In 2018, a mere dozen high-profile breaches led to more than 100 million records being exposed—and 95 percent of those breaches could have been prevented, according to the Internet Society. The stakes are high, and (ISC)² notes that IT recruitment continues to heat up as companies scramble to find cyber warriors to fill 2.9 million jobs. Here are some IT recruitment best practices to help you insulate your organization against future breaches amidst the race for top talent.
Hiring the right skills
Before chasing in-demand tech skills, identify your organization’s strengths and vulnerabilities to ensure that you’re recruiting prospects that will actually fit your needs. As CIO reports, “This could mean recruiting specialists to help you strengthen specific areas of your security strategy or taking a long-term approach and hiring talent that can help you mitigate the risks of the future and remain one step ahead of the curve.”
Cybersecurity engineers—and also systems engineers, systems administrators, and network administrators—maintain systems, identify vulnerabilities, track issues, and improve automation. Generally, those in these role plan, design, develop, validate, and verify cyber solutions. Additionally, they may assist with cyber risk assessment activities, including threat modeling and vulnerability analysis, or evaluate testing of hardware and software designs to validate compliance.
Candidates are industrious individuals with a bachelor’s degree in software engineering, computer science, or a similar field, along with significant experience in IT security.
IT Security Specialist
IT security specialist is a broad term describing a variety of entry- to intermediate-level roles. Organizations generally employ a staff of IT security specialists to handle designing, testing, implementing, and monitoring various security measures. A specialist must stay current on attack methods for infiltrating computer systems, and they will often configure firewalls, perform penetration testing, and conduct post-incident analysis.
Candidates should have a bachelor’s degree in computer science or a related field and should possess excellent collaboration skills, as they will often need to work with other employees and partners to keep the organization’s tech in top shape.
Cybersecurity analysts blend a variety of skills to research, analyze, and proactively prevent external disruption of the infrastructure, unauthorized data exfiltration, and threat actors from compromising devices on a network. Analysts will work with individuals inside and outside the organization to collect information from threat-monitoring tools and identify, analyze, and report on potential or actual network intrusions.
Candidates will have a bachelor’s degree in IT or network security, along with practical experience and good collaboration skills.
Network Security Engineer
Network Security Engineers deploy, configure, and administer hardware and software to protect the network. Responsibilities include ownership of firewalls, routers, monitoring tools, and virtual private networks (VPNs). They may also perform network security risk assessments and design network infrastructure.
In addition to the qualifications for the previous positions, network security engineers should have excellent organizational skills and will typically need a CISSP® (Certified Information Systems Security Professional) qualification.
Computer Forensics Analyst
Forensics analysts, also known as computer forensics investigators, may work with law enforcement agencies or private firms, according to Infosec. These analysts examine computer assets to legally collect evidence, such as files, memory details, emails, and logs. They retrieve encrypted or erased data from digital devices and restore information to its original state and testify in court.
Those seeking to fill this role should have a degree in digital forensics, computer forensics, or computer security. Candidates should also possess meticulous attention to detail and strong communication skills.
Penetration and Vulnerability Tester
Penetration and vulnerability testers—sometimes called ethical hackers or white hat hackers—have license from their employers or clients to exploit and document weaknesses in systems, networks, and applications. They fulfill various assignments, from simple consultations to complex web application tests. White hat hackers use the same techniques as malicious black hat hackers to test security protocols—but of course, without causing real damage.
Ethical hackers normally hold a Certified Ethical Hacker qualification and are creative, non-linear thinkers who are adept at spotting intricate vulnerabilities.
Note that artificial Intelligence and Machine Learning are coming into play in this field, as a Gartner report has predicted that by 2020, 10 percent of all penetration tests will be performed via machine-learning-enabled smart devices. This number is sure to rise as time goes on, so you can future-proof your workforce by seeking out penetration testers with experience configuring these tools and interpreting their results.
Attracting top talent
Although their specialties all vary, the methods of attracting the above talent are universal. CSO Online sums the matter up well, providing the following five tips for hiring top security talent:
1. Broaden your scope
While the qualifications mentioned above are the most common, they are by no means absolutely rigid. Consider applicants from a wider range of technical backgrounds. Assuming that your interviewers are reasonably well-versed in the responsibilities of the role, highly specific tech know-how is hard for an applicant to fake.
2. Seek out real-world experience
Someone who knows their stuff will speak confidently on topics within their field and should be able to provide several specific examples of problems they’ve faced in the past and how they overcame them. They often coincide, but proven results will always trump a degree.
3. Compensate fairly
Remember that these jobs are all highly competitive, so if you lowball a candidate, don’t be surprised if they walk. Moreover, you need to keep an eye on how other companies are compensating security staff and make regular adjustments. Employees with these skill sets won’t stick around if they feel they can get a better deal elsewhere.
4. Be cautious and selective
Be sure your new hire is both talented and trustworthy. They’ll have access to some of your organization’s most sensitive information and infrastructure, so you’ll want to conduct thorough background checks and follow up with their professional references.
5. Provide opportunities to grow and learn
Employees who are supported in their professional development will be happier and more productive. Additionally, upskilling existing team members will be easier than finding and onboarding new ones.
Bonus: Develop your company culture
Although it’s much harder to quantify than a salary package, Forbes notes that company culture is absolutely critical when hiring the best. Companies with competitive benefits, fun and supportive environments and good work-life balance attract and retain skilled workers.
Step up security with onboard tech
Need to bolster cybersecurity when skills aren’t available? Gartner suggests redistributing routine functions to other IT or business functions, enforcing them through centralized interfaces, and ensuring that security practices are deeply integrated into the organization and among employees.
Other ways to beat the shortage of in-demand tech skills include investing in endpoints devices with built-in anti-intrusion technology or partnering with managed service providers for mission-critical business operations.
There’s no way around the fact that a strong security posture requires a multi-faceted approach: good IT recruitment practices, strong company culture, rigorous security practices, and hack-proof IT equipment. Having top talent to man these critical functions will set up any organization for cybersecurity success.