Originally posted August 2018 – Updated December 2022
As the cyber workforce gap continues to grow, employers must rethink their approach to identifying and developing skilled cybersecurity talent. Many organizations have turned to “skills-based hiring” and reduced their degree requirements to attract capable—but otherwise overlooked—candidates.
While soft skills like critical thinking and communication are among the most requested by employers, many aren’t finding qualified applicants who also have technical skills like cloud computing or Splunk query expertise.
Don’t be discouraged. You can find many talented individuals right under your nose, if you know what to look for. When seeking new cyber talent, try focusing on these five traits that provide a strong foundation for success.
1. The Human Hoover
While you shouldn’t avoid analysts with experience and expertise in a particular domain you’re looking to fill, don’t discount candidates who demonstrate the ability to learn quickly. If you invest some time in mentoring and upskilling, these malleable learners will be able to collect, synthesize, and adapt information swiftly given the particular situation at hand, which is especially critical as new cyber threats emerge and continuously evolve.
2. The Challenge Seeker
It’s a gift to be able to learn and apply new concepts quickly, and another to enjoy the challenge of doing so. Stanford psychology professor Dr. Carol Dweck refers to this trait as a growth mindset. The challenge seeker has a greater sense of intrinsic motivation to solve the problem at hand, like finding that one piece of the puzzle that brings the whole picture together (or finding the vulnerability to quickly patch and update).
A candidate motivated by the quest to understand should generate better overall results. Furthermore, those with a growth mindset are better suited to learn from and build on their failures, rather than ruminate on them.
3. The Attentive Communicator
Strong critical thinkers must also have the capacity to communicate clearly and logically. Many people mistake good communication for being articulate, but that’s only half of it. Solid communication skills include the ability to both convey one’s views in a concise and intelligent manner, and to actively listen, understand, and interpret the messages received.
The best candidates have the keen ability to translate highly complex or technical topics in a way that makes the concept easy for others to understand. Candidates possessing this ability are not only a good fit for your current open position, but may also find themselves on the fast track for further advancement.
4. The Consensus Engineer
You want a team player, but what does that mean? You need practitioners who can work well, both emotionally and effectively, with their peers. Moreover, a successful practitioner can build support across multiple stakeholders for the initiatives they are invested in.
Take a play out of the intelligence tradecraft playbook from the Department of Defense. Rather than publishing definitive personal conclusions, analysts must get internal and external agency buy-in on their assessments. Seek employees who take the time to collaborate with counterparts across departments or teams. This ensures they not only have strong evidence to justify their conclusions, but also the ability to empathize with other perspectives, be a reliable teammate, and establish trust across the board.
5. The Strategic Big Thinker
Great practitioners are constantly thinking about how their work relates to the overall strategic goals of the organization. While fulfilling the direct duties of a position may seem tactical, bonus points are awarded to those who understand the importance of their role. Test them with the question: “So, why does our organization need to hire anyone for this position? What would happen to the organization if we didn’t?”
Employees should understand their value, and employers should provide every opportunity for every role to feel valued, too.
But What About the Splunk Queries!?
While specific cyber roles require more specialized technical skills, a vast majority don’t. The beauty of cybersecurity is that many skills needed are far more teachable than the inherent traits listed above. It’s worth reviewing current job requirements to see what’s really required versus what can be learned on the job.
Taking this alternative approach to sourcing non-traditional talent expands the talent pool to more capable and motivated candidates. So, if you see a philosophy major applying for a cybersecurity analyst position, don’t be so quick to press the “reject” button—your organization will be better for it.
And for the philosophy, communication, business, or other majors outside of computer science and cybersecurity, consider showing your dedication to cyber by earning the CompTIA Security+ certification. It’s not always a requirement, but it can help your chances of getting through to an interview.
Related Content: