Discover Hidden Cybersecurity Talent

Not having access to technical talent is a common complaint in the cybersecurity world. People with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields they know. 
 
CISOs need to embrace Infinite Diversity in Infinite Combinations. This means embracing diversity not only of bodies but of talents and experiences.
 
First, focus on acquiring the key cyber-security skills beyond hacking and managing security tools.
Effective cyber defenders leverage their business and managerial skills, including:
 
• Identifying, quantifying, and explaining risk to the organisation’s key activities
• Understanding the value of information and its unique qualities such as timeliness, accuracy, relevance, and privacy
• Recasting business processes to reduce risk while retaining their value
• Communication skills, including expressing patience, perspective-taking, and negotiation
• A clear understanding of the principles of contract law, negligence, and customer obligations.
 
You will find that you can build upon these foundational skills with technical training to level-up new cyber-security professionals. In some cases, it can be more challenging to train traditional IT security “geeks” in these skills, so this might be an easier path for some positions.
 
You can fish for this talent in a much larger ocean beyond traditional IT resumes. Look at customer service, business development, sales, law, finance, insurance, competitive intelligence, and library science. The biggest boost you can get is by finding these people in house and nurturing their careers. The bonus is that by being part of the organisation already, they come to the table with a good grasp of the culture and value streams. 
 
Of course, not everyone in these areas is going to be a solid security pro but within the organisation, you can find seeds to grow.
 
Now that you have a pool to draw from, how do you make the first cut of likely strong security candidates? Above all else, there must be interest and determination to enter the field. More than few people are drawn into the world of cyber-security for the money or prestige only to be dismayed by the amount of work and frustration it entails.
 
If the person you’re looking to bring in is not already a cybersecurity professional, they’re in for a steep ramp-up of technical training. That’s a firehose of reading, classes, certifications, conferences, peer observation, online training, and hands-on work. 
 
Some people embrace the chance to learn new, exciting things while others balk at it. Lean towards recruiting individuals with a “constant learning” attitude. Find out if they are willing to push themselves, not merely to maintain skills but to sweat and struggle to learn new things.
 
A second key skill for cyber-security is risk analysis. 
Every adult human does risk analysis at some level or another. We do it whenever we decide to spend or save money, go to the doctor or wait out an illness, or simply cross a busy intersection. 
 
Obviously in cybersecurity, it’s more complicated and less clear. However, the people you’d want to hire should be deliberate, rational, and consistent in their method of risk analysis.
 
Given that you’re also recruiting talent with organisation and business backgrounds, look at how they can link risk to the needs of the organisation. Ask them what business processes take on unnecessary risks and how that might be reduced. Look at how they would prioritise risks, since we can never eliminate all our exposures but should always tackle the biggest ones.
 
These are just a few of many ideas to help develop your security team. With the variety of security specialisations required by various cyber-security roles in an organisation, remember that not everything lines up perfectly with a security certification or a hacking background. 
 
Even non-IT professionals can make valuable, diverse contributions to a cyber-defense program. Now go out and get them!
 
HelpNetSecuity:    Image: Nick Youngson
 
You Might Also Read: 
 
Cybersecurity Salaries 7% Up In 2018:
 
Making Data Scientists More Productive:
 
Very Few Women Are CISOs:
 
« What’s Happening With China’s Fintech?
Cybercrime Costs Over $600 Billion Annually »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

CyberSec.sk (CSSk)

CyberSec.sk (CSSk)

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.

Adaptive Security

Adaptive Security

Adaptive is a next-generation cybersecurity platform. We're working with pioneering security teams to protect critical systems from AI-powered cyber attacks.