Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 non-traditional hiring tips for InfoSec

Maria Korolov | Oct. 23, 2014
The majority of companies surveyed – 70 percent – says their IT security departments were understaffed.

"Employers can sponsor or attend Capture the Flag and other security competitions there are lots," she recommends. "Interview and hire the winners or depending upon the particular job requirements -- hire the students who organized the event for their university."

She also recommends looking for students who are interested in security as a hobby, or who participate in professional organizations such as OWASP the Open Web Application Security Project, ISSA the Information Systems Security Association, or Honeynet.org, or who present papers at security conferences like RSA, Black Hat, or Women in Cyber Security.

4. Look to the high schools
Denver-based Azorian Cyber Security is waiting for its newest recruit to get old enough to sign a hiring contract.

"Our hiring practices are based on skill sets, passion, and some would say obsession," says Azorian CE Charles Tendell.

That is to say, he hires hackers. And he hires them right out of high school, off of underground boards and forums, out of conferences and conventions.

"One of my leads is now 19," says Tendell. "I hired him right out of high school because I saw him give a presentation at DefCon, one of the largest hacker conventions in the northern hemisphere. The skills and style he demonstrated showed that he was bright for 19."

The traditional career route -- of academic training and professional experience -- can dull a person's edge, he says.

"You kind of have to be a hacker to catch a hacker," he says. "Hiring people who think that way gives us an edge."

Azorian CE Charles Tendell

For example, the company is able to use new and creative techniques to do penetration testing, or to track down the real identities of online criminals.

"We hire for passion," he says. "The additional skills they need, we can teach later, or they can assimilate over time."

5. Look to the payments industry
"Identity is the new perimeter," says Andre Bosen, chief identity officer at Ontario-based SecureKey Technologies. "We have to shift the thinking from perimeter thinking to who uses the service."

The recent high-profile security breaches at major companies show that it's time for a new security model, he says.

"And payments people are particularly well suited to thinking about this, in my view," he said.

In addition to payments and financial services, Boysen said his company also hires people with backgrounds in the arts and in the legal profession.

"We like diversity in our thinking," he says.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.