Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSectorsSecurity Leadership and ManagementCybersecurity NewsHospitals & Medical Centers

Insider Tips for Building Your Cybersecurity Team

Don’t allow your biggest security vulnerability to be your lack of cybersecurity talent.

By Tim McIntyre
Insider Tips for Building Your Cybersecurity Team
Tim McIntyre

Tim McIntyre

Insider Tips for Building Your Cybersecurity Team
Tim McIntyre
March 1, 2017

Today’s center of gravity in cybersecurity is shifting, pulling the skills and experience of cyber defenders in new directions. In most companies, this situation has led to a convergence of responsibilities between physical security, information security and cybersecurity teams, and an increased commitment to “staffing-up” of dedicated “cyber defenders.”

Unfortunately, this is easier said than done. Supply of cybersecurity specialists has lagged demand for the past eight years. In fact, an analysis of data from the Bureau of Labor Statistics indicates that nearly a quarter of a million cybersecurity jobs went unfilled in 2015, and that figure will continue heading upward for the foreseeable future. How does an employer attract qualified talent in such a competitive marketplace?

For starters, try building your brand as “an employer of choice” for cybersecurity. A good starting point is being able to demonstrate an investment in the most current tools and technologies, including endpoint detection and response, patch management and threat intelligence software. Dedicated cybersecurity professionals will want to see that your company appreciates the need for cyber strategies beyond signature analysis, and is making use of tools that give better visibility into the behavior of threat actors. And senior leaders will need to see a financial and operational commitment to spending on human capital.

Here are some other creative approaches: 1) Don’t be limited by geography. Instead, hire your cybersecurity team where they live and allow them to work remotely. This allows you to broaden your pool and truly consider the best of the best; it also encourages loyalty to you for your willingness to provide that flexibility and trust. 2) As part of your offer, ‘‘give’’ cybersecurity hires independent time to work on “whatever they want” for a percentage of their schedule (5 to 10 percent). This will attract creative types who might use the time to solve arcane security issues you didn’t even know you had. 3) Actively promote a gender diverse workforce. Women currently comprise a small minority (11 percent) within the field of cybersecurity. For them, if given a choice of employers, the companies that demonstrate a supportive culture will have a leg up on the competition. Working moms in cybersecurity are seeking environments where they can go beyond pen-testing and intrusion detection. In my experience, they want to be mentored and learn leadership and management skills.

You might also want to consider rethinking the educational prerequisites for some positions. Perhaps candidates need not have a bachelor’s degree if they possess a CISSP certification, considered by many to be “the gold standard” of InfoSec certifications. Because CISPP certification speaks to extensive experience and training, you can spend more time probing for other requirements, like communications skills, how they get along as part of a team, how they manage their time and handle task management. 

Although not as prestigious, there are also alternatives to the CISSP. These include CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor) and OSCP (Offensive Security Certified Professional).

When hiring for senior roles, like CISO, it’s tempting to err on the side of the overly technical. My advice is “don’t.” You may think that hiring a technical guru of your own is the best way to outsmart offending hackers, but at the highest level, you need to hire a great listener who can prioritize when a breach is discovered. (I’ve been amazed at what History or Music majors have done in these roles!) In a crisis situation, you will want someone in command who – instead of reading a list of vulnerabilities to executives – will focus on the company’s most treasured assets like master passwords with admin privileges, sensitive customer data and corporate secrets. Above all, a CISO must be able to provide leadership and communicate insight with a cool head, yet a sense of urgency.

You also want to steer clear of stereotypical “security geeks” when hiring the core of your team, and instead look for personality types who are puzzle solvers with a bit of rebellious flair. These analysts, who look and act differently than more mainstream candidates, tend to be highly motivated and can set a compelling direction for the entire department.

How do you find this type of talent in today’s hypercompetitive job market? First and foremost, you need access to the right talent pool. Hiring a recruitment firm that specializes in cybersecurity will give you access to established networks in cybersecurity and the InfoSec community, and allow you to tap candidates that may not be actively job seeking. In addition, a firm with cybersecurity expertise will best be able to act as your brand ambassador and brand builder to these candidates, portraying opportunities at your company in a context they will appreciate. The expense related to the recruitment of top cybersecurity talent should not be thought of in terms of fixed budgets, but rather in terms of how much your company is willing to risk, in losses, if a breach occurs.

The truth of the matter is that the majority of U.S. businesses and organizations are ill prepared. Most breaches go undetected for an average of 200 days; that’s 200 days during which “the barbarians have been in your castle.”

When that happens, you are left to rely on the raw talent and discipline of your team and their ability to remediate in light of a software system failure. At that critical juncture, you certainly don’t want your biggest security vulnerability to be your talent.

That’s why employers clearly need to invest in hiring, training and challenging cybersecurity teams – because the most dangerous cyber threats are the hardest to find, and so is the top security talent. Companies who ignore the gravity of funding this commitment to talent acquisition do so at their own peril.

KEYWORDS: cyber security careers diversity in security security career security risk management security talent gap

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tim McIntyre is the Founder and Principal of The Executive Search Group, a boutique search firm specializing in the recruitment of senior-level cybersecurity, InfoSec and technology professionals. https://www.theexecutivesearchgroup.com

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • insider threats-freepik

    3 tips for stopping the next insider attack

    See More
  • Cultivate Your Next Cybersecurity Team Security Magazine November 2017

    Cultivating Your Next Cybersecurity Team

    See More
  • phishing-freepik1170x658v4.jpg

    5 tips for building a positive anti-phishing behavior management program

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing