Be on schedule.Score better.


200 word response due 5/17/2024 Franco 2a When recruiting employees for

200 word response due 5/17/2024



When recruiting employees for cybersecurity focused work, the vetting process is very important. These prospective employees are more thoroughly vetted than in non-security positions because of the nature of the work. A cyber employee’s main objectives will be to strengthen the cybersecurity posture of an organization and to decrease asset loss in the case of a potential event. Since they will be protecting critical systems and sensitive data, employers will have to be certain that they have a clean background and intentions. They are the first line of defense and they cannot be corrupt. It would be like a commercial bank hiring a former bank robber as branch manager.


The standard for most industries during the hiring process is to search up a candidate and if their social media platforms are generated in queries they have every right to peruse the profile. McCrie and Lee (2024) recalled that if someone’s information is posted voluntarily on the web, there is no expectation of privacy. Security and HR can check social media for public profiles to further vet a candidate. Invasion of privacy would start if the organization goes to an extreme measure of creating a profile on social media and trying to follow or access profiles that are private and do not show information on a search engine query. Vetting through social media can be a controversial topic because of the damaging conclusions a employer could draw.


Ongoing training can be described as continuous training to ensure that personnel is informed of changes that occur in their respective field. When comparing ongoing training to In-service training, in-service training is usually a planned event where outside personnel train experienced employees in specialized issues or potential events (McCrie & Lee, 2024). 

Board of Directors should receive on-going training about changes in the security landscape and be informed of the new cybersecurity controls that can better secure critical assets. They should receive in-service training about social engineering techniques and how to not be manipulated by threat actors in their own workstations and email domains. Senior management should receive on-going training on how to manage people. They should receive in-service training on communication to be able to present ideas more effectively to shareholders on implementing better security controls. Chief Information Security Officers (CISO) should receive on-going training about soft skills and leading employees during stressful and critical times. They should receive specialized training on specific security controls and how to train employees how to use and implement these controls. IT management should receive on-going training on changing threats and hardware. Their in-service training should be focused on building after-breach reports and gathering effective data to further protect against future events. Functional area management should receive on-going training about different compliance laws and regulations. They should receive in-service training about social-engineering techniques because they may lack foundational security training. Information security personnel should receive on-going training on new software and other security controls. They should receive in-service training on physical security controls against threat actors. Lastly, end-users should receive ongoing training on company changes and procedures. Their in-service training should include phishing techniques and other scams to prevent company loss.


Cybersecurity training is vital to help safely secure an organization’s critical assets. Bhaskar (2022) described that 52 percent of organizations biggest IT threats are non-security employees. They fall to scams like phishing and other social engineering dangers. Offering staff training can be more effective then implementing sophisticated software to combat threat actors. The costliest events are typically ones where threat actors impersonate CEO’s or senior management (Bhaskar, 2022). In addition, the most frequently employed method was impersonations of vendors and suppliers. Bhaskar (2022) further described that employees who received cybersecurity training demonstrate improved ability to recognize potential threats. Investing resources in security training can be the difference in potential events.

Table of Contents


Latest Reviews

Impressed with the sample above? Wait there is more

Related Questions

New questions

Don't Let Questions or Concerns Hold You Back - Make a Free Inquiry Now!