When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that's not as easy as it may seem.
According to a poll last summer of 1,000 18-26 year olds conducted by Zogby Analytics and underwritten by Raytheon, about 40 percent of Millennials reported they would like to enter a career that makes the Internet safer, but roughly two-thirds of them said they aren't sure exactly what the cyber security profession is, and 64 percent said that they did not have access to the classes necessary to build the skills required for a career in information security.
That means, at least when it comes to the entry-level information security market, that there will be many job applicants continuing to enter the field with backgrounds that lack formal information security training. This echoes what we hear when we speak with CISOs and others who often hire security talent.
With all of this in mind, we recently reached out to those CISOs to see if there was a common thread of mistakes among information security career newcomers who are in the job market. Here's what we found:
1. Fail to show oneself as a team player
Sounds like a no-brainer, right? But it's not. Many of the hiring executives we spoke with say that personality can -- and often does -- trump technical assets. This is especially true as more and more information security roles interface with the rest of the business. It's essential that applicants be themselves -- amiable, articulate, and able to prove that they can work with different areas within the organization.
2. Sell one's self as a jack-of-all-trades
"Entry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate," says Boris Sverdlik, head of security at Oscar Insurance. "Security is broken up across many verticals and even among those who are experienced, it's almost impossible to be well versed in all aspects," he says. "The most annoying candidate is the arrogant know-it-all," says Brian Martin, founder atDigital Trust, LLC. "I don't mind arrogance when it's earned, but not in a kid who's never been tested. In cases where we've tried to work with these types, it hasn't ended well."
If you have interests in many skills in information security, highlight a couple that best meet the needs of the organization.
3. Falling flat on job search and interviewing basics
For many CISOs, such as Martin Fisher, manager of IT security at Northside Hospital, it is common for potential hires to harm themselves by flunking the basics of job seeking. "On resumes, misspell HIPAA, and I'll toss the resume," Fisher says. He also says that he too often encounters typos, punctuation errors, and resumes laden with information that's not relevant to the role being offered.
Sign up for CIO Asia eNewsletters.