#BHUSA The Value of Skills, Education and Experience in Information Security Hiring

Written by

In a panel entitled “Winning the Information Security Job Hunt” at the Black Hat conference in Las Vegas, moderator Kelly Sheridan from Dark Reading asked panelists Dawn-Marie Hutchinson, executive director and executive advisory at Optiv, and Drew Fearson, head of daily operations at NinjaJobs, about whether there is a skills shortage and what is in the highest demand.

Fearson said the discussion around the skills shortage is interesting as there is a shortage in some countries and some markets, “but it is not as crazy as it is meant to be.”

“There wouldn’t be any shortage if folks were allowed to work remotely,” Fearson said, citing an example of two jobs where the one with a remote working option had 74 applications and one that required working on site in Ohio had no applications.

Hutchinson said, “It is hard to be a security leader and not be in the office, and if you’re not willing to relocate you’re going to have a problem.”

In terms of which skills were in demand, Fearson said that he saw a lot more demand for DevSecOps roles, while Huchinson encouraged delegates to specialize in one area but to avoid becoming too siloed in their work.

She said, “Focus on one thing you do well and if you’re just starting out, decide where to go and if you’re a risk manager or a compliance person, stay there and own it. When you take on multiple tasks, you become a jack-of-all-trades and a master of none.”

Asked about the value of certifications and experience, Hutchinson said that certs can be valuable if you’re new to the industry and you need to show security knowledge, but don’t focus too heavily on working with one product. 

Said Fearson, “Keep your résumé simple, but add a section on technologies used and skills gained, and add all of your buzzwords there.”

Asked by Infosecurity Magazine about the value of an education that is not in an IT-related subject, Hutchinson said she would not care what an applicant went to college for “but [that] you went to college and you demonstrated that you worked hard in teams and you pursued something that maybe had some ROI in it, maybe not, but I am happy if you went to college.”

Answering the same question, Fearson said, “There is value in having a computer science degree when you’re just starting out, as that shows you get certain things. On the surface level that does help, but once you have some more experience I don’t think it matters.”

What’s hot on Infosecurity Magazine?