Cybersecurity quickly rose to the top of IT priority lists after business leaders witnessed data breach after data breach occur in almost a scheduled fashion over the past two years. Regardless of the industry an organization competes in, there are hacktivist groups and cybercriminal syndicates willing to invest their time and effort into extracting corporate data, private information and intellectual property and selling those materials over the Dark Net.
As a result of the growing prevalence of malicious actors on the Internet, businesses must deploy new tools and leverage their skilled IT professionals to combat some of the most sophisticated cyberthreats ever seen. However, before 2014, no one took cybersecurity too seriously, and most organizations simply don’t have the tech teams and affiliated talents to tackle cybercrime. Now, the demand for cybersecurity professionals has skyrocketed.
“Cybersecurity pros are the No. 1 most difficult IT employees to hire.”
According to a survey conducted by TEKSystems, at the start of 2015, most IT departments cited difficulties hiring developers, programmers, software engineers, technical support and many other IT employees. Now, halfway through 2015, cybersecurity professionals are the No. 1 most difficult IT employees to hire, the source found. If that’s the case, hiring managers could use some tips for hiring the best cybersecurity employees on the job market.
Here are four ways to find cybersecurity professionals.
1. Get everyone to buy in
Cybersecurity might be a top priority this year, but not every board member, executive or manager will necessarily agree that investing in staff is the solution to cybercrime. Therefore, it’s hiring managers and IT leaders job to get everyone to buy into new cybersecurity strategies, but the conversation will vary depending on who must be convinced.
To get the finance department on board with cybersecurity hiring, CIO contributor Steven Davis recommended highlighting the Ashley Madison data breach as a reason to invest in new security pros. Why? Davis explained that the incident severely hurt the company’s valuation, and this effectively scared away investors. Not to mention that no one will trust Ashley Madison with data again, and that will be reflected in the bottom line.
If CEOs are the ones that need convincing, hiring managers and IT leaders can point to one of many devastating effects of a breach: Executive often get fired or resign. After all, there is always someone that the media will blame for a security incident.
2. Cybersecurity professionals are made, not born
The demand for cybersecurity professionals makes sense on paper: There are only so many people in the world with a degree in this field. Therefore, there just are not enough cybersecurity employees to go around, right? Maybe not.
Writing for Computerworld, Ira Winkler, president of Secure Mentem, said that cybersecurity professionals develop those skills over the course of their IT careers. Winkler himself worked for the National Security Agency and learned about computers and IT in general, and once he moved to the private sector – without any prior training – Winkler performed penetration testing. The point, Winkler asserted, is that organizations can “create” cybersecurity professionals, as long as the new hire has experience in computer-related fields. Therefore, hiring managers and IT leaders should look for eager applicants, and then develop training programs to make the best cybersecurity teams..
3. Be proactive in the search
While a degree in cybersecurity shouldn’t make or break a job applicant for a tech team, it can’t hurt for hiring managers and IT leaders to connect themselves directly the cybersecurity professional pipeline. This means finding colleges and universities that offer above-average programs. FCW provided a list of six schools that produce excellent cybersecurity professionals, citing a few notable examples of programs where the federal government hires tech talent from, including the University of Maryland University College, Champlain College in Vermont, the University of San Diego.
“Hackathons and other White Hat-centric events are great places to look for talent.”
As a note, hackathons and other White Hat-centric conventions and events are great places to look for talent as well. Some companies could even benefit from hosting their own cybersecurity conference, meet-up or hack-off.
4. Cut fat from the interview process
Current interview processes for IT professionals are unnecessarily long, and simply put, these standards will not hold up as hiring managers start to vet the abilities and experience of cybersecurity-skills individuals. The fact of the matter is that finding a job with a background in IT security is really easy in 2015, and as a result, these professionals must be convinced to work for a new employer. If it takes 30 days to hire someone, it’s likely that they’ve already been offered other positions at different companies.
Instead of conducting phone interviews and checking for a cultural fit, hiring managers and IT leaders need to witness the skills of job applicants. Those first two aspects will be useless if the individual doesn’t have any talent cybersecurity. That said, as long as the prospective employee displays a working knowledge of tech, they can be groomed to perform better in a specific role.
Hiring a cybersecurity professional will be difficult, but with the four tips listed above, organizations can quickly find the best employees.