Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

3/10/2020
07:45 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Articles
50%
50%

Keys to Hiring Cybersecurity Pros When Certification Can't Help

There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
Previous
1 of 9
Next

There's a general acknowledgement that there aren't enough trained cybersecurity professionals to go around. Conversations at cybersecurity conferences are often centered on where to find top pros, how much to pay them, and what string of letters behind their names means the most.

Even the organizations that provide cybersecurity certification admit that there aren't enough certified pros to meet the need — and that there never will be enough. So what's a manager charged with finding cybersecurity talent to do?

Many executives and hiring managers say the key to finding solid talent is flexibility in the search. "The process is very much like drafting professional athletes," says Mike Jordan, vice president of research with Shared Assessments. When you can't find a position player that you need, you look for individuals who have the skill sets relevant to the position. Find ones that are smart and hardworking and they should be able to fill the position nicely."

Heather Paunet, vice president of product management at Untangle, says that it's important to get it right. "Searching for candidates to fill cybersecurity positions beyond certifications and years of experience can seem counterintuitive, but there are many other interests and logical business skills that are just as important to consider," she explains.

We asked executives what they would look for in filling cybersecurity positions. What they provided was less a checklist of specific skills than an indication of the broad skills, experiences, and personality traits that make someone a great candidate for the cybersecurity team. What they didn't provide was a simple way to look for those on a resumé — but no one said that solving the hiring problem was going to be easy.

Of course, not everyone agrees that there is, in fact, a shortage of cybersecurity professionals.

"The premise that we are short of cybersec pros is BS spread by businesses with a vested interest in importing HB-1 workers," says Colin Bastable, CEO of Lucy Security. "There is no shortage of cybersec pros — just a shortage of good ones, and that is a good thing. The market decides. Certification is a scam — it just gets us a load of talentless credentialed people who make the world less secure. You want to hire someone who understands how the enemy thinks but without the moral baggage of being a cybercrook. Most employers with a four-year degree will hire someone with a four-year degree, but zero talent." All you have to do is find that elusive thinker.

What do you think — is it possible to hire a great cybersecurity professional in the absence of security certification? If it is, what do you look for in a great candidate? We'd like to know your thoughts; please talk to us in the Comments section, below.

Read on to see what other security hiring managers had to say.

(Image: chokniti VIA Adobe Stock)

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
zentrusted
100%
0%
zentrusted,
User Rank: Apprentice
3/25/2020 | 11:32:37 AM
YES!
Just as easy to recruit a knowledgeable teammate and add the certification to his/her professional development goals.

Some folks find the CEH or CISSP to be downright terrifying and maybe have even tried and failed.

The cost for maintaining some of these certifications can be prohibitive, particularly for junior folks or those with other financial obligations.

Thirdly, I've worked with some of the best red teamers in the world and they tend to snub their nose at the whole idea of certification, and won't pursue it simply on principle.

Every situation with every human is different. Make it a topic of conversation with an otherwise qualified candidate and actually listen to their answer.

Tuition assistance, training towardds the cert, allowance for CPE activities - all ways to help them get there if they're willing to put in the work.
Name That Toon: The Lights Are On ...
Flash Poll