Given how fast cybersecurity is evolving, good analytical skills are more valuable than knowing a particular technology, Levesque adds. "The technology that you may use today might be obsolete tomorrow," she says.
To help non-traditional hires get going in their jobs, RSA offers a combination of on-the-job training, company-sponsored training, and funding for external training and education programs. Plus, RSA offers proprietary training to customers on its products, so employees get that, as well. "We drink our own champagne at RSA," Levesque says.
The war for talent
When it comes to hiring the best, most experienced people, there's a war on. Companies have to step up both their offensive and defensive capabilities in order to find and retain the talent they need. "The people you want already have jobs," says Bob Heckman, VP and CISO at Vienna, Virginia-based Criterion Systems, Inc.
To get to the best people, to those who are successful and happy in their jobs, and aren't actively job hunting, takes work. One successful strategy is to draw on the personal connections of your own employees, Heckman says.
"We have a cybersecurity architect who is brilliant, and his personal reputation draws other people like him," he says. That means that the current employees have to be able to make friends, build reputations and personal networks. "Not only do we encourage it, we make them do it," says Heckman. "We make them attend cyber functions that aren't sales."
That includes participating in more technically advanced, smaller meetings. It also includes very private events that the company has access to because of the classified work that it does.
A company also has to be careful not to come off as too predatory when meeting people at industry events, he adds. "If you come off looking like you're using it as a recruiting event, they all leave," he says. "It has to be natural."
It can take time, he adds. "A lot of companies actually maintain your own personal database of cyber talent that they continue to track through their careers," he says. "They continue to actively reach out to these folks and see what they're doing in their careers and if they're doing anything new, maintaining the relationships in the community."
Then, to bring those people in, and keep them, takes a good understanding of what they really want from their jobs. "Cyber people are special," says Christy Cooper, Criterion's senior recruiter specializing in cybersecurity.
To keep them happy, the company focuses on helping them develop their careers, investing in continuing education as well as project-related certifications. To keep people from getting burned out, they can cycle through different security jobs at the company that helps make them more well-rounded. Happy employees also help with recruitment, Cooper adds.
Sign up for CIO Asia eNewsletters.