“We’re trying to bolster our cyber security, but we’re not sure exactly what we should be looking for. What kind of experience and qualifications should we expect or require?”
That depends on quite a few factors, but there are other factors you should be considering too. Here are some of the things you should ask yourself, and some of the things you should consider, when you’re hiring for your cyber security team.
Consider The Urgency
Even if you’ve not hired for cyber security roles before, you’ll probably be aware that it’s an especially tough hiring environment.
Most sectors are affected by the ‘Great Resignation’ and cyber security is probably feeling the effects more than any. An increase in cyber attacks, stress, and long working hours are driving cyber security professionals out of the sector. Hiring teams are facing an uphill struggle in securing the talent they need — workers are leaving cyber security in great numbers, and there’s intense competition between employers and the remaining talent pool. The UK’s Department for Culture, Media and Sport (DCMS) expects that industry-wide, cyber security will be short of around 14,000 workers every year.
That’s important to remember in any case, but if you’re in urgent need of cyber security hires, you might have to limit your requirements — it’s a daunting challenge to find any talent quickly, but if you put extra parameters on your search, you’ll seriously hamper your progress. That’s where a sector expert is invaluable — they can help you to understand which qualities are essential in your hires, and which you can cope without.
Consider The Seniority
Are you looking for leaders, managers, or team members? Each has specific qualities, beyond qualifications and experience.
If you need heads of department or C-suite talent, like a Chief Information Security Officer (CISO), you need a combination of qualities that’s quite rare — not only do they need to have cyber security expertise and a thorough grasp of the sector’s developments, they also need to be commercial leaders. That means they will hold a sense of authority among security-focused employees, easily communicate to non-experts the importance of cyber security, and be able to do both in a business context, where security cannot come at the expense of agility or dynamism.
When hiring ‘frontline’ cyber security workers, the qualities that most teams need, apart from essential cyber security knowledge, are communication and collaboration. They will allow the security experts to understand and respond to feedback from colleagues without cyber security backgrounds, and from each other.
If cyber security teams operate completely separately from the rest of the company, then it can have catastrophic consequences:
a) they won’t know if security architecture is hindering the business from a commercial point of view
b) they won’t hear or understand if security measures are frustrating colleagues, and that frustration could lead to apathy or even hostility towards cyber security, which means less engagement with security processes, and likely more breaches
Consider The Qualifications
There is a very long list of available cyber qualifications, and below are a few to consider.
First, it’s worth saying that you may not need any of them. If you’re hiring for entry-level roles, your talent pool won’t be heavily credentialled, and will expect training — courses are expensive for an individual and many new professionals learn on the job at the expense of their employer.
Even for more senior roles, an out-of-the-box approach to hiring could broaden the search and yield some excellent results. There will be talent out there whose qualities are perfect and whose skills are transferrable, and who, with a little training, would make superb cyber security leaders. Those might include managers, departmental heads, and C-level executives with a general IT background, or even without it — the skills of management and leadership take years to develop and hone, but initial cyber security qualifications are relatively quick to earn.
With that in mind, here are some qualifications you could ask for when advertising your vacancies.
A beginner qualification that a newer professional might attain, or that an experienced job seeker might take when making a career move into cyber security.
An internationally recognised qualification in the core skills of cyber security.
CEH — Certified Ethical Hacker
Ethical (or white hat) hackers expose weaknesses in cyber security by ‘attacking’ it just as a malicious (or black hat) hacker would. CEH is a widely recognised international qualification in ethical hacking.
CISSP— Certified Information Systems Security Professional
A high-level qualification for experienced and senior professionals like a CIO, a CISO, or a Security Manager. Demand for those who hold a CISSP qualification is enormous.
Consider your offering
While the question of what you should be looking for is a vital one, have you asked yourself what cyber security talent is looking for in their next role?
When security professionals have their pick of employers to work for, knowing what qualities and qualifications you require is not enough — you might find the talent, but you won’t necessarily attract or retain it. Think about what professionals are looking for in their next move, and you’ll be far better placed to secure the talent you need.
RPI has a wide talent pool of cyber security experts, and we speak to them every day — we hear exactly what motivates and inspires them, what attracts them to roles, and what keeps them with their current employers.
Our deep sector knowledge means we’re perfectly positioned to advise organisations on what they should be looking for in their cyber security hires, and to place those skills into your business.
To find the talent you need, and to make your business the most attractive place for them to work, email email@example.com.