As businesses increasingly rely on digital technologies — and those technologies continue to evolve rapidly — the importance of robust cybersecurity measures has never been greater. Cyber threats are evolving, and so must our approaches to defending against them. This includes incorporating a more proactive approach to cyber resilience, rather than focusing on “before” and “after” responses.
More importantly, this also extends to hiring practices. As IT recruiters, the Velocity team is often asked about the key competencies that make a cybersecurity professional stand out. The most effective hiring strategy tends to be one that balances technical knowledge with the agility necessary to mount an effective response to any cybersecurity events.
Hiring for Cyber Resilience
In a recent survey of CEOs who have recently had to deal with cyberattacks, leaders identified their top regrets after the fact:
- Focusing too narrowly on prevention: CEOs reported regret that their cybersecurity approach was too much about prevention and not enough about having the resilience in place to deal with an attack when, not if, it happened.
- Feeling accountable, but not engaged: 72% of surveyed CEOs reported not feeling “comfortable” making cybersecurity-related decisions. More direct responsibility and proactivity is necessary.
- Blind trust, rather than informed trust, in cybersecurity teams: Although CEOs must trust their teams, they also tend to be minimally experienced in IT and cybersecurity. Without adequate curiosity and ongoing learning, they might not ask the right questions to ensure all bases are covered.
- Feeling too prepared for a cyberattack: The majority of CEOs who have not experienced an attack are confident their companies are prepared. Those who have, however, believe true, “complete” preparedness is an illusion, and companies must be constantly adapting and testing.
- Reacting, rather than reassuring: Many surveyed CEOs report that they regret not engaging stakeholders proactively, rather than simply passing information along without evaluating it first.
The common denominator among these “lessons learned” is the need for a sense of cyber resilience, or the ability to balance prevention techniques with the flexibility needed to address fast-evolving attacks. In advance of a crisis, rather than in reaction to one, companies must seek out expert advice, re-evaluate processes, and build an infrastructure and response plan to manage priorities in case of an attack.
All of these things are most effective when you have the right people in place ahead of time. Which skills should you look for to ensure your IT team can prioritize resilience and flexibility? While every role will be different, there are a few general areas that should form the spine of your hiring checklist.
Technical Proficiency
Cybersecurity is a highly technical field, requiring knowledge and skills across various platforms and systems. As a result, hiring IT and cybersecurity pros requires careful consideration of the specific proficiencies necessary to handle your organization’s current – and future – needs.
Key technical skills to consider might include:
- Multi-Platform Security: Ensure the candidate is skilled in securing Windows, Linux, MacOS, and mobile platforms.
- Network Security: Look for experience with network architectures, monitoring tools, and secure protocol implementations.
- Application Security: Consider candidates’ ability to safeguard applications, including secure coding practices and vulnerability testing.
- Encryption: Look for knowledge of encryption techniques, which are essential for protecting data integrity and confidentiality.
- Intrusion Detection: Candidates should have 0roficiency in setting up and monitoring Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
- Firewall and Endpoint Security: Experience with firewall configurations and managing endpoint security is a must.
Soft Skills
In the cybersecurity and IT world, it’s easy to get caught up in focusing solely on the technical skills. These capabilities are, of course, critical, but effective communication and problem-solving abilities are equally important. Candidates for security-focused tech roles must be able to collaborate with teammates, convey issues, and work together to solve problems and communicate those solutions.
These “soft skills” will often intersect with the “hard” technical skills that companies seek. For instance, candidates should be adept at analyzing complex data and identifying security threats from patterns in security logs, but they also should have the more nebulous “problem solving” skills to actually resolve those issues effectively. Top candidates also will bring exceptional attention to detail and a meticulous approach to monitoring and detecting deviations in data security.
Finally, look for candidates with strong communication skills. Having exceptional technical abilities is important, but the people who are most successful are the ones who can translate that technical know-how and communicate its importance and its needs. Look for talent with strong abilities to articulate security threats and responses – including to non-technical stakeholders.
Knowledge Areas & Certifications
The tech world is moving at an incredibly rapid rate. Staying updated with the latest developments and understanding compliance are key for any IT and cybersecurity professionals. Candidates should be well-informed about the current threat landscape, emerging cybersecurity threats and trends. They also should have a strong knowledge of laws and regulations like GDPR, HIPAA, or PCI DSS, depending on your sector. Familiarity with ethical hacking can also be a strong advantage, indicating a proactive approach to security.
Candidates should also be able to demonstrate skill in incident response, not just incident detection and prevention. Experience in drafting and executing incident response plans is vital. Here, again, technical skills and “soft” communication skills intersect, and top candidates should have experience managing both.
Certifications can provide a benchmark for a candidate’s knowledge and commitment to their field. Top certifications include:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- CompTIA Security+
- Certified Information Security Manager (CISM)
- Cisco Certified Network Associate (CCNA) Security
Recruiting the right cybersecurity professional involves identifying a balance of technical skills, soft skills, and current knowledge. These candidates not only protect your IT infrastructure but also ensure your business can confidently navigate the complexities of today’s digital landscape.
By Daniel Midoneck