What We Look for When Staffing Cyber Security Positions
May 18, 2017
It’s a well-known fact that there is a talent gap in the security industry. There are simply not enough qualified people to staff the positions in our rapidly growing industry, and every client, partner and solution provider feels this pain.
However, it’s important for our clients and for the industry itself to remain focused on hiring quality professionals with the desire and capacity to grow. As an industry leader running a people-based organization, we believe it takes special individuals to thrive in security—and finding these people is the key to any modern organization’s success.
In this blog post, I will explore what it takes to be hired in cyber security, what I personally look for when hiring and what we believe teams of the future will look like.
What Candidates Need to Know
While there are specific concepts with which the candidate must be familiar depending on the security discipline or domain being pursued, I typically look for the following common characteristics:
- Basic understanding of today’s key industry regulations, compliance issues and major client concerns. These can be self-taught (insider threat, third-party risk, data security), but are of critical importance as they are problems that concern almost every client and tie together many different security domains.
- Knowledge of information technology standards and frameworks. This includes, but is not limited to, Information Technology Infrastructure Library (ITIL), National Institute of Standards and Technology (NIST), and International Organization for Standardization (ISO).
- Working knowledge or experience with IT concepts.
Skills We Look For When Hiring
When we recruit, we look first and foremost for those people who want to be a part of a team and part of something bigger than themselves. We look to separate the folks who are focused on finding a place of employment with a collaborative and supportive culture from the mercenaries in the market who are only focused on a compensation increase or job title improvement as they move from company to company. Collaboration and chemistry are key things within highly functioning teams that can’t be taught, so those factors become just as important as technical or industry skills.
Once we’ve done that, we focus on the following:
- Demonstrated ability to communicate. Candidates must be strong communicators who are comfortable talking to many different types and levels of people. This is not a static skill, but one that must continually adapt and develop to meet different situations.
- Problem solving mentality. Solving complex problems for our clients is at the heart of what we do every day, and that requires the ability to look at each problem differently, be able to adapt to various external factors in solving those challenges, and continually evolve and improve our techniques.
- A hunger to grow and learn. We’re looking for people who recognize that cyber security is a dynamic environment and who are eager to continue to learn and improve their knowledge in order to keep up with the pace of change as well as advance their careers.
- Self-starters. Often, because we are a geographically dispersed organization, and you don’t physically sit next to your boss or team lead every day, our people have to learn to work as “solo artists.” We put a great deal of trust into employees to set their schedules, manage their time and understand when to be proactive in asking for help or information.
What Does the Future Look Like?
The core capabilities we are looking for in candidates won’t change in the future, but how we staff teams certainly may. We’re already seeing some trends that will continue to gain steam in the coming years.
- The move away from reliance on cyber security “generalists” within very small teams to deep cyber security domain experts that are part of larger, better-funded security teams.
Cyber security domain experts will be given more latitude and responsibility to interact with various other teams in the business as part of providing subject matter expert guidance into the build and execution of a company’s security strategy.
Security domain experts will also continue to evolve their skills, so their depth is made valuable by their continued skills growth into other areas of cyber security that may use their current skills.
- The ability to understand at a deep level how many of the previously “siloed” security concepts and domains are now “horizontal.”
Certain security challenges or initiatives are more deeply addressed with skilled people from various areas of the business working together cohesively and effectively (e.g. data protection). Integration among all previously siloed security teams will become much more common as security continues to be better funded with better visibility in organizations, and cyber security professionals become more knowledgeable and experienced.
- Continued move to more virtual teams due to the improvement of collaboration technologies.
In an industry with increasing demand for skilled people but a talent supply shortage, it’s important that we go where the talent is located. This means using modern communication and collaboration tools, such as virtual interview applications, video conferencing and remote instant messaging to find the right people for the job, no matter where they are located.
- Globalization (not outsourcing) will become increasingly important.
Because of the collaboration technology improvements outlined above, and the global focus on cyber security, we have the ability to access talent that exists further away from home and make them key members of our teams. Those individuals will still possess all the key traits we seek in employees but could be physically located abroad.
If you’re ready to join our team of cyber security super heroes, you can check out Optiv’s current openings here. Also, you can learn about the passion, vision, and commitment of the team I lead, Optiv’s identity and access management practice, in this video.