Blog
Hiring Inexperienced Cybersecurity Practitioners: What’s Not to Like?
Managers who hire entry- and junior-level cybersecurity practitioners may do so to free up senior staff for more advanced work. But what they often find is that new hires contribute more than expected. Those new to cybersecurity bring fresh perspectives and excitement. They are open to different ideas, are generally eager to learn and want to succeed. Consider the following comments from respondents to an (ISC)² study on cybersecurity hiring practices:
Entry- and junior-level staff “bring new ideas to the table. The fact that they have less experience means that they are also more flexible to new ideas. That is a very important factor to have in an ever-growing company and market,” survey participant.
Said another: “They can bring new ideas and break through the limitations of existing teams.”
And yet another: “They’re often well-versed on the newest innovations, even more so than some of our established senior contributors, while lacking skills to support their curiosity, and it creates excellent synergy.”
The survey polled 1,250 cybersecurity hiring managers at small, mid-size and large organizations in the United States, Canada, United Kingdom and India about their practices and preferences. One of the study’s most encouraging revelations is that onboarding entry- and junior-level cybersecurity practitioners delivers more benefits than simply freeing up senior staff and alleviating their stress.
Changing Perspectives?
This is very good news in a field where too many employers have persisted in pursuing candidates with the highest technical qualifications and relevant certifications. The problem with this approach is that all-star candidates are few and far between.
The cybersecurity profession currently has 2.7 million unfilled positions worldwide, so it’s unrealistic to expect to find candidates that tick off all the items on a comprehensive list of qualifications. Previous (ISC)² research such as the Cybersecurity Career Pursuers Study and the Cybersecurity Workforce Study have revealed that non-technical skills can be as valuable to security teams as technical qualifications.
Creativity, analytical thinking, problem solving and the ability to work in both teams and independently are some of the non-technical attributes that commonly rise to the top. In the hiring manager study, these were the top five non-technical attributes respondents said they value most:
- Problem solving
- Creativity
- Analytical thinking
- Desire to learn
- Critical thinking
Good Investment
Based on the experience of survey respondents, it’s clear that hiring less-experienced cybersecurity professionals is a good, defensible practice. What technical skills these hires do not have can be developed as they gain experience working with senior colleagues. From the employer’s perspective, hiring entry- and junior-level people makes good business sense – they are less expensive and eager to learn. So, they are a wise investment.
It also makes sense from a cybersecurity perspective because the new hires bring new ideas and approaches to problems that more established cybersecurity practitioners may not otherwise consider. As one respondent put it: “Sometimes a fresh look at these old situations helps us identify problems we overlooked before.”
Hiring for an entry-level position? Connect with others and post your job on the (ISC)² Community career discussion board .