You’ve probably heard about the cyber security talent gap by now.
Companies are having a hard time filling their open cyber security positions which is forcing them to get creative in how they recruit and evaluate applicants. However, based on conversations I have had and the experience of placing hundreds of career changers into these IT/cyber security roles, I know this is not always due to a lack of talent.
Yes, there is huge dissonance between hiring manager expectations and the applicant pool.
I have heard both sides. Hiring managers are limited by their capacity to train and onboard new talent, yet they want to fill their open seats and scale teams accordingly. There are usually other forces limiting their hiring budget.
Everyone asks for a “swiss army knife” with 10+ years of experience that will work for $20–30 per hour and 60+ hours per week. It is incredibly unlikely that they will find this person. Instead, cyber security hiring has become a slow trickle of talent as they work to balance training capacity, budget, and day-to-day workload.
Cyber security in most companies is a measure to reduce risk in various areas of business and technical operations.
Security as a service is still an emerging trend and is only recently a viable business model. Few of these companies are fully mature and still rely on a lot of effort from a few people. Hopefully they shape up in the future.
Companies that rely solely on technical skills, education, and experience requirements are bound to be disappointed.
Usually, employers come to Flatiron School when they realize their hiring campaign is not working. Many do a poor job of properly educating the applicant where his or her full range of skills are best valued in a team. This means a lot of roles (and titles) are so new that perfectly viable candidates may not even find them.
From the hiring manager’s perspective, companies that should ideally have 30–50 people in their security teams may be hovering around 5–10 people doing the work of that respective number of people.
There just is not enough funding for security. So where is the compromise?
The true middle ground in security talent and hiring is finding candidates with risk-mitigating factors. The risk here refers to the dozens of variables that prevent you as a candidate from being an effective, trainable, manageable, happy, or affordable employee.
To reduce as much risk as possible to an employer considering them as a candidate, Flatiron School students get creative in using their prior experience and “soft skills” to fill unique niches within each company and make themselves as versatile as possible. Soft skills and culture-matching reduce risk. In addition to the hands-on, lab, and capstone-based training our students receive, career changers who leverage the following soft skills are most likely to stand out from the talent pool and be effective from day one.
The key soft skills to succeed in a cyber security career:
Skills that show you can successfully identify needs and follow-through with an appropriate solution. In what ways have you contributed to customer service in the past?
Communication / Active Listening
Written and verbal communication with management/stakeholders is a daily activity and expectation. Listening/following directions is just as important. Communication is especially important for compliance analysts, who need to consistently communicate with other teams the current risks teams are facing.
Presenting/defending a complex concept in layman’s terms. As a security analyst, you may be expected to deliver presentations to groups of stakeholders and executives.
Managing time, people, assets, projects, etc is a regular part of the job.
Your background lends a unique skill set to the team’s ability to solve new problems… How? It’s important to be able to establish and/or follow a procedure for troubleshooting.
Persuasion / Influence / Charisma
The ability to convince others your viewpoint has value. Can you show evidence of this over time? Think sales/management experience and gaining increased responsibility throughout your career.
What aspects of the job will keep you around? Employers are looking for people who will lend long-term stability to their workforce.
Are you able to admit when you’re wrong? are you capable of asking for help?
Sense of Humor
Are you a person who can make others laugh at appropriate times? This is a good sign of your resiliency and ability to work with others.
Can you work on your own as demonstrated by past experience?
What kind of leader are you? How do you interact with others on your team?
Can you solve a problem using known logic and/or follow a methodology for interpreting new problems?
Philosophy / Frameworks
Cyber security is full of professional organizations and regulatory bodies that inform and standardize methods for solving problems in their industry. Are you knowledgeable of a key framework, compliance, and/or industrial controls? Ex: Lockheed Martin Kill Chain, OSI Model, PCI-DSS, OWASP Top 10, MITRE ATT&CK, HIPAA, FedRamp, SOX, etc.This is especially important for cyber security engineering roles.
People who exercise creativity in problem-solving can diversify team problem-solving methods. Creative people thrive in cyber threat analyst roles.
Following a procedure of uncovering and documenting new information. Have you written articles, publications, or performed research in another discipline? Do you have a “home lab” where you can test out new skills?
Research is a key component for all pen testers, who need to stay diligent to understand how to trap new types of attacks.
Security professionals are expected to read up on trends and vulnerabilities so they can quickly adapt and apply skills gained in new contexts.
Think you have these skills and now just need the technical skills to start a career in cyber security? Enroll in our less technical analytics or more technical engineering programs and start your new future.