The Secure CiO: How to Hire and Retain Great Cyber Security Talent to Protect your Organisation by Claire Pales

Author:Claire Pales [Pales, Claire]
Language: eng
Format: azw3
Tags: Business security, Information technology security
ISBN: 9780648204756
Publisher: 27 Lanterns Pty Ltd
Published: 2018-10-01T16:00:00+00:00

Key takeaway

If you must use a recruiter, try to find a skilled cyber security recruiter. Do your homework and plan for the process with a clear direction and job description. See section 2 for more information.

10

Candidate review

‘I would rather interview 50 people and

not hire anyone than hire the wrong person.’

Jeff Bezos, CEO of Amazon

This book is not here to tell you how to do your job. If you have been successfully recruiting IT leaders and professionals for years, you might think this chapter won’t have value for you, but I encourage you to read it anyway.

Early in my career, my employer sent me on a course called Network Engineering for Non-network Engineers. As you might imagine from its catchy title, the course explained a complex communications network to those like me who were responsible for talking about it to the public. Recalling this course years later reminds me that even somewhat alien subject matter can be valuable to those from another area of business or industry. This is also true when it comes to some of the amazing ‘security people’ I have met through my career. I am using quote marks because, in many cases, calling them security people isn’t a complete truth.

Many admired security leaders are appointed, asked, or ‘voluntold’ into security roles based on anything but their technical security skills, and via some pretty unusual paths. Despite lacking hands-on security experience, these souls were chosen for qualities that can’t be trained, such as their integrity, their inherent leadership skills, and their clear understanding of right from wrong. Many security people are also chosen because they are great communicators, team builders, or can rally the troops when hard times hit. History has shown that filling security roles with unlikely candidates has brought into the industry cross-functional role models with an understanding of business-related risk – experience that some lifelong security professionals never acquire.

My point is that when considering security leaders, chances are the CVs you see will come from varied backgrounds. I know well-respected security leaders who cut their teeth in HR, audit, the police force, armed services, risk, technology, PR, or academia. Their more recent experience is what you are most focused on, given the pace of security these days, but consider their background as a bonus in terms of your agenda. Some leaders bring unique skills and experience, and should not be discounted because they did not take a traditional computer science path.

This can also be important in reviewing candidates, because you may not see all the CVs that come in. Depending on how you recruit, another person tasked with CV review may be screening out ‘unsuitable’ applicants. This may be a recruiter, a human resources manager, one of your direct reports, another security staff member, or a third-party consultant who vets the CVs for you.

The vetting process is also something to consider. If you have created a great job description, have briefed the reviewer on your priorities, and trust their judgement, you’re halfway there. This process will certainly save you time if you find the shortlist hits the mark.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.