Blog
How can you find and retain new cybersecurity talent?
In the latest (ISC)² Think Tank webinar “How to Hire and Develop Entry- and Junior-Level Cybersecurity Practitioners” three hiring managers tackled the question of how to fill the workforce gap by sharing their insights and firsthand experiences. Jon France , (ISC)² CISO, Becky Goza , Senior Manager of Information Security for Love’s Travel Stops and Saju Thomas Paul , Head of Threat Hunting Service for Atos were guided through an engaging conversation following the recent release of the (ISC)² Cybersecurity Hiring Managers Guide by moderator Brandon Dunlap.
Hiring from Within
In the first live poll, panelists were surprised to see attendees report that only 11% of the audience seeks cybersecurity recruits, or are actively “poaching,” from other departments within their organizations. Becky highly recommended the practice to carve a pathway to succession and promote growth, especially for those in entry level jobs. She said, “I spend a lot of my time poaching” and shared successes in transitioning newcomers to cybersecurity from IT services, technical support and business Analytics departments. Saju mentioned his personal success in cybersecurity is attributed to following this trajectory, beginning as a developer and moving into cybersecurity within the same company. Brandon shared his enthusiasm for the practice, “there’s something to be said for having (that sort of) tribal organizational knowledge.”
Internships
Both Saju’s hiring experience and Becky’s have seen great reward in transitioning interns into full-time employees. Some companies are engaging with cybersecurity interest groups as early as high school, and cybersecurity apprenticeships in the U.K. are available for those as young as 16. The practice of internships or apprenticeships shows newcomers the day-to-day activities and puts their studies into practice. In addition to seeing “what actually happens on the ground” a further value in coaching young professionals is in learning best practices as “unlearning is difficult,” said Saju.
Career Changers
This early-stage cybersecurity coaching is not necessarily only for students, as career changers can also find great success in these roles. “Junior doesn’t have to equal young,” Jon framed it. “Some of the best people that I’ve put into cyber roles come from project management and business analytics,” he said. Further expressing that these roles are commonly filled with creative thinkers. “The subject matter itself can be taught, but you need that propensity to be curious,” he said.
Development and Retention
Once you have a recruit in place, strategic training is key to their development. Funding, time allocation, the format of training, certification offerings and mentorship programs are all to be considered. These can and should be flexible offerings to match the unique experiences needed for employee growth. The panel unanimously agrees that personal, professional and technical development should all be considered and implemented to retain an employee. In addition to growth opportunities, employees should receive a succession plan outline, inclusive of rewards and compensations for meeting their goals. These development opportunities leading to retention “suppress the need of constantly having to recruit,” said Jon. “I’d much rather see people move through their career within an organization well-supported than have to bring in at the more junior end.” Another key element to remember is that “training doesn’t end,” rather it is a maturation curve – not binary, ineffective to effective. “If you spend more than three months looking for the ideal candidate, you are losing ground,” he said explaining that this time could be spent developing a more junior member to get them up to speed.
Cybersecurity hiring managers are truly looking for curiosity and the propensity and ability to learn. An interview should be a conversation where the manager’s mindset is “can we teach you; can you teach us?”
Are you looking for your first cybersecurity job? Learn Five Steps to Get a Cybersecurity Job, connect with others discussing “How to Start a Career in Cybersecurity ” and find your next role on the (ISC)² Community Job Board .