What Experience Produces the Best Information Security and Cybersecurity Talent?
As the COVID-19 pandemic marches across the globe, businesses are adapting to a new “business as usual” mode to minimize the health risks associated with employees and customers being in close physical contact. This adaptation has shifted millions into remote working structures or online interactions between customers and businesses. With this change in behavior comes additional Information Security risks to the confidentiality, integrity, and availability of key information systems.
The pre-pandemic estimates indicated the workforce shortage was likely to result in 3.5 million unfilled cybersecurity jobs globally by 2021, a challenge that will affect all company and industry types. Employers are implementing a variety of strategies designed to attract five-star talent and lessen the impact of the Information Security, Cybersecurity and Risk workforce shortage like – increasing salaries, improving employee benefits, flexible scheduling and work-life balance, and marketing their company to potential candidates to improve their competitive advantage.
However, a no cost, high-impact strategy that can produce quick results is one we have implemented successfully with employers on recent search engagements. It is a collaborative approach where we partner with the enterprise in need of InfoSec recruiting to think about job requirements in a new way. We ask questions to help determine what factors are truly relevant to the success of a particular security specialist? Is a degree in Computer Science or Information Technology actually required, or are there other means of identifying security talent – skills or experience that are more relevant to long-term success in the specific role?
A degree may not be the best indicator of security talent, skill or knowledge, this is due in large part to the speed at which the security environment is changing and evolving today. In security, new threats, tactics, and vulnerabilities arise every day. The information covered in a four-year institution may not be agile in response to changes in the threat landscape, making the degree less applicable to a cybersecurity or Information Security job.
Instead of automatically including a specialized degree requirement in the job posting, consider the different skills and experience that produces the best cybersecurity/InfoSec talent.
- Ability to Perform Under Pressure
A cybersecurity professional is expected to work in high-pressure situations, thinking clearly and with attention to detail even if they are under an enormous amount of stress. Relevant experience includes candidates with a military background, those with medical or emergency dispatcher training, even an event coordinator – someone whose job requires them to think on their feet, manage stress, and make split-second decisions.
- Committed to Professional Development
Because both the Information Security and Cybersecurity landscape are changing and evolving, security professionals must constantly learn new tactics to identify, resolve and prevent threats. Thus, a candidate that demonstrates an interest in continuous professional and personal development through their commitment to on-the-job or voluntary training and learning activities, professional memberships, or certification programs merits strong consideration. Relevant experience would include anyone who has been proactive in learning and achievement, even outside of a degree-based program or formal job training. This would include people who attend cybersecurity bootcamps, certification programs, and hackathon events.
- Respond and Resolve Problems
Sometimes, a Cybersecurity professional needs to sit in front of a monitor for hours, concentrating and focusing until an issue is solved. Experience, or interest in focused problem-solving may provide a distinct advantage when it comes to Cybersecurity and Information Security. Candidates from jobs in analytics, investigation, or research may have the problem-solving skills required. Some corporate recruiters we work with even look at gamers who spend their free time playing games that require in-depth problem-solving skills for entry level security roles.
Conclusion: Look to the Military
Military experience is aligned with cybersecurity requirements in numerous ways. The military requires that people learn new skills and concepts, and apply them to their job functions. Military veterans have training in advanced technologies, and are skilled in managing stress and performing under pressure, with great attention to detail and necessary soft-skills. A candidate with military experience may be better positioned for success in Cybersecurity or Information Security than a candidate with a great degree, but little experience.
As threats evolve, and become more prevalent and damaging, the need for cyber talent will only grow; and the gap between open positions and qualified candidates will continue to widen. Critically thinking about what constitutes a ‘qualified’ candidate and identifying the needs of your organization will help you shape the role you need. Your job description may include a degree or certification requirement – but is that really what your organization needs? There are several skills and experiences that can drive success in cybersecurity that are non-degree related. Rethinking your definitions may be the key to identifying the cybersecurity talent that your organization needs.
If you are interested in learning more, or would like some expert advice on reevaluating security positions at your organization to determine what job requirements will most likely contribute to success, contact Pinnacle Placements today.