Discover Hidden Cybersecurity Talent

Not having access to technical talent is a common complaint in the cybersecurity world. People with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields they know. 
 
CISOs need to embrace Infinite Diversity in Infinite Combinations. This means embracing diversity not only of bodies but of talents and experiences.
 
First, focus on acquiring the key cyber-security skills beyond hacking and managing security tools.
Effective cyber defenders leverage their business and managerial skills, including:
 
• Identifying, quantifying, and explaining risk to the organisation’s key activities
• Understanding the value of information and its unique qualities such as timeliness, accuracy, relevance, and privacy
• Recasting business processes to reduce risk while retaining their value
• Communication skills, including expressing patience, perspective-taking, and negotiation
• A clear understanding of the principles of contract law, negligence, and customer obligations.
 
You will find that you can build upon these foundational skills with technical training to level-up new cyber-security professionals. In some cases, it can be more challenging to train traditional IT security “geeks” in these skills, so this might be an easier path for some positions.
 
You can fish for this talent in a much larger ocean beyond traditional IT resumes. Look at customer service, business development, sales, law, finance, insurance, competitive intelligence, and library science. The biggest boost you can get is by finding these people in house and nurturing their careers. The bonus is that by being part of the organisation already, they come to the table with a good grasp of the culture and value streams. 
 
Of course, not everyone in these areas is going to be a solid security pro but within the organisation, you can find seeds to grow.
 
Now that you have a pool to draw from, how do you make the first cut of likely strong security candidates? Above all else, there must be interest and determination to enter the field. More than few people are drawn into the world of cyber-security for the money or prestige only to be dismayed by the amount of work and frustration it entails.
 
If the person you’re looking to bring in is not already a cybersecurity professional, they’re in for a steep ramp-up of technical training. That’s a firehose of reading, classes, certifications, conferences, peer observation, online training, and hands-on work. 
 
Some people embrace the chance to learn new, exciting things while others balk at it. Lean towards recruiting individuals with a “constant learning” attitude. Find out if they are willing to push themselves, not merely to maintain skills but to sweat and struggle to learn new things.
 
A second key skill for cyber-security is risk analysis. 
Every adult human does risk analysis at some level or another. We do it whenever we decide to spend or save money, go to the doctor or wait out an illness, or simply cross a busy intersection. 
 
Obviously in cybersecurity, it’s more complicated and less clear. However, the people you’d want to hire should be deliberate, rational, and consistent in their method of risk analysis.
 
Given that you’re also recruiting talent with organisation and business backgrounds, look at how they can link risk to the needs of the organisation. Ask them what business processes take on unnecessary risks and how that might be reduced. Look at how they would prioritise risks, since we can never eliminate all our exposures but should always tackle the biggest ones.
 
These are just a few of many ideas to help develop your security team. With the variety of security specialisations required by various cyber-security roles in an organisation, remember that not everything lines up perfectly with a security certification or a hacking background. 
 
Even non-IT professionals can make valuable, diverse contributions to a cyber-defense program. Now go out and get them!
 
HelpNetSecuity:    Image: Nick Youngson
 
You Might Also Read: 
 
Cybersecurity Salaries 7% Up In 2018:
 
Making Data Scientists More Productive:
 
Very Few Women Are CISOs:
 
« What’s Happening With China’s Fintech?
Cybercrime Costs Over $600 Billion Annually »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

CSIR Information & Cybersecurity Research Centre

CSIR Information & Cybersecurity Research Centre

The CSIR Information & Cybersecurity Research Centre focuses on research, development, and innovation of home-grown cyber and information security.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

Backblaze

Backblaze

The Backblaze Storage Cloud provides a foundation for businesses, developers, IT professionals, and individuals to build applications, host content, manage media, back up and archive data, and more.