Today’s business landscape requires organizations to be increasingly dependent on the strength of their cybersecurity teams, so understanding how to hire a legitimate expert in the field is critical. But this industry is evolving rapidly and it is a challenge for businesses to identify unique, valuable skills for their cybersecurity professionals.
The following guidelines will help you discern the gold from the dross when looking for a cybersecurity expert for your organization:
1) Talking the Talk and Walking the Walk
Security experts hail from many backgrounds. They may have taken traditional routes, such as being groomed in IT departments after collecting CISSP or CISM certifications. They may have obtained degree in computer science or some other technology field.
Alternatively, many cybersecurity experts also have more of a business background. They may have acquired an MBA before launching their security careers. Some have more expertise as a C-level executive than an IT professional.
Regardless of their path, successful experts should reflect a proven track record of dealing with security issues, so look for candidates with real-world applications of industry knowledge.
No matter what career path an expert takes, he or she should be able to demonstrate that they're actually an expert!
2) Tailored Approaches vs. Cookie-Cutter Solutions
Cybersecurity experts must exhibit mastery of their domain and understand how to quickly and efficiently respond to critical issues. But each organization's pain points are unique and require customized solutions.
If a security expert is not willing to approach your company's security requirements with a tailored technique and a process that focuses on your individual needs, he or she is not providing the highest level of value.
3) Identify the Problem—Then Solve It!
There is a big difference between identifying a problem and solving it.
Cybersecurity experts are required to continually identify incidents, potential threats and risks that are constantly weaving their way through a network infrastructure. But that's only half the battle. Working to fix identified holes in an organization's security strategy requires a level of focused analysis and evaluation, so experts must exhibit superior skills to solve complex and intricate problems.
If your cybersecurity expert is only identifying problems in your organization and not helping you resolve them, your company may need to solve a new problem - finding a more efficient security professional.
4) Team Players vs. Lone Wolves
Cybersecurity experts may be the industry's rock stars, but they shouldn't perform as the solo act.
The role of a security professional is to work cooperatively with a company's top executives to create a strategy that is relevant and comprehensible throughout the enterprise. A proficient security expert values client communications that strengthen a corporate strategy.
A top cybersecurity expert should be able to take the confusing topics on Internet security and make them clear. With extensive experience, training and aptitude, they will successfully help your company navigate the technical landscape, identify the key areas of focus, and explain them in common terms.
Security professionals will understand that one size does not fit all and a cookie cutter approach to security does not scale in this current age of complexity; rather, they should be able to quickly narrow down the solution space to create a cost effective solution for your organization.
About Dr. Eric Cole
Dr. Eric Cole is CEO of Secure Anchor, former CTO of McAfee and Lockheed Martin, member of the Commission on Cyber Security for President Obama, the security advisor for Bill Gates and his family, and author of a new book, Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet.