Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Keys to Hiring Cybersecurity Pros When Certification Can't Help

There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
2 of 9

Look for Related Skills

While he holds a cybersecurity certification, Tripwire's country manager for Canada, Irfahn Khimji, CISSP, doesn't think certs are a "must" for new members of the security team. "The biggest thing I look for are transferable skills. A good candidate is someone who can think outside of the box, is eager to learn, and has a drive to be successful," he says.

Some of the related skills executives look for can be quite specific. "One of the things we've found to be good indicators for candidacy in cybersecurity roles are proficiencies in scripting languages like PowerShell and Python," says Adam Laub, CMO at Stealthbits Technologies. "Proficient scripting also indicates a willingness to get one's hands dirty -- undoubtedly a desirable trait for a cybersecurity professional."

And the field of parallel skills isn't just the place to look as a fallback position. "We believe the first place to look is at roles with parallel skill sets. Help desk, desktop and server administrators, and application developers are all great recruiting pools," says Joe Moles, vice president of customer security operations for Red Canary. He provides a concrete example of this: "Individuals who are skilled at troubleshooting network problems are typically very good at investigating network anomalies, which translates to a great basis for a network security analyst," he says

(Image: weerachai VIA Adobe Stock)

2 of 9
Comment  | 
Print  | 
Oldest First  |  Newest First  |  Threaded View
User Rank: Apprentice
3/25/2020 | 11:32:37 AM
Just as easy to recruit a knowledgeable teammate and add the certification to his/her professional development goals.

Some folks find the CEH or CISSP to be downright terrifying and maybe have even tried and failed.

The cost for maintaining some of these certifications can be prohibitive, particularly for junior folks or those with other financial obligations.

Thirdly, I've worked with some of the best red teamers in the world and they tend to snub their nose at the whole idea of certification, and won't pursue it simply on principle.

Every situation with every human is different. Make it a topic of conversation with an otherwise qualified candidate and actually listen to their answer.

Tuition assistance, training towardds the cert, allowance for CPE activities - all ways to help them get there if they're willing to put in the work.
Name That Toon: The Lights Are On ...
Flash Poll