Reaching out to a new generation of cybersecurity professionals is as important as retaining what you have.
Speaking on a panel at Infosecurity North America on “Building a Next-Gen Security Team in a Red Hot Cyber Job Market”, the panel were asked by moderator Lauren Claypool, Director of Professional Services, Alta Associates and The Executive Women’s Forum what skills they were expecting from applicants.
Bill Hill, CISO of the MITRE Corporation, said that it is hard to “shop” for skills, and commonly a non-negotiable skill is problem solving. Commonly if people are “under-skilled but have the right attitude to solve problems”, that is enough.
Heath Renfrow, CISO of United States Army Medicine, said that you have “got to be hungry in this field”, but it is not the job of the recruiter to make it difficult. “You have got to get into the mindset that struggling to understand cybersecurity is a continuous thing, and we’re here to compliment processes and senior management will understand us better.”
Bill Newhouse, deputy director of the National Initiative for Cybersecurity Education (NICE) at NIST said that language and diversity make it more attractive, so try to find opportunities within the group and check the workforce so it can be measured. “It’s a hard thing, and it is vital that we do it,” he said.
Asked about retaining talent, Renfrow said that he had implemented an intern program to help new people get into the cyber field. He also said that he goes to colleges and schools to speak to students and get interest in a career raised in the local community.
“I’m trying to find my replacement and that is why I go to elementary schools and colleges, and for the next generation we take in 30 interns annually and put robust training in, and pay for certifications and renewals. Retaining is just as important as bringing in new people.”