Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 non-traditional hiring tips for InfoSec

Maria Korolov | Oct. 23, 2014
The majority of companies surveyed – 70 percent – says their IT security departments were understaffed.

standing out

There's a dramatic shortage of qualified information security professionals in the industry today.

Globally, we're a million people short, according to Cisco's 2014 Annual Security Report. According to Ponemon's 2014 IT Security Jobs Report, 36 percent of staff positions and 58 percent of senior staff positions in IT security went unfilled in 2013.

The majority of companies surveyed 70 percent says their IT security departments were understaffed.

It's no surprise that some companies are turning to some non-traditional strategies for finding their cybersecurity employees.

1. Look to the crowd
Some companies have already been turning to crowdsourcing to find bugs in their software or security holes in their platforms.

But the crowdsourcing venues can also be sources of new staff hires, as well.

"The number one researcher on our platform right now was able to get a job offer from Tesla," says Marisa Fagan, director of crowd ops at San Francisco-based Bugcrowd.

Bugcrowd allows companies to look at the reputations of its independent researchers, look at leaderboards, and will even do background checks of researchers working on more sensitive projects.

There are currently 12,000 researchers on the platform, and it's growing by around 1,000 researchers a month, she says.

2. Look for self-starters who love to learn
When Rook Security moved from Silicon Valley to Indianapolis, the company lost access to a large and readily available pool of employes.

"There were more people ready to walk directly off the street into a job," says Rook CEO J.J. Thompson.

But instead of just turning to recruiters to help meet his growth needs, Thompson rethought his hiring criteria which led him to some unusual places.

Tom Gorup was a service tech at AT&T when Rook hired him, without the typical experience necessary to come in as security operations center analyst.

"What he had going for him was military leadership," Thompson says. Gorup had been a sergeant and a squad leader in the Army. "What I noticed in Tom was that he was confident, loved and had a passion for the subject matter, and was a voracious learner."

Gorup originally interviewed for an internship, but was hired as a full time security operations center analyst. He then became the team leader, and, within a year, was promoted to the manager of the security operations center.

"We hire and promote based on what people can do and can accomplish, not based on time in role," says Thompson. "The security industry changes every day. And it can't be taught, that thirst for knowledge."

3. Look to the colleges
In addition to hiring experienced professionals, companies should also look at colleges and universities for new hires, says Dianne Fodell, IBM's director for Global University Programs.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.