The lack of specialised personnel in the IT branch has been a reason for worries in many enterprises for a long time, all over the world. In cyber security, the issue brings great headaches. There is a concrete risk of not being prepared enough against cyber attacks; and you know what this could mean… The problem is everywhere, and extends to InfoGuard too. So how can we fulfil our needs? What are the true challenges, when hiring new staff? We spill the beans on how InfoGuard, one of the leading cyber security specialists, handles the issue!
Mathias Fuchs, Head of Cyber Defence at InfoGuard, is always scouting for new talents to push the CDC ever more ahead. In this interview he explains which are the most important aspects in recruiting, where are the challenges, and how does he find the right people.
Mathias, can you tell us where are the greatest challenges for you, today, as head of cyber defence at InfoGuard?
I believe that nowadays they are not (only) in the most complex attacks, new technologies or demanding clients. Most of all I’m worried for the lack of a suitable, talented new generation. It’s the only thing that can bring businesses ahead, in the field of cyber security.
And despite the budgets growing ever more generous, recruiting is turning harder. A study by Frost & Sullivan, commissioned by (ISC)², has estimated that in 2020 there will be a lack of 1.5 million positions in cyber security, at global level. Some may find this overstated, I don’t waste a second in doubting it.
What should businesses offer, if they want to attract potential good staff?
For a start, there is no such thing as THE ideal employee; it is always a matter of team play between employer and employee. Success in the talent hunt only comes to the company who offers more, and this doesn’t just mean a good salary: satisfaction in the job comes first. There are things like the challenges and self-realisation that the job offers, the corporate culture, or the feeling of being able to bring some contribution to the success of the company. In my experience, these things work much better in smaller enterprises than they do in larger ones.
What is the correct training for a career in cyber security?
I don’t think there is a single optimal path – not in IT in general, nor specifically in our branch. Whatever training does one choose, be it university, polytechnic, general or specialised training, one can only learn the basics of specific given tools and strategies. In my eyes, the people with the highest value are those who can adapt themselves fast, find creative solutions, and who have a certain degree of tolerance towards frustration. I think the most important feature in a cyber security person is curiosity, followed by creativity and the drive to go right to the bottom of things. There is no school that teaches all that. Some information technology training does indeed help understand specific dependencies; but it is not a mandatory requirement.
This is a bit like the “golden hammer” problem: if you only have a hammer, then every problem looks like a nail; but then, it’s much better to have someone who brings along a whole tool box. Better still is when someone has never heard of hammers or screwdrivers, but has the rare skill of building the right tool for the job. These are the people we look for, at InfoGuard.
Where do you go look for talents then?
Our cooperation with universities and polytechnics helps a lot. We have the opportunity of making ourselves known by their students, and we make sure that potential candidates get to know us.
We also recruit within our own departments. Soon we will take up an experienced pentester into the CDC-team, and at the same time, employees from other departments switch to the pentesting department. I think it is extremely important that people doing incident response and top-rung CDC-employees also have experience in the field of attacks.
We have a relatively new strategy, in challenging employees to a sort of small “Capture the Flag” games. It helps us identify talents from outside of our IT staff. By now, not all tasks require IT knowledge to be performed, and this opens the doors to lateral thinkers – which can be interesting for us. Finally, we also train a lot of apprentices, and they have great potential too.
Let’s talk about experience. How important is it when you’re hiring?
There can be no doubt that it is very important. However, teams consisting only of experienced forensic experts and analysts are not always very performant. I believe that the recipe for success in this case is a healthy mix. Experienced specialists take responsibility as mentors; they should support the youngest, without conditioning them to think exactly like themselves. Listening and understanding is much more important than just doing knowledge transfer. But finding such employees is hard.
What can an enterprise do, if they can’t find adequate cyber security experts?
With the remarkable shortage of experienced personnel, enterprises are well advised to get external help. Nowadays there are specialists like InfoGuard, and finding good help is no longer a problem. It is also a good idea from a financial standpoint: the expense is much smaller. Not only do external cyber security experts bring along their wide experience; they also contribute their know-how from a wide number of domains and fields, which is an additional plus. The ideal is to find a provider, who covers all fields of cyber security; so that whenever new problems or challenges show up, the reaction is faster. Another option is moving staff from within the same enterprise, or shift people who have knowledge that is not related to their everyday activity. These tasks can be taken up by the same partner.
InfoGuard covers all fields of cyber security: from consulting, to our offering of several network and data security solution, to the development of secure network infrastructure, all the way to our Cyber Defence Services. Our workforce of around 100 employees protect our clients’ data – the crown jewels of any enterprise – and guarantee top cyber protection.
In our testimonial report you will find a selection of successful customer projects, so that you can get the idea of how we can help you too. Or contact us directly – we will be pleased to assist you!
...by the way: we hire continuously! Are you in the cyber security field, are you looking for a new challenge? We offer not just exciting and challenging activities, but also an environment in which culture and satisfaction, and the promotion of our employees, are at the top. Look up our open posts, or send your resume of your own initiative. Take your career one step ahead, and join InfoGuard! Soon your picture could be in our employee gallery…