Charlize Theron had her sights set on becoming a ballet dancer before she suffered a career-ending injury. Struggling to find a new career path, a heated argument between her and a bank teller drew the attention of a talent scout who recognized her flair for the dramatic. Matthew McConaughey was sitting at a hotel bar when he happened to meet Richard Linklater who gave him his game-changing role in Dazed and Confused.
What do Charlize Theron and Matthew McConaughey have to do with building a cyber security team? Nothing really, except that they are proof that the right person for a role can be found in an unexpected place. The same can be said for many cyber security jobs. 87% of cyber security professionals didn’t start their careers in cyber security. In fact, many didn’t even start in IT, but in fields like marketing, finance, accounting, and the military. All it takes is one leader who can recognize unique talent within these areas.
As security leaders struggle to fill roles on their cyber security teams in the midst of a cyber security workforce shortage, they need to widen their searches for cyber talent. In this post, we’ll look at where to scout out cyber security talent, how to identify potential talent, and how to transition them into a cyber security role.
The Secret to Identifying Hidden Cyber Security Talent: Key Personality Traits
When looking for cyber security talent in unexpected places, you have to throw the traditional hiring manual out the window. Examining a list of application-specific skills won’t help, certifications won’t be very relevant, and prior work history will give limited insight. Instead, you’ll need to analyze the soft skills and personality traits that prove the candidate has the capability to be successful in cyber security. Let’s look at some of the characteristics:
Passion – Cyber security is a field of exploration and discovery, which appeals to those who are passionate about learning and being able to try new things. It also provides professionals with the opportunity to serve as the “protector” of an organization, its customers, and its employees. Look for professionals who are passionate about this underlying mission, and you’ll find strong candidates for some of your security roles.
Problem Solving – This is a big one. Most cyber security work is, fundamentally, a series of technical problems that need to be solved. Some choose to see this as frustrating and draining, while others see it as an opportunity. Look for those who see obstacles as an opportunity to find a new solution. Professionals who are excited about dissecting problems, finding the source, and identifying solutions are the people you want on your team.
Creativity – Creativity manifests itself in all sorts of ways – music, art, design, writing, and of course, cyberattacks. Hackers are constantly developing new, creative ways to infiltrate networks, and you need network defenders who can create innovative ways to detect and stop them. Keep an eye out for professionals that show an aptitude for innovative problem solving. They’re the ones who will provide a fresh perspective and different ideas for protecting your organization.
Strategic Thinking – A job in cyber security requires you to see the big picture so you can understand how your team functions across the business, identify problems, find solutions, integrate new ideas and processes, and anticipate what’s coming next. Look for professionals who can take a step back from day-to-day tasks and see the vision for your team. These are the team members who can enact big change and help your team accomplish its objectives.
Flexibility/Adaptability – The world of cyber security is constantly changing. It requires quick thinking and constant learning. Finding resources who are able to adapt quickly will be invaluable to your team. Look for those who are already in jobs that require thinking on your feet and for those with a love to learn. This desire to constantly grow and try new things will provide you with flexible resources who are up for any task you throw at them.
Resiliency and Persistence – Effective defense is a never-ending strategic game where cyber professionals are pitted against a tireless foe. Some days are harder than others, and the good guys don’t always win. The ability to persist, shake off a loss, and keep pressing on is one of the most needed and often most overlooked qualities in a world-class team.
Innate qualities like these are difficult to develop and teach. Looking for professionals who have these characteristics rather than a particular set of skills, which can be taught, will set your team up for success in the long run. In this field, skillsets, tools, methodologies, and threats are constantly changing, but the ability to think creatively, strategize, solve, and adapt will always be needed.
Where to Look for Cyber Security Talent
We’re not saying anyone could be your next SOC analyst or security engineer, but you do need to broaden your search, and different areas across your organization could be a good starting point. These professionals will already be familiar with some of your systems and tools, your existing team members, and your corporate culture.
The IT Department
This one seems obvious, but IT is frequently ignored in an effort to hire outside talent with proven cyber experience. However, IT professionals are primed for cyber security positions within your organization. They have a rich technical background, and they are already more than familiar with your organization’s systems, applications, and networks. In fact, you probably already work with some of them on cyber security projects regularly.
Accounting and Finance
This is where you’ll find a wealth of problem solvers and strategic thinkers. Those in accounting and finance are working hard on problems, solutions, and plans that will often be executed across the entire organization (or at least whole departments). They’re also coming from analytical, process-driven backgrounds that have given them a foundation that shares similarities to those in cyber security.
Internal Audit and Risk Management
It comes as no surprise, but professionals in internal audit and risk management are often perfect candidates for some of your cyber security roles. They understand your organization’s risk landscape, they help develop the processes and policies that address these risks, and they are effective at reporting on risk. They also understand the regulations you must comply with, stay on top of changes in this arena, and are familiar with the systems and applications at your organization. Risk management professionals can come to you with the problem-solving, strategic-thinking, and communication skills your team needs to be effective.
Marketing is definitely an unusual place to go looking for cyber security professionals, but many of these professionals have those creative, adaptable, problem-solving skills you’re looking for. Like cyber security, the world of marketing is rapidly changing, requiring marketing professionals to adapt quickly to change. They also often have strong communication skills that can come in handy when rolling out cyber security changes and awareness campaigns across the organization.
Legal and Human Resources
These two areas are very compliance driven. HR and legal professionals are solving big picture problems all while meeting the requirements of national, international, and industry-specific laws and regulations. As cyber security becomes more heavily regulated, finding professionals who are able to balance multiple regulatory requirements while still operating effectively will be critical.
Bonus Round: Those with Backgrounds in the Military, Sciences, and Communications
As you look across your organization for potential candidates, don’t just look at department or areas of expertise, but also consider their past experience. Those with military backgrounds often have a disciplined approach, strategic thinking skills, and may share a passion for the mission behind cyber security work. Those in mathematics and science have strong analytical skills. And those in communication fields like PR and media are flexible, creative, and excel at communication.
Transitioning Unconventional Hires into Cyber Security
Because these candidates are already employees at your company, you can’t wow them with a list of the unique benefits your company has to offer. Instead, you have to show them that you have a plan for their career. No one wants to make a big career change like this without knowing that there is a defined role for them on your team, a set training plan, and a strategy for their success.
To ensure their success (and your team’s success), follow these key steps to transition them onto your cyber team.
- Have a defined role for each team member. Your new recruit needs to know exactly what their job responsibilities will be and how that role fits into your team. Having all the roles you need on your team mapped out will demonstrate to them the plan for their career and how it fits into the big picture strategy for cyber security at your organization.
- Identify the specific knowledge, skills, and abilities (KSAs) each role requires. Outside of day-to-day tasks and responsibilities, your professionals need to know the exact skillsets, knowledge, and capabilities they need to develop to function in their new role. Developing KSAs will take time but having them documented will help new team members as they grow in their career.
- Have a plan for how these new team members will acquire these skills. Before they move into a cyber security role, you need to have a defined training program and professional development plan in place – and you need to communicate it to your new cyber professionals. Walk them through the training selection process, the training formats, the training providers (internal or external), and what the goals and expectations are for the training plan.
- Demonstrate the career path for each role. Both the leaders on your team and your new employees will benefit from having a defined career path for each role. For leadership, it helps you track and manage your talent pipeline. For your new recruits, they have set career goals and a plan for their future.
- Assign them a mentor. New cyber team members will thrive best when working with a more senior professional to whom they are accountable. Cyber security is a team sport, and the sooner your new recruit is engaged and interacting with the team, the better. Many senior-level cyber professionals consider having a mentor as one of their top reasons for success.
Bringing professionals from other backgrounds into your cyber security team is not the easiest or most conventional path, but it can have a big impact on your talent pipeline. With a cyber workforce development plan in place, you can bring in resources from a variety of backgrounds and build the skilled cyber security professionals your team needs. Adding this diversity to your team means you will hear new ideas, find new solutions, and reap results your team may have never seen before.
Focal Point specializes in helping clients build cyber workforce development programs that build the cyber security professionals their teams need. From assessing the gaps on your team to developing training programs, Focal Point Academy is ready to help your organization grow the hidden cyber talent within your organization into expert, skilled cyber security professionals.
Want more cybersecurity insights and updates like this?
Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with templates, webinars, interesting white papers, and news you may have missed. Thousands of your colleagues and competitors have signed up! You can unsubscribe at any time.