Hiring security pros: Do’s and Don’ts

Cybersecurity is one of the biggest priorities of businesses of all sizes and industries this year, given the sheer volume of data breaches that have occurred since the Target fiasco in late 2013. As a hiring manager, you’ve probably noticed the increased focus on data security in the form of onboarding IT security professionals.

However, that doesn’t mean that you’ve actually been able to add those individuals to your tech team. Rashesh Jethi, director at Cisco, told Network World that hiring a security pro is 1,000 to 1,200 percent more difficult than bringing on a new hire in a typical IT role. So, you probably need some help with that task.

Here are some do’s and don’ts that you can follow to make hiring cybersecurity pros easier.

Do try to “sell” your company.
With such a high demand for white hats – those who adhere to the light side of hacking – you have to effectively convince these tech pros to work for your organization. According to CIO, Robert Allen, chief security officer at CNA, explained that to get these individuals on your team, you need to “sell” them on your IT department, your corporate culture and your professional development opportunities.

“Focus and play to your strengths,” Allen recommended. “What’s your elevator pitch to candidates? Do you have a compelling story, both for security and for your company?”

White hat hackers are in high demand.
Hacking is in high demand

White hat hackers are in high demand.

Don’t pay them less than $28,744.
Not all cybersecurity pros will see the benefit of becoming a good guy in the hacking community. But you can win them over. Just don’t suggest a low salary. Specifically, pay them over $30,000 – which should be easy – and you’ll be good. Why? A recent report from the Ponemon Institute indicated that the average black hat hacker earns $28,744 per year committing cybercrimes.

Do look for certifications.
Allen asserted that certifications in cybersecurity can help you identify the skills that IT security candidates possess. Therefore, you should pay attention to those sections of resumes, as well as when the certification was earned.

Don’t discount potential new hires that lack degrees.
For years, you’ve expected to find a bachelor’s degree on a resume. Nowadays, however, that might not matter. Trevor Halstead, product specialist in talent services at Cybrary, told CIO that today’s tech pros can be great at what they do without having learned their skills at an institute of higher education. If the individual fits, hire him.

Do keep an eye on the future.
Cybersecurity has evolved a lot in the past few years, and as cybercrime gets more sophisticated over time, your company must maintain a similar pace with respect to innovation. When hiring IT security pros, remember that today’s talent could be tomorrow’s most desired skills. In that regard, look out for individuals that have a passion about cybersecurity and an interest in learning new techniques.

Don’t take it slow when you find an ideal candidate.
The security hiring landscape is extremely competitive. As such, great talent will get grabbed almost instantaneously. You need to move quickly. As soon as you find an ideal candidate, hire him. If you don’t he could get an offer somewhere else, and you’ll be back to the grind of finding another cybersecurity pro.

“It might be smart to hire former hacker.”

Do seek out former hackers.
The modern media portrays hackers as shady individuals, but usually, these people are just like you – except far more tech savvy. Therefore, it might be smart to hire a former hacker. TechCrunch reported that Apple did just that, and other firms do the same. The source explained that hackers are particularly useful at finding and fixing vulnerabilities, making them just as valuable members of software development teams as they could be in security departments.

Don’t only rely on a security team.
You can have the best security team in the world, but without the technology to secure your systems, these new hires will be for naught. In interviews, make sure to probe potential employees for what tools they have used in the past. That can ensure a proper fit, as well as guarantee that they can get started without too much training.

At the end of the day, hiring security pros shouldn’t be an all too different process than interviewing and offering a job to others in the tech industry. With the Do’s and Don’ts highlighted above, you’ll be ready for 2016.

Hiring security pros: Do’s and Don’ts
Scroll to top