If you’re a security leader with open positions, where do you find qualified people?
For many, it’s a struggle. Maybe it’s a challenge you’re working through. Have you ever wished you could tap into a pipeline of people with the skills and experience you needed?
What about for those interested in security? How do they get their start and gain the experience they need to get hired?
Turns out they struggle, too.
I'm a bit outspoken on the perception of a shortage. A result of writing and speaking on the issue is the chance to connect with those seeking positions. They voice frustration at the lack of internships. Concern over the lack of a clear way to gain experience and visibility.
Some question if a shortage actually exists. After all, if we have a shortage, isn’t it in our best interest to hire and train the folks knocking on our doors?
On the flip side, many of the CISOs vexed to find qualified people shared an interesting finding. Many of the applicants look good on paper. But they lack the practical experience necessary for even an entry level position. "Book smart" candidates lack the "hands on keyboard" essential for success.
Looking at both sides prompts a question: what is the pathway for people to get started in security?
What are we looking for anyway?
One of the challenges is defining what a security professional is. Two decades ago, it was easier. You asked too many questions or expressed an interest. Some people even considered security a career limiting choice. A smaller community made it possible to gain a sense of others in the field.
We didn't define the requirements because it wasn't necessary. A lot of the folks in leadership positions got their start anywhere but security. We pursued other trades, crafts, and skills. But those skills combined with the right mindset set us up for success.
Security felt more like a calling. I used to joke that our brains were “5 degrees out of phase.” Maybe it’s true.
Security today is different. Now we have specialities and subspecialties. We have certifications. We have courses in school, college degrees, and advanced degrees.
Yet we continue to avoid defining what a security professional is.
What are we looking for? Is experience the defining factor? What if we look beyond experience? What are the aptitudes, attitudes, and skills that lead to success in the field of security?
What makes for a competent security professional - even if they don’t yet have experience? The struggle to define what we’re looking for makes finding it elusive.
Is that a shortage? Or is it an opportunity?
Experience that counts (and works both ways)
Even if we downplay the importance of experience, it matters. Typical job postings list an impressive depth and breath of required experience. All for an entry level position.
Experience is a challenge. How do you find someone with the precise experience you need?
At a lunch today, a colleague quipped, “The problem is that everyone claims to be an expert. In my experience, maybe 1 in 10 actually is. Sometimes, you don’t find out what someone can do until with work with them for a while.”
Even if someone claims to have the experience you seek, how many times has it not quite worked out?
Perhaps we need to ask a different question. Start with "How can we create opportunities for people to gain the experience we seek?”
Creating these opportunities offers a chance to mentor people. Beyond the growth that comes from mentoring, it doubles as an extended evaluation. You gain better insight into what someone can actually do over what interviews reveal.
Beyond internships and other traditional pathways, what about getting involved in your community? States are providing programs to introduce children to "tech" related skills. These efforts focus on coding, IT skills, and even security. Now we have competitions for high school and college students.
These programs crave mentors with real experience to share.
Is this a hidden opportunity?
Developing the talent we need
Security leaders experience stress and pressure no other leader faces. It's hard to find the support needed to develop leadership with the insight of security.
The same challenge extends to developing our teams. Maybe that’s contributing to our perception of the shortage.
When we find someone with the right qualities but not enough experience, how do we train them up? Most of us got thrown into the fire. We learned on the job. Sometimes our mistakes were the most valuable lessons.
While that method works, is it the right path for the future? Are we investing enough to define the common elements of success? Is there a better way to provide the training and development we need?
Join the conversation to advance your leadership opportunity
This is a unique opportunity. Creating a pathway works in both directions. It gives us a better sense of where to discover and nurture talent. And it allows those with the interest to learn and gain the experience they need.
We need to come together to build a better pathway. Think of it as creating a pipeline of talent. But instead of just building for the future, we engage and learn in the process. Fresh ideas and new approaches solve the "problem" of not enough people or talent.
That’s why we’re going to explore it further as part of Leading Security Change. This program draws on the experience of three security leaders, selected for their insights. It’s also a framework to guide a broader discussion.
Engage with me (@catalyst) and others on twitter using the hashtag #CSOLSC.
You're invited to take part in the series, including the live panel discussion. Ask questions and share your experience on December 9, 2015 at 2pm Eastern.
Save your spot by registering here: https://attendee.gotowebinar.com/register/1212721014164886529
Let this program guide how you lead the change we need for better security.