A Very Particular Set of Skills: Hiring in Cybersecurity
Author: Nicholas M. Hughes
When building a cybersecurity team, you want to look for people who possess a particular set of skills and traits.
You know, Liam Neeson in “Taken” type of skills. But let’s be honest – not everyone is a one-man army. So, what should you look for instead?
My job made me aware
First, let’s acknowledge that “hiring for cybersecurity” is nearly as broad as saying "hiring for information technology.” The field is wide-ranging, from hands-on roles on Red/Blue/Purple Teams to higher-level positions in Governance, Risk, and Compliance (GRC), from Application Security to Cloud Security.
However, there are a few key areas to focus on with technical skills. First, you need individuals with a strong understanding of cybersecurity fundamentals, including threat intelligence, risk management, and incident response. Look for candidates familiar with common tools and technologies, such as firewalls, intrusion detection systems, and antivirus software.
If you’re hiring for a particular area within your organization, you may also want to look for candidates who have specialized skills in areas such as cloud security, network security, and application security. Depending on your organization’s needs, you may also want to seek out people with experience in areas such as compliance and regulatory frameworks, such as HIPAA or PCI-DSS.
None of that was very surprising, but I’d also like to stress the importance of backgrounds outside of cybersecurity. Folks with an understanding of operational considerations in development, systems, and networks can provide great insight into the normal operation of components and how interactions between components fit into a larger picture.
Are you focused yet?
On the non-technical side, look for people who are curious by nature. Cybersecurity is a rapidly evolving field, and you need people who constantly learn and stay on top of the latest threats and technologies. Your ideal candidate should be the kind of person who can’t help but tinker with things just to see how they work. If they’ve ever taken apart a toaster because they wanted to see how it functions, that’s a good sign they have the curiosity and passion necessary for this field.
Another key trait is attention to detail. You want people who can spot the little things that go unnoticed by others. If someone meticulously reads every word of a contract or proofreads every email they send, they might have the eye for detail necessary for cybersecurity. Plus, they could save you from some embarrassing typos.
Communication skills are also essential. Cybersecurity is a team sport, and you need people who can collaborate effectively with others. That means being able to explain technical concepts to non-technical stakeholders and work with people from different departments and backgrounds. Bonus points if they can do it all without technical jargon and acronyms that only make sense to other cybersecurity professionals.
Last but not least, look for people who are passionate about cybersecurity. The best cybersecurity professionals don’t just view it as a job; they view it as a calling. They can’t help but think about security even when they’re off the clock. They might even have a tattoo of a lock or key on their arm (but we’re not saying that’s a requirement).
Good luck
In summary, when building a cybersecurity team, look for people who are curious, detail-oriented, creative, good communicators, and passionate about their work. Technical skills might vary greatly depending on the role, but a broad base of general IT literacy combined with core cybersecurity knowledge is a great place to start. And if they just so happen to have a particular set of skills akin to Liam Neeson, well, that’s just a bonus.