Why HR Might Be Missing the Mark When Hiring Cybersecurity Professionals

| August 22, 2013

Cybersecurity ProfessionalsAccording to findings from ESG Research, 55 percent of enterprise-level companies (1,000+ employees) need to hire information security professionals. However, 83 percent of those companies say that recruiting security professionals is difficult. In addition to a shortage of talent, many companies struggle with three additional problems:

  1. Skills deficits. Current IT staff lack security skills related to network security, cloud security, security analysis and mobile device security.
  2. Poor staff deployment. Most organizations expect their security staff to solve immediate problems rather than to focus on proactive security planning.
  3. Complex security tools. Security vendors build tools that are designed to be customized, not automated. Unfortunately, the staff is busy putting out fires and has limited time to develop expertise in using these tools.

Considering the skills gap and the limited number of warm bodies for available security jobs, now is a great time to get a cybersecurity degree. In fact, you can click to find out more about getting a cybersecurity master?s degree online. Just getting the degree, however, may not guarantee you a job ? you’ll have to get past HR first.

The Trouble With Assembling a Geek Squad

Let’s face it: If you’re interested in cybersecurity, then there’s a good chance that you’re a geek. You may love video games, role-playing games and of course, bacon. These qualities that endear you to your friends, however, may not endear you to the HR department of major companies. You may be, as Aaron Cohen, the founder of Hacker Academy, puts it, ?socially awkward.?

At the Hacker Halted conference in Miami last October, security consultant Winn Schwartau said that HR departments need a new paradigm for hiring security consultants. While HR departments tend to frown on conditions like ADHD, obsessive-compulsive disorder and autism, these ?deficits and disorders? are the very elements that enable a cybersecurity geek to ?focus on an issue through the night.?

The Effects of Negative Stereotypes

Unfortunately, the very people that need to hire geeks are the ones who are holding on to stereotypical and negative views. When describing the U.S. Cyber Challenge program, which is designed to recruit cybersecurity talent for the federal government, program director Karen Evans labeled her program’s activities as ?nerd camps.? Stereotypes like these may keep many talented people away from the cybersecurity field, particularly college-age women.

A University of Washington study found that both men and women view the typical computer science enthusiast as ?a genius male computer hacker who spends a great deal of time alone on the computer, has an inadequate social life and enjoys hobbies involving science fiction.? Other study participants indicated that they agreed with other stereotypes, such as assuming that all computer science experts play ?World of Warcraft.?

How to Recruit Geeks

To fill the many holes in their cybersecurity lineups, both businesses and government agencies need to learn how to make geeks part of their culture. Try some of these suggestions:

  • Focus on talent. Too many HR departments get bogged down in the job description. After interviewing two engineers, hire the one that’s most talented as opposed to the one that has a specific skill set.
  • Strut your stuff. Post blog entries about creative ways that your current employees have solved problems. You can also send some of your staff to local user’s groups to discuss how they’ve tackled a particular security challenge. Your goal is to cause potential hires to say, ?I’d love to work with these people.?
  • Share. If your current staff has developed code that could be useful to outside developers, then consider making the code open source. Geeks will respect the quality of the code, and they will remember who developed it.
  • Give them a problem to solve. An app development company called Parse allows their engineers to apply using an API. While your geek may not want to deal with another dull online application, he or she may be intrigued by the opportunity to solve a problem.

Finally, many HR departments are assembling job descriptions for technical positions that they don’t understand. Instead, HR should allow an IT manager to have input into the job descriptions. IT’s feedback will let HR know exactly what to look for in a new cybersecurity hire. It will also encourage HR to give geeks a chance.


About the Author: Kevin McDonald is proud to be a geek. He’s also a cybersecurity consultant for a number of Fortune 1000 companies.

Why HR Might Be Missing the Mark When Hiring Cybersecurity Professionals


Category: Business

About the Author ()

Comments are closed.