In professional team sports, coaches rarely experiment with every player at their disposal – even when they face an on-field dilemma. Who, after all, wants to invite criticism by placing square pegs in round holes. In football especially – a results business – coaches are judged from one game to the next and thus demand quick fixes. The outcome? Eye-watering sums spent acquiring new players, often at the expense of existing, but ultimately unnurtured, talent.
Fortunately, your cyber workforce isn’t a professional sports team. But outstanding athletic ability or otherwise, that workforce does require highly skilled staff – and finding them is notoriously difficult. The cyber skills gap is very real (there is a 0% unemployment rate expected to continue until at least 2021), yet most businesses navigate this crevasse by simply hiring new staff – a method that is expensive, lengthy and ultimately unsustainable.
So, what can be done?
Finding cyber talent within
An effective (and potentially lucrative) solution is to unearth hidden talent from within your business, which may seem silly – cyber ninjas don’t just hide in IT, right? – but is in fact perfectly feasible.
We’re not suggesting a fully-fledged pen tester is lurking in your ranks unbeknownst to you (that would be absurd); rather, that your workforce already boasts employees with an aptitude for cyber – you just didn’t know it.
There are several reasons you should look to tap into this potential. Firstly, as you’re no doubt aware, hiring externally is an expensive game and one that’s all too easy to get wrong. There is surely nothing more disappointing than hiring someone who is perfect on paper, only to discover their real-world skills don’t quite match up. (Okay, Batman Vs Superman wasn’t great, but tickets didn’t cost you thousands.)
More importantly, when promoting from within you know what makes that employee tick because, hey presto, you’ve already worked with them. This will help in your quest to retain that worker, which is essential when considering the high turnover in cyber security roles (the result of 65% of cyber professionals struggling to define their career path and over half feeling sufficient training is unavailable).
So, you know that hiring from within is the smart choice, but now have one burning question…
How do I find this hidden talent?
The first step to unveiling your company’s hidden cyber talent goes against everything you know about recruitment: you need to ditch the CV. (Fear not – there’s good reason for this.)
When scanning your business for potential cyber talent, remember: you are not seeking experience and pre-existing hard skills, but personalities. To identify those with a propensity for cyber, look out for certain tell-tale traits like perseverance, curiosity, creativity and a competitive nature. It’s known that the best cyber workers like to learn, not to be taught – perhaps why 63% of Immersive Labs users believe ‘willingness to learn’ is the key characteristic of a cyber employee.
As well as knowing what to look for, you need to know where to find it. While the obvious solution is to raid the IT department, consider screening those working in analytical and strategic departments like finance and marketing. You should also inspect your employees’ backgrounds; did they study maths at university, for instance, or serve in the military? A 2017 study found that 1 in 5 cyber security professionals joined from a different sector – proof that those with non-technical backgrounds can, and do, successfully transition into cyber.
It’s also important not to overlook those in the later stages of their career for fear that ‘you can’t teach an old dog new tricks’. While young adults are more pliable, those with vast experience – particularly IT workers – may embrace a new challenge and use their impressive base skillset to flourish.
Once you’ve pinpointed the employees who may have what it takes, you need to put them through their paces; this means finding a way to test their learning ability, dedication and practical suitability. It’s crucial that you don’t fall into the trap of thinking your cyber protégé from marketing will become a Red Team Analyst overnight. You’ll need to invest in potential, supply the tools required to succeed, and allow sufficient time for development.
Through the Immersive Labs platform, you can monitor your employees’ progress as they continually learn new skills, and even engineer their learning to suit your business’ needs with personalised skill paths. Why not schedule a demo and take the first step towards building your bespoke cyber workforce?
It might not be the conventional route, but utilising workers from alternative professions and backgrounds can revolutionise your cyber recruitment and have a lasting impact on your talent pipeline. Better still, it will result in a diverse workforce that benefits from varied, atypical viewpoints, allowing problems to be tackled in new and innovative ways.
Cyber preparedness lessons from the trenches
30 July 2020
Build capabilities, not just plans
29 July 2020
Most organizations now expect to be hacked, so why is incident response being neglected?
28 July 2020