In today’s digital landscape, finding a manager to lead cybersecurity projects and a team of security consultants requires a strategic approach. In this article, we will talk about multiple factors that can contribute to finding a good hiring manager for cyber security jobs. Below are the points we need to consider in this regard
- Defining our requirements for the role of hiring manager
- Searching for profiles on professional networks
- Utilising job boards or recruitment platforms
- Attending conferences and events
- Conducting a proper interview process
- Offering competitive compensation
Let’s talk through each to understand in depth.
Defining the Roles & Responsibilities
The crucial part of this process is to determine the role of the manager. The managers should have the following skills:
- Strong technical background
- Proven leaders to lead the way
In today’s fast-paced digital era, managers must not only excel in managerial duties but also possess strong technical expertise. As threat actors continuously update their tools and techniques to perform advanced attacks, it’s crucial for managers to stay current with new technologies. Ideally, managers should have a background in security projects, such as penetration testing or working in a SOC team, to effectively guide and lead their teams. The person who was working on some security project, can better understand the technicalities and guide the team accordingly. They must also focus on organisational improvement by collecting relevant metrics and fostering a professional and effective communication environment within and across teams.
Using Professional Networks
A very important step in the process of hiring a manager is to harness the power of professional social platforms. The top one from the list is LinkedIn. Check the website here.
LinkedIn is a powerful professional networking platform widely used for job searching and recruitment. To find potential candidates on LinkedIn, we can do the following.
- Start by using the search feature to look for individuals with the specific skills and experience you need. For example, you can search for “cybersecurity manager” or “penetration testing expert” to find profiles that match your requirements.
In the above search, we can see that a simple word search brought up 183,000 results for the people category. We can also filter the results based on location, companies etc to filter out some profiles for our use case.
- Paste job listings on LinkedIn which is also highly effective, as it allows your job openings to reach a large, targeted audience. Below is the example of pasting a job in very simple steps
- Leveraging your connections for referrals can help identify strong candidates. You can ask trusted colleagues or industry contacts if they know anyone who would be a good fit for your team. This approach not only broadens your reach but also adds a layer of credibility to the recruitment process because you can get candidates whose work history is known by your circle.
Utilising Job Boards
Utilizing job boards and recruitment platforms is a crucial step in finding the right manager for your cybersecurity team. By posting job listings on these platforms, you can reach a wide audience of potential candidates with the specific skills and experience you need. Below are the few platforms where we can find good candidates for the position of cyber security manager.
- CyberSecJobs is a specialised job board dedicated to cybersecurity positions, ensuring your listing is seen by professionals in the field.
- Indeed and Glassdoor are popular job boards with a vast pool of candidates from various industries, providing a broad range of potential hires. We can also start a community thread on glassdoor to get attention of the individuals looking for an opportunity. Below is the example of how we can post a job on Indeed. The process starts from creating company details and then follows on.
- Dice is a tech-focused job board, ideal for finding candidates with strong technical backgrounds.
- SimplyHired: A job search engine that aggregates listings from various job boards, increasing the visibility of your job posting.
Additionally, consider partnering with recruitment agencies that specialize in cybersecurity and IT roles. These agencies often have access to a pool of qualified candidates and can expedite the hiring process, ensuring you find the best fit for your team.
Attending Conferences and Events
Attending industry conferences and events is an essential strategy for finding top talent in cybersecurity. These gatherings provide opportunities to network with professionals, stay updated on the latest trends, and identify potential candidates. Here are some notable events to consider:
- Black Hat: A leading information security conference that attracts experts from around the globe.
- DEF CON: One of the world’s largest hacker conventions where you can meet highly skilled security professionals.
- RSA Conference: A major event for cybersecurity professionals that offers insights into emerging threats and solutions.
- OWASP Global AppSec: Focuses on application security.
- Infosecurity Europe: One of the largest cybersecurity conferences in Europe.
Participating in these events helps you connect with skilled individuals and enhances your recruitment efforts.
Assessing Qualification and Skills
After collecting individual data, it’s time to assess candidates based on their qualifications, past projects, and skills. In an era where threat actors continuously evolve to find new threat vectors, cybersecurity experts must also stay updated to effectively counter these threats. Many renowned industry players offer cybersecurity certifications that can enhance a candidate’s credibility for the hiring position. Below are some of the most popular certifications in this domain
Popular Cyber Security Certifications
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- GIAC Security Essentials Certification (GSEC)
- Systems Security Certified Practitioner (SSCP)
- Offensive Security Certified Professional (OSCP)
Evaluating candidates with these certifications can provide a reliable measure of their capabilities and readiness to address current cybersecurity challenges. While legitimate credentials are important, it’s equally crucial to assess candidates’ practical knowledge. A popular method for doing this is by using live labs, where candidates are asked to collect flags within a given period of time. This approach helps gauge their hands-on skills and problem-solving abilities. To design such labs, you can refer to platforms like:
- TryHackMe: Offers a variety of cybersecurity challenges and labs that simulate real-world scenarios.
- HackTheBox: Provides a range of virtual environments where candidates can practice ethical hacking and penetration testing.
Additionally, platforms that assist in practical assessments include:
- HackerRank: Provides coding challenges and technical assessments tailored to cybersecurity skills.
- iMocha: Offers a wide range of skill assessments, including cybersecurity-specific tests.
- TestGorilla: Provides customisable tests to evaluate technical and practical skills in cybersecurity.
Utilising these tools and platforms ensures a comprehensive evaluation of candidates, combining both their theoretical knowledge and practical expertise. Similarly, it is important to assess the candidate’s previous work experience. For instance, if hiring for an audit firm, consider candidates who have worked in this domain. Professionals with a background in penetration testing alone may not be equipped to handle projects involving the auditing of firms for security practices. Reviewing past projects and relevant experience ensures the candidate’s suitability for the specific requirements of the role.
Offering Competitive Compensation
Lastly, as the cybersecurity market is highly competitive, attracting top talent can be challenging. Offering competitive compensation is crucial when you find a candidate who is genuinely perfect for the role. Providing attractive benefits will help retain them and keep them engaged. It’s also important to offer growth opportunities to ensure they feel they are advancing in their careers. By considering these points, along with the strategies mentioned above, you can successfully find and retain a skilled manager for your cybersecurity projects.