Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Keys to Hiring Cybersecurity Pros When Certification Can't Help

There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
3 of 9

You Want Quick Learners

For Christoph Hebeisen, head of threat intelligence at Lookout, the lack of certification and formal training programs can actually be an asset. "Candidates that have entered and mastered a field without formal training directly preparing them for the exact job they did, or who have succeeded in applying related knowledge and fill in the gaps themselves, tend to have the discipline, persistence, and smarts required to succeed," he says.

The ability to learn quickly is a quality the cybersecurity field demands by its very nature, says Claire Ginnelly, human resources director at Information Security Forum. "I would look for a passionate 'learner' who has an eagerness to enhance their skills as the industry grows and cyber matures. I want an employee who is ready to relearn and re-educate and ask new questions," she explains.

For Lamar Bailey, senior director of security research at Tripwire, the issue comes down to how quickly a candidate can scan a new situation and make decisions. "Many of the best employees I have hired were not security professionals. They all came from detail-orientated jobs -- accounting, medical, and teaching -- and had the skills needed to communicate, learn quickly, and adapt. Certifications were not required, and I have found that candidates without them tend to perform better when learning in the real world and not from a certification test."

While trying to judge someone is a quick study can be challenging, executives say that it's definitely worth making the effort. "We are looking for learners and team members," says Bill Santos, president of Cerberus Sentinel. "With the pace of change in cybersecurity, the best candidates are committed to continuous learning and joining others in solving challenging problems. We have found this cultural mindset to be the single most significant factor in their success or failure."

(Image: Andrii VIA Adobe Stock)

3 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
zentrusted
100%
0%
zentrusted,
User Rank: Apprentice
3/25/2020 | 11:32:37 AM
YES!
Just as easy to recruit a knowledgeable teammate and add the certification to his/her professional development goals.

Some folks find the CEH or CISSP to be downright terrifying and maybe have even tried and failed.

The cost for maintaining some of these certifications can be prohibitive, particularly for junior folks or those with other financial obligations.

Thirdly, I've worked with some of the best red teamers in the world and they tend to snub their nose at the whole idea of certification, and won't pursue it simply on principle.

Every situation with every human is different. Make it a topic of conversation with an otherwise qualified candidate and actually listen to their answer.

Tuition assistance, training towardds the cert, allowance for CPE activities - all ways to help them get there if they're willing to put in the work.
Name That Toon: The Lights Are On ...
Flash Poll