If you saw the movie “The Imitation Game,” you’ll remember that when Alan Turing was finding recruits for his Enigma codebreaking effort, he had them all take the same test: solving the Daily Telegraph’s crossword puzzle in 12 minutes or less. He believed that anyone who could accomplish this feat had the right analytical and pattern-matching skills required to be a codebreaker, regardless of academic or professional background.
Seventy-seven years later, and the cybersecurity industry is following in Alan’s footsteps. Though the number of colleges and universities that now offer cybersecurity majors and minors continues to increase (which is a tremendous step forward in advancing cybersecurity awareness and associated career possibilities), cybersecurity companies are increasingly favoring innate skills over cyber degrees when hiring entry-level candidates.
This means that the cybersecurity industry has created a career training opportunity that hasn’t been available since the good old days of the “junior executive programs” in the 1970s—that is, companies are hiring waves of new grads who possess the qualities and skills they’re looking for, and training them themselves versus relying solely on college majors, co-ops and internships to deliver them pre-trained.
With more than 300,000 cybersecurity job openings in the U.S. and nearly 2 million worldwide, cybersecurity is incredibly fertile ground for new careers, but many college grads will incorrectly assume they need a technical background to enter the field. I’m here to tell you that this is not always the case.
Cybersecurity requires a foundational skillset that you often can’t learn in school or from an internship. You are born with many of these foundational skills, which are nurtured in youth. They can then be refined with the right mix of coaching, experience and self-growth, and used as the right base on which to build cybersecurity-specific skills. Here are three that I personally look for when interviewing entry-level candidates.
By definition, soft skills are “personal attributes that enable someone to interact effectively and harmoniously with other people.” In the world of cybersecurity, soft skills are critical for several reasons:
First, you are constantly working across company lines, interacting with IT and security professionals, Legal and HR, and C-level executives and board members. Cybersecurity pros must be comfortable speaking to employees at all levels and working in teams.
Second, cybersecurity professionals must be confident enough to stand in front of a group and act as the expert—even if they are sometimes the least-business-experienced person in the room.
Third, but certainly not least, cybersecurity professionals need to be able to delicately, but effectively, communicate difficult news in difficult situations, such as if a data breach occurs or if network vulnerabilities are discovered that could be exploited. These conversations are not easy, but they need to be had. With the right soft skills, they can be positioned in a way that commands action and response, rather than provoking fear and doubt.
Curiosity is essential to succeed in the world of cybersecurity. Regardless of your background (technical, business-focused or strategic) or what side of the business you’re on (Threat, Risk, etc.), having natural curiosity is a key element of career success. Good cybersecurity professionals have an innate desire to know how things work. They want to learn what happens when risks aren’t mitigated or understood. They want to understand how security factors in when they’re interacting with their apps and phones every day. They want to find holes in corporate networks and see how lateral those vulnerabilities will allow them to go. They want to learn about the risks created from an “always on,” cloud-focused culture.
And they want to know what the latest tactics, techniques and procedures are that cyber-criminals are using. Above all, they want to understand topics they are not already familiar with, and they won’t wait patiently for somebody to teach them those things. In short, they possess the curiosity to learn and grow, and the hunger to push themselves every day to go farther than they thought possible.
We’ve all heard the expression: “There’s no ‘I’ in team.” And this is true in cybersecurity (OK, there is an “I” in cybersecurity, but I digress!). Cybersecurity professionals must be team players not only within their organizations, but within their cyber communities as well. They must be willing to share their knowledge as they learn new things by blogging, writing white papers, speaking at conferences, going to industry meet ups, etc.
This is so important because staying one step ahead of cybercriminals requires collaboration and communication among security vendors, threat researchers, consultants and the industry in general. We shouldn’t be here only for the fame or glory that can come with something like discovering a new zero day. We’re here to share our knowledge and experience with the community so that everyone can benefit from it, and, collectively, we can take a cohesive step forward in defeating the bad guys.
At this point, you may be asking yourself: How can I demonstrate these traits if I don’t have any cybersecurity experience? The truth is, characteristics such as soft skills, curiosity and being a team player are innate traits applied in many aspects of life beyond cybersecurity, and we can recognize those traits within candidates throughout the interview process. As long as candidates arrive with these foundational qualities, we can coach and mentor them as employees to further develop these traits and apply them throughout their career in cybersecurity.
With Cybersecurity, It’s All About People
The cybersecurity skills shortage is a problem that isn’t going away anytime soon. The cybersecurity industry needs to continue to focus on building the next wave of professionals—and seeking candidates with the right skillset, regardless of their academic or professional background, is a step in the right direction.
If identifying the right people with the right foundational skills is the first piece to the puzzle, retaining these professionals is a key second. Retention requires us to invest in them, help them grow personally and professionally, and, above all, care about them as people first and teammates second. This is the real answer to ending the cybersecurity skills shortage and the most impactful way we can develop the next generation of cybersecurity professionals to successfully rise up over their cyber-adversaries and keep our world safe from future cyber-attacks.
Bryan Wiese is GM of Global Advisory Services at Optiv Security. Bryan’s role is to run and coordinate all aspects of the global Optiv Advisory Services business with a focus on people leadership, customer advocacy and relationship management, and operational execution with quality.