Hackers accessed city infrastructure via SCADA – FBI

Data breaches in healthcare organizations are rising more than 30 percent year 

Survey – More patient data breaches, less security, and more headaches for patients

Breach Response: Reputational Risk

RIM PlayBook Jailbroken, Researchers Claim

Two Million Requests from Infected Systems In Week After Ghost Click Takedown

One-quarter of firms hit by cybercrime, survey finds

Adobe issues security warning for Adobe Flex SDK

Twitter snaps up Marlinspike’s mobile encryption startup

Carrier IQ smartphone software logs your every move, says researcher

Is PCI Effectively Preventing Fraud?

Fraud Scheme Hits Grocer

Duqu hackers scrub evidence from command servers, shut down spying op

Criminals sabotaging Cyber Monday, security experts warn

Interviewing Advice

I hope everyone had a great and safe 4^th of July holiday.  Our weather was wonderful here in central Florida and several friends joined my wife and me for a party around the pool followed by some great food off the new Weber grill. (It was great cooking over charcoal again after all the years of gas)

The Friday before the holiday, I had a candidate speak by phone with the CISO at a client of mine.  My client is a mid sized organization that realizes they are way behind in their Infrastructure Security and want to bring in a top talent to get them where they need to go.  They had already talked with two other candidates earlier in the week that I had presented and wanted to talk with the third and last person before heading out for the holiday.

 The Candidate Feedback

Friday afternoon, I got a call from my candidate telling me he thought the conversation had gone very well. He was able to answer many technical questions and provide ideas how they would handle the upgrade to new security and so forth. The client really liked his ideas and they seemed to hit it off very well. In fact, they even joked around a bit at the end of the conversation. He felt that my client would want to have him fly in for an interview.

 The Client Feedback

On Tuesday, when we all went back to work, the client called and said they would like to invite candidate #1 and #2 in for on site interviews.  This was great news and I then asked about candidate #3.  Would they also like to invite him in?

The short answer was not at this time.  The client said his skills and experience were great and were equal to the other candidates interviewed through me, but he had turned the client off at the end of their conversation.

Here’s What Happened

During the first 95% of the phone interview, he presented himself well in regards to his current and past duties. He was clear and detailed on the approach he would take to complete the task the position required. They were getting along very well, so well in fact that my candidate decided to share what he though were a couple of humorous anecdotes.

They were funny to the candidate, but the client was not as amused and felt the candidate’s professionalism left something to be desired.

Remember…

When you are on a phone interview you are speaking with a hiring manager / authority.  They are not your friend or buddy today. They may become your boss soon and perhaps later a friend, but not today.  They are on the other end of the phone to learn about you, your experience and personality.

In this economy, most employers are going to phone interview multiple candidates to screen down to a couple to invite onsite for an interview.

Phone interviews need to be handled as professional as an on site interview since they are generally the first step in the process. To be eliminated from the interview process for telling what you think are humorous stories is purely a waste.

In coming days, I’ll right a posting about the no-no’s on interviews both phone and on site.

Security Job: Application Security Consultant

Applications Security Engineer

(Client will consider someone on a telecommuting basis that is “VERY”  experienced in Web AppSec source code review with solid

utilization of source code review tools.)

Job Type: Full-time salaried position

Job Locations: Telecommute

Compensation: $90,000 to $115,000 salary, maybe more

Telecommute: Yes

Education: BS strongly preferred, but not required.

Travel %: minimal

Relo Paid:  Possible assistance available on a case by case basis

Certifications Preferred: CISSP is NOT required, but would be a plus

SecurityHeadhunter.com, a Security Search Firm, has been selected to conduct a search for a Web Application Security Consultant. Our client is looking for a person who has a passion for Web AppSec and understands that this area continues to evolve. The successful candidate needs to have solid Web AppSec experience working performing secure code reviews. Should have experience with one of the leading source code review tools such as Fortify, AppScan, HP Web Inspector or Hail Storm.

A true understanding of the OWASP Top 10 is also needed.

Successful candidate needs to be able to work with and relate to software developers during any and all remediation processes.

Any experience as a software developer working with Java and /or .Net would be very desirable.

RESPONSIBILITIES & DUTIES

• Conducting web application security source code review / analysis and application vulnerability assessments on both new and existing web applications.
• Successful candidate will have solid experience performing assessments and testing combined with researching exploits and vulnerabilities
• Solid understanding of best practices and methodologies of source code reviews.
• Ability to prepare formal security assessment reports for all applications.
• Participate and lead when necessary conference calls with internal business customers to review security assessment results.
• Consult with these internal business customers on remediation options and the retesting of security vulnerabilities that have been fixed and republishing your report to indicate the results.
• Ability to communicate complex security subjects in easy-to-understand terms.
• Desire to stay current with emerging technologies and industry trends.
• Ability to work in a fast paced, challenging and sometimes stressful environment while keeping a cool head.
• Ability to look at the big picture and help in finding acceptable solutions and remedies.
• Strong focus and ability to dealing with internal users and customers
• Solid written and verbal communication skills.

To be considered for this position, please contact Wils Bell directly OR email a confidential resume to : Bell@SecurityHeadhunter.com

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

Web: SecurityHeadhunter.com

“A Security Search Firm”