How can your organization find and develop the next generation of cybersecurity?

[ This article was originally published here ]

Find and develop the next generationLast week (ISC)² released the (ISC)² Cybersecurity Hiring Managers Guide: Best Practices for Hiring and Developing Junior Talent built on the latest research to help organizations grow their teams and retain top talent. The report highlighted the top technical skills, non-technical skills and personality attributes hiring managers seek and how organizations can benefit from unique recruiting and professional development strategies.

In a recent volunteer survey, we asked members with hiring experience what trends they are seeing in the industry. Many mentioned technological shifts expedited by the pandemic including remote work, virtual interviews and hybrid work environments. They also noted a shift in requirement of degrees and certifications for entry-level staff and more emphasis on diversity of backgrounds and experiences. Filip Chyla, CCSP said we are seeing a “slow shift from hiring the "unicorn" to someone that can grow into the role.”

“Previously, [the] hiring decision was made majorly on the candidates technical competencies (about 80% technical and 20% attitude and others) where the hiring was done for focused positions, over the last few years we are giving priority to candidates attitude and mindset more than technical capabilities (60% attitude and 40% technical) since the technology landscape is changing rapidly and we need people with right attitude and hunger for learning and trying new things,” said Kesav Viswanath, CISSP, CCSP.

“Strive for Diversity and Inclusion. The more we, our teams, resemble the world around us, the more we can accomplish as we bring different perspectives to the table,” said Jon Rohrich, CISSP, CCSP.

When asked for advice or suggestions for cybersecurity hiring practices today the general consensus was to make hiring easier for both organizations and entry-level candidates by reducing experience requirements and getting to know a candidate’s potential by understanding where are they in their cybersecurity journey and supporting them through training and other development practices. “Do not rely upon what you read in a resume – use it as a barometer of knowledge and skill. Then explore a candidate’s propensity to learn,” said Richard Tychansky, CISSP, CAP, CSSLP.

“We have had great hires who were not technically super sound but had the right mindset and overtime they built strong technical capability. With the growth of cyber security industry there is shortage of skilled resources, rather than hiring only technically sound candidates its worthwhile to consider people who can learn and adapt, as we say – hire for the attitude, build the skill.” – Kesav Viswanath, CISSP, CCSP

“A diversified team is key to successful work culture. Get candidates with various backgrounds – Ex-Military/Navy, Senior IT practitioners.” said Saju Thomas Paul, CISSP. Hear more from Saju and other panelists Jon France, CISSP – our own CISO – and Becky Goza, CISSP, Senior Manager of Information Security at Love’s Travel Stops in our upcoming free ThinkTank webinar later this week. Bring your questions surrounding hiring the next generation of cybersecurity professionals as we continue this conversation on June 23 at 11:00 a.m. ET: How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners.


No posts to display