Working in security is tough. Essentially, you have the weight of an organisation’s privacy and safety on your shoulders. One mistake, one oversight, and you, or the team you’re responsible for, could be responsible for a breach.
On any given day, security professionals are faced with many problems that need to be resolved to keep a business moving – to keep the wheels turning.
It’s an industry that can be misunderstood. Outsiders and even IT colleagues may not fully grasp the job description, or the level of responsibility involved. The reality is, people forget about the importance of security until something goes wrong.
Like many professions, you really have to love your work and be passionate about security to survive in the industry. Security is a state of being. You can’t view it as “just a job”.
If you don’t love your job, the issue is the more things that don’t work, the more panic you feel and the more you lose control over the situation. And when you’re dealing with sensitive, personal and confidential information, panic is not a quality people are looking for when hiring.
Cybersecurity professionals have become essential to IT operations within many organisations – and the skill sets required are becoming more diverse by the day. They are increasingly reporting to board directors and executives outside the IT team, as cybersecurity evolves into a risk management category.
Hiring a cybersecurity professional is also tough. On average, it takes 20 to 30 percent longer to hire a cybersecurity professional than to fill a role in other IT sectors. When considering that cyberattacks are known to evolve within the day, it is undoubtedly challenging for HR professionals to completely understand the ins and outs of the complex world of cybersecurity. The good news is – you don’t have to. It is important that you look past a candidate’s resume. Search for someone that knows more than just programs and platforms. You need someone that is resourceful and has lateral skills such as problem-solving, creativity and communication.
With a cyber skills shortage of up to 2,300 workers per year, Australian businesses have already lost up to $405 million in revenue. By 2026, the shortfall in personnel is expected to reach 17,600, as Australia’s share of the cybersecurity market increases from $2.2 billion to $6 billion a year.
These days, colleges and universities can pump out a degree like nobody’s business. In fact, cyber graduates are set to quadruple to about 2,000 per year in 2026, which will no doubt contribute to reducing the skills shortage. The issue? Most of the candidates you see will have degrees in security but will not necessarily have the skills to be a successful security professional. Do they have the passion or the desire to continuously learn about new threats and adopt new products and systems?
While the threat landscape is constantly evolving, the fundamentals of security won’t change. There are many people researching how to manage risk, but securing endpoints, platforms and networks will likely continue with the same principles.
You can teach people security, that’s simple – but you can’t teach people to be interested, curious and hungry to solve problems.
A security professional should be a “jack of all trades” looking to constantly develop their skillset. In an interview, you should be looking for all of the criteria that makes a good hacker: resourcefulness, creativity, knowledge, curiosity, alacrity, and empathy.
The rapid evolution of cybercrime means that cybersecurity can no longer be isolated to IT departments – cybersecurity has to be ingrained across all functions of an organisation or business. This can include communications, risk and legal teams, and also HR. Therefore, it makes sense for your cybersecurity team to be comprised of a diverse group of individuals.
There is a big misconception that to work in “cyber” you have to be smart or a “nerd”. In cybersecurity, it’s great to be knowledgeable, but you must also have the desire and ability to think laterally to solve problems. All too often, when faced with challenges, people shut down and give up. Which is why you need employees with curiosity, alacrity and most importantly, passion.
In a backwards way, it is common to find that candidates with less experience working in security are faster at picking up new concepts. There are no habits for them to unlearn. With the rising movement of coding bootcamps and workshops dedicated to arming the future generation with the missing cyber skills Australia desperately needs, you will not need to look far for individuals who already possess the foundational skills required to exceed in this role.
The fast-paced cyber industry is a perfect incubator for growth and change. That’s why it is important to not dismiss a candidate for their lack of experience in IT or cybersecurity. Key skills you should look for include a desire to solve problems and the ability to translate cyber issues in layman’s terms. They have to be able to talk to people like actual people – not as if they’re just the weakest link.
We all know technology changes quickly, so they’ll have to learn new products and processes anyway. Unless you’re looking for an expert in a particular security tool or field, try to recruit from outside the cybersecurity industry. Look for people with transferrable skills and the right attitude. For example, the adaptable leadership qualities of a former police officer, the eye for detail of a forensic accountant, the communication and problem-solving abilities of ex-military personnel or even the accuracy and diligence of a paramedic.
Don’t be bamboozled by cyberspeak. Hire someone who enjoys a challenge and is willing to learn.
Add a Comment