Green Fields for a Green Analyst: My first 90 days in cyber, with no experience and no security program

We all hear people talking about how you need to do your part for the “skills gap” and hire new, inexperienced staff, but could a green analyst really do the job if you can’t find anyone experienced? Can they add value to your team or even do the job at all? My workplace was contemplating exactly that, a regional hospital in the middle of Victoria, no available security talent and a directive from the board to find someone to build a security program from scratch. This talk will cover my first 90 days in the role, with no experience and qualifications, just a passion for cybersecurity and a motivation to learn. From mapping frameworks to writing policies, reporting to the board and rolling out new tools. This talk will show you why sometimes you need to take a chance on someone new to get exactly what you need.