BSidesNYC 0x03 interview with Jesse Annunziata

ready to go yep okay hi Jesse it's really nice to meet you and thank you so much for coming here and chatting with me can you briefly introduce yourself to our audience and what it is that you do my pleasure thank you for having me uh Jesse andada I'm a partner at artico search we are a search firm that is dedicated to recruiting within the cyber security industry um our clients and our work encompasses uh go to market leaders for cyber security vendors we also do a lot of work helping private Equity Venture Capital back and public companies identify and hire their security leadership typically the Chief Information Security Officer and our third arm of our practice is helping

cesos and Security leaders build out functional teams across security architecture engineering operations incident response product security so on and so forth nice very nice and what brings you to besides n YC so bsides is a is a body and a conference we've we've always loved and been supportive of we think bides is a very important sort of pillar in the community I I think what's great about bsides is the affordability of the conference and what it offers to the industry broadly okay you have students fresh graduates entry level folks and then you've got some very experienced you know industry thought leaders that come and share their perspective and and you know post talks and um we think it's just really

important in um addressing you know there's a talent Gap in the cyber security space right there are far more many roles um open than we have available talent for and the professional development that occurs at bsides and is fostered within the community here we think is super important and um we're always excited to be able to support when we can great I think you just mentioned that you have different kinds of attendees coming to bides right people who are just starting off uh whereas people who have been in the industry experienc seen through a lot of things been through a lot of different scenarios and it's a great place it's like a Melting Pot for

different kinds of people to come together and talk and share their ideas in your experience on a day-to-day basis what kind of skill sets do you look for because people come constantly ask what it takes to get into cyber security and that's one aspect but once you get into cyber security there are multiple different flavors and different kinds of roles so what kind of skill sets do you look for in somebody who's like a security engineering manager versus somebody who is a security architect like what kind of skill sets do you think you really need in order to be successful sure great question and um I guess there are several ways to answer and it depends on the subdomain and the

focus of the role and and stuff like that um in general I think as people transition into cyber security having a good foundation and Technical background okay in general helps um professionals be more thorough at their job in security okay security and its place in the business and within companies also you know it reaches Beyond just the security team so having the ability to communicate unicate and work with engineering and development and um and Leadership and being able to be the voice of security and really help build security culture I mean these are you know a combination of hard skills and soft skills that the more you're Adept at them and the more you develop them

within Dynamic environments the the better and more efficient of a security professional you can be you mentioned building out a security culture right like what does that mean and how how do you build that it means different things for different people but according to you and based on your experience of what you're seeing what is it that people are looking for in their Security leaders sure so from a leadership perspective I mean and and the ceso is a tough role right like you have the security domain knowledge and expertise depending on your business you're working externally with Regulators you're supporting sales functions you're supporting marketing you're supporting it you're supporting all of the core functions across the

business so it's a pretty Dynamic audience um that Security leaders need to be able to engage and communicate with and then from there looking down um it takes a lot of you know one of the biggest areas of friction that we see is security versus engineering or security versus software development so bringing in leaders that have empathy towards the other technical engineering functions within the business often sets um things up to be most successful and sounds like a lot of empathy and cross collaboration cross functional collaboration 100% great great thank you so much for that sure and I ask everybody who's come on the segment um to give chat GPD a prompt and one of the prompts that y gave was

how to build a high performing security team and Chach has given a bunch of answers and based on that answer like what do you think it did well and what do you think um can be done better what are your thoughts I think it gave a good framework to to approaching the question right um Define roles and responsibilities recruit top talent Foster strong team culture I think where chat GPT kind of leaves off is how to do each of those right defining roles responsibilities is fairly straightforward but when it comes to recruiting top talent okay how do you recruit top talent what does it take to not only identify top talent but then to um actually win over somebody in a

competitive scenario or bring them into your organization versus the other choices that they have and most of the you know top level of talent across the security industry typically has many choices um so figuring those types of things out I'm not seeing it's a pretty long response sure sure but and and that's mostly because you know it's basically telling what it has seen in the past right yeah and it does provide a good framework but I think within each of the bullet points that it has come up with there's certainly another level of depth that has to be explored and figured out yeah the how is missing yes exactly great and I think I'll leave you with this one final

question what are you most excited for today like what are you hoping to get out of the besides NYC attendance today couple things um number one I love being back in person meeting with people face to face and a lot of the work that we do is over the phone and over Zoom so it's always nice to spend time with people um meeting new people having friends of friends come to our booth and visit is is always great one of the other things um and I didn't mention this before that we've done is is we're launching a um a compensation and career satisfaction survey okay for all levels of Enterprise security function below the ceso okay um we do do a ceso

compensation study as well um that's been running for a few years what we're doing today is it was actually launched two weeks ago it's done in partnership with ions research okay and it's a study that will provide insight into Enterprise security organizations at the engineer level at the architect level at the manager level the director level ultimately um we do think that this will provide you know the Insight will will allow companies to number one make their jobs and and um you know security teams more attractive to the external Market it will also help professionals within the space Benchmark themselves across the industry across their peers um we do think that this will be a

valuable tool as we address inequities in the space and overall again just addressing that Talent Gap it's a it's a multifaceted challenge that we're constantly trying to you know contribute from our perspective towards solving great yeah I mean I think a lot of states are now um giving out laws saying that you have to specify the uh compensation range for each Ro I know New York has that correct um and I think this helps address pay equity um and that's a great initiative so thank you so much and I'm very happy to hear that bid NYC has been able to give you that kind of a platform to talk to people and you know be a great Launchpad

for you yes all right thank you so much for your time Jesse it was a wonderful chat great chatting with you my pleasure great thank you thank you so much