When staffing cybersecurity roles, have you had success with hiring candidates who lack technical experience? If so, what made that strategy effective?
Sort by:
From my experience hiring people in cybersecurity the most important is the attitude and compromise of the person, the person must have soft skills and high levels of emotional intelligence. If the person has these skills, i hire him/her and next i develop a training program base on four aspects:
1- Include the person in an induction process with the cybersecurity team
2- Get the focus of the person in the skill that i need from him/her
3- I support the person every day and every moment
4- I ask the person get the certification as internal audit in ISO 27001:2022
We only hire people who do not have technical experience for roles, for example in culture, where we are looking for people who are experts in marketing or communication issues, or legal issues where lawyers have a better profile, but really for the rest of the roles, we are looking for people with training and technical experience. In case the person do not have technical experience but has the technical training, we place that person in the most basic positions of the operation where he will begin to acquire experience and grow within the organization.
As a general rule I hire for culture and EQ with a level of technical competence that allows deliberate and targeted training to be effective. This does therefore imply that having deliberate and targeted training is key.
Interestingly for Cyber roles - I have a small team of "leads" so I have needed to also hire for technical skills and I don't think this could have been avoidable for the lead roles, due to the specialisation required.
Now that the leads are filled, future hiring will be for culture and EQ and a clear ability to learn technical skills once they start with my organisation.
Mentorship is crucial, especially when leading a relatively new team. I've intentionally built a team where nearly 80% are under 35. I sought out young, hungry, and energetic individuals who bring fresh perspectives and a drive to make an impact. But it's not just about age; I've also prioritized diversity in experience. I've hired talent from various departments, such as procurement, HR, communications, and internal audit. This cross-departmental mix offers us a broader perspective on the challenges and opportunities within the organization.
The diversity of backgrounds also provides us with a rich internal network, which is incredibly beneficial when navigating complex corporate environments. This means we have insights and connections across the company that might not be accessible to a more homogenous team. This internal network fosters collaboration and opens doors to new ideas and solutions that might go unnoticed.
Moreover, this approach to building my team underscores the importance of mentorship. By guiding these young professionals and helping them grow, I'm shaping the future of cybersecurity within the company and creating a culture of learning and innovation. Mentorship allows me to share my experience while learning from their fresh perspectives, which keeps our strategies dynamic and aligned with the evolving needs of the business.
Yes, findingfolks with passion, aptitude, interest and determination to learn is vitally important. Ive had team members with willingness to learn and a level of technical aptitude but little experience who have done very well and contine to do so. Putting them in an environment that is supportive & knowledge sharing is key to helping such folks to "level-up".