According to Heid, organized competitive hacking is now a sport, and a great way to practice both offensive and defensive technique in a live fire environment. "Some information security companies have mini Capture the Flag hacking challenges that are presented to candidates during the interview process, and it seems to be a useful tool for identifying talent right away," he says.
Trend Micro, Inc., has taken this a step further. The company has been running its Capture the Flag competition for three years, says Ed Cabrera, the company's chief cybersecurity officer. "It's a fantastic way to provide opportunities for us to identify individuals who have the talent and aptitude," he says.
It's a global competition, and this year's finals are in Japan, with the top competitors getting a free trip to the event. "We might not hire any of them, or may hire some of them," Cabrera says. "But either way it gives us a great pool of individuals to look at."
Silicon Valley isn't the only place to find smart cybersecurity people, Cabrera says, and the global nature of the competition is one of the ways the company is looking outside the region. "In this day and age that type of capability and talent is global," he says. "For example, I just spoke at a panel in Miami, at an event focused at tech startups in Central and South America and the Caribbean area."
Trend Micro also looks for people who are already working at the company, but in different jobs. "The individual might be working in a business unit that doesn't challenge them, or give them the opportunity to show off their skills," Cabrera says.
Too often, there's too much emphasis put on the technical skills, Cabrera says. "A lot of what goes into cybersecurity is not necessarily the technical skills but the soft skills, the investigating mindset, ability to solve problems," he says. "I always would look towards the more soft skills, the enthusiasm, the problem solving, and the creativity side, and include that into my analysis."
Cabrera himself started out by investigating financial crimes, and moved into cybersecurity later on in life. "I'm a late bloomer," he says.
Trend Micro isn't the only company willing to look at people with non-traditional backgrounds. "We've had people on our SOC team who have music and art backgrounds," says Janet Levesque, CISO at Bedford, Mass.-based RSA Security. "There is something about musical backgrounds that seems to have a lot of synergies with what you need to do in cyber. Some of that is being able to pick things up quickly. So if someone can sight read music, or pick up information quickly, and has creative problem solving skills... we've had a lot of people who come out of diverse fields."
Sign up for CIO Asia eNewsletters.