There just aren’t enough certified cybersecurity pros to go around — and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
There’s a general acknowledgement that there aren’t enough trained cybersecurity professionals to go around. Conversations at cybersecurity conferences are often centered on where to find top pros, how much to pay them, and what string of letters behind their name means the most.
Even the organizations that provide cybersecurity certification admit that there aren’t enough certified pros to meet the need — and that there never will be enough. So what’s a manager charged with finding cybersecurity talent to do?
Many executives and hiring managers say that the key to finding solid talent is flexibility in the search. As Brad Keller, CTRP, CTPRA, who is CSO and senior vice president at Shared Assessments says, “The process is very much like drafting professional athletes. When you can’t find a position player that you need, you look for individuals who have the skill sets relevant to the position. Find ones that are smart and hardworking and they should be able to fill the position nicely.”
Heather Paunet, vice president of product management at Untangle, says that it’s important to get it right. “Searching for candidates to fill cyber security positions beyond certifications and years of experience can seem counterintuitive, but there are many other interests and logical business skills that are just as important to consider,” she explains.
We asked executives what they would look for in filling cybersecurity positions. What they provided was less a checklist of specific skills than an indication of the broad skills, experiences, and personality traits that make someone a great candidate for the cybersecurity team. What they didn’t provide was a simple way to look for those on a resumé — but no one said that solving the hiring problem was going to be easy.
Of course, not everyone agrees that there is, in fact, a shortage of cybersecurity professionals. Contacted about this article, Colin Bastable, CEO of Lucy Security, said, “The premise that we are short of cybersec pros is BS spread by businesses with a vested interest in importing HB-1 workers. There is no shortage of cybersec pros — just a shortage of good ones, and that is a good thing. The market decides. Certification is a scam — it just gets us a load of talentless credentialed people who make the world less secure. You want to hire someone who understands how the enemy thinks, but without the moral baggage of being a cyber-crook. Most employers with a four-year degree will hire someone with a four-year degree, but zero talent.” All you have to do is find that elusive thinker.