“Information assurance is not just a skill; it is also a mind-set, a way for thinking,” says Starnes. “That mind-set is curiosity, tenacity and a passion for information assurance. Those traits can be found in any number of professions and industries. Find the mind-set and the passion first, the skills and experience can be developed.”
Taylor agrees, adding: “The right skills can be found - what I find more challenging is finding people with the right aptitudes and experience.
“My first suggestion would be to review hiring role descriptions and cut back on the mandatory skills and qualifications and see what candidates you get. Many people believe that certification is a substitute for experience or that demanding the right certification will ensure the correct level of experience, but I find this not the case.”
Run or attend competitions
There are numerous competitions, workshops and even holiday camps for those interested in a career in security – and so it makes sense for CISOs and CSOs to attend or organize as many of these as possible.
A lot of these competitions, like CyberLympics in Europe and the Cyber Security Challenge in the UK, are interactive and role-based game and so they give a great insight into how the participants would tackle similar situations in real-life. Security pros can also be found from initiatives like SANS Institute’ Cyber Academy, or meet-up hackathons.
“Many [CISOs] are doing the above but even going a step further with initiates such as running capture the flag competitions and/or hackathons sponsored by the company,” says Honan.
“This allows the company to identify potential talent to recruit into the team. Others will offer on placements for university students during the holidays, or work with the research function of universities of joint projects.”
Sign up for Computerworld eNewsletters.