Discover Hidden Cybersecurity Talent

Not having access to technical talent is a common complaint in the cybersecurity world. People with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields they know. 
 
CISOs need to embrace Infinite Diversity in Infinite Combinations. This means embracing diversity not only of bodies but of talents and experiences.
 
First, focus on acquiring the key cyber-security skills beyond hacking and managing security tools.
Effective cyber defenders leverage their business and managerial skills, including:
 
• Identifying, quantifying, and explaining risk to the organisation’s key activities
• Understanding the value of information and its unique qualities such as timeliness, accuracy, relevance, and privacy
• Recasting business processes to reduce risk while retaining their value
• Communication skills, including expressing patience, perspective-taking, and negotiation
• A clear understanding of the principles of contract law, negligence, and customer obligations.
 
You will find that you can build upon these foundational skills with technical training to level-up new cyber-security professionals. In some cases, it can be more challenging to train traditional IT security “geeks” in these skills, so this might be an easier path for some positions.
 
You can fish for this talent in a much larger ocean beyond traditional IT resumes. Look at customer service, business development, sales, law, finance, insurance, competitive intelligence, and library science. The biggest boost you can get is by finding these people in house and nurturing their careers. The bonus is that by being part of the organisation already, they come to the table with a good grasp of the culture and value streams. 
 
Of course, not everyone in these areas is going to be a solid security pro but within the organisation, you can find seeds to grow.
 
Now that you have a pool to draw from, how do you make the first cut of likely strong security candidates? Above all else, there must be interest and determination to enter the field. More than few people are drawn into the world of cyber-security for the money or prestige only to be dismayed by the amount of work and frustration it entails.
 
If the person you’re looking to bring in is not already a cybersecurity professional, they’re in for a steep ramp-up of technical training. That’s a firehose of reading, classes, certifications, conferences, peer observation, online training, and hands-on work. 
 
Some people embrace the chance to learn new, exciting things while others balk at it. Lean towards recruiting individuals with a “constant learning” attitude. Find out if they are willing to push themselves, not merely to maintain skills but to sweat and struggle to learn new things.
 
A second key skill for cyber-security is risk analysis. 
Every adult human does risk analysis at some level or another. We do it whenever we decide to spend or save money, go to the doctor or wait out an illness, or simply cross a busy intersection. 
 
Obviously in cybersecurity, it’s more complicated and less clear. However, the people you’d want to hire should be deliberate, rational, and consistent in their method of risk analysis.
 
Given that you’re also recruiting talent with organisation and business backgrounds, look at how they can link risk to the needs of the organisation. Ask them what business processes take on unnecessary risks and how that might be reduced. Look at how they would prioritise risks, since we can never eliminate all our exposures but should always tackle the biggest ones.
 
These are just a few of many ideas to help develop your security team. With the variety of security specialisations required by various cyber-security roles in an organisation, remember that not everything lines up perfectly with a security certification or a hacking background. 
 
Even non-IT professionals can make valuable, diverse contributions to a cyber-defense program. Now go out and get them!
 
HelpNetSecuity:    Image: Nick Youngson
 
You Might Also Read: 
 
Cybersecurity Salaries 7% Up In 2018:
 
Making Data Scientists More Productive:
 
Very Few Women Are CISOs:
 
« What’s Happening With China’s Fintech?
Cybercrime Costs Over $600 Billion Annually »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

CYBERPOL

CYBERPOL

CYBERPOL is the leading Public Utility Agency for investigating cyber crimes and cyber attacks by criminals, international adversaries.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Encore Media Group

Encore Media Group

Encore Media Group provide an international enterprise technology event series exploring IoT, Blockchain AI, Big Data, 5G, Cyber Security and Cloud.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

6clicks

6clicks

6clicks is an easy way to implement your risk and compliance program or achieve compliance with ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, FedRAMP and many other standards.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Credo AI

Credo AI

Credo have pioneered a Responsible AI platform that enables context driven, comprehensive and continuous governance, oversight and accountability of AI.