Tuesday, August 20, 2019

The Cyber Recruiting Value-Add


Every scene in a good movie pushes the story forward. Adds value. Expands the narrative.   


The same is true with each member of the cyber security team. Each hire will define your program's story and value.

Building a top performing cyber security team is the most important thing that you can do as a cyber leader. Your choices or compromises in hiring will play a large role in making or breaking your career. 

Hire well. 

Know What Security Skills For Which You Are Hiring: Are you hiring for someone to look at a console all shift? Someone to capability build?  Do they need to engage with stakeholders? Write policies? Are they working from a playbook, compliance, or risk checklist? Security skills run a wide specrum and the candidate’s certifications won’t tell you how they fit in the range of roles that you might have to fill.  In addition to these, natural smarts and enough technical curiosity to understand what is happening behind the console screens are important to me.  I’ve “no hired” candidates for an incident response role with a masters in cybersecurity and candidates with 10 years of SOC experience because neither had the technical curiosity to understand key concepts about operating systems or malware as part of their very different experiences. You might feel differently.

Write Every Position Description For The Ideal Candidate: My bar for position descriptions is that the ideal candidate should immediately see themselves in the description. I can’t tell you the number of times that recruiting has said, “we will never find someone like that” and the perfect fit knocks on the door the next week. A lukewarm, warmed-over, bland position description just like all the others will only get you lukewarm, warmed over, and bland candidates just like all of the others. Be brave. Be different.

Be Participative Upstream With Recruiting: Review every resume and tell Recruiting what you like and don’t like about a resume…even the ones that aren’t the right fit. This will help them better understand how candidates fit and help them find you more ideal fits. 

Pass Prospective Candidates To Recruiting: I like to do my own candidate search and pass the Linkedin links to Recruiting to reach out. Not all of the prospects work out for various reasons and that's ok. Again, the value is that it brings clarity to the experiences that the ideal candidate might have.

Help Recruiters With A Few “Rough Cut” Phone Screen Questions: The questions will help recruiters see if the candidate knows the basics for that specific role. 

Phone Screen For Resume & Experience: Spend your time during phone screens on the resume and experience of the candidate. This will allow you to keep these to a minimum if you bring them in for an interview loop. You should be spending interview loop.

So you own pushing your security program’s story forward. Here’s your chance. You know the stakes. Write that script. Start adding value with each hire rather than just hiring.

It's your future. Don't compromise.


Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.

SEE ALSO



No comments:

Post a Comment