Cyber pros must embrace non-traditional backgrounds in security recruitment

June 6, 2023
The cyber industry must tailor new mentoring paths to train a new generation of professionals

The cybersecurity landscape has evolved significantly in recent years, with threats becoming more sophisticated and the demand for skilled professionals skyrocketing. The days of relying on certifications and well-crafted technical tests to find top talent in cybersecurity are long gone.

Instead, exceptional cybersecurity professionals' true value lies in their knowledge and skills, which can take time to pinpoint. Exploring adjacent fields and focusing on potential is essential when searching for these future experts. 

Addressing the Cybersecurity Talent Gap

The current state of the cybersecurity industry reveals a pressing issue: a talent shortage of unprecedented proportions, with millions of positions left unfilled across the globe. This scarcity of skilled professionals has put many organizations in a vulnerable position as they grapple with defending against an ever-growing landscape of cyber threats. These threats, which are continuously evolving in complexity and scale, demand the expertise of knowledgeable cybersecurity specialists.

To tackle this immense challenge and bridge the talent gap, recruiters must be willing to adapt their hiring strategies. One approach involves considering candidates from non-traditional backgrounds who may possess the necessary skills and knowledge to excel in cybersecurity. By looking beyond traditional academic and professional qualifications, recruiters can tap into a wider talent pool, including individuals from diverse educational, professional, and personal backgrounds. These candidates may have experience in related fields, such as software development or data analysis. They may also have acquired cybersecurity skills through alternative means, such as self-learning or certification programs.

Leveraging Transferable Skills

Many candidates with non-traditional backgrounds possess transferable skills that can be highly valuable in cybersecurity. For example, individuals with experience in psychology, sociology, or communication may excel in social engineering prevention. Candidates with a mathematics or data analytics background can bring valuable insights to threat analysis and risk assessment. Professionals with experience in project management, legal, or regulatory fields can contribute to cybersecurity policy development and implementation.

By hiring diverse-skill candidates, organizations can create a well-rounded cybersecurity team to address threats from multiple angles.

Additionally, consider “scrappers," people who haven't followed traditional pathways into cybersecurity. These self-taught, motivated, and adaptable individuals can quickly learn on the job and often bring unique skill sets that energize a team. As someone who studied anthropology in university and only later entered IT, risk management, and cybersecurity, I can attest to the importance of giving opportunities to those who show potential, even if they lack formal training or certifications.

Encouraging Innovative Problem Solving

The cybersecurity landscape must keep up with the rapid pace of change. Examples of challenges facing today's cybersecurity workers include:

  • Cyber attackers are adaptive and often change their tactics to bypass security measures. 
  • Each organization faces unique cybersecurity challenges due to differences in infrastructure, business objectives, and risk tolerance.
  • Regulatory and compliance requirements raise the complexity around developing solutions. 

Candidates with non-traditional backgrounds bring fresh perspectives and new ways of thinking, encouraging innovative problem-solving strategies. In addition, their unique viewpoints can help challenge conventional wisdom and foster out-of-the-box ideas, which is crucial for developing novel solutions to complex cybersecurity challenges.

Enhancing Communication and Collaboration

As cyber threats grow in sophistication and prevalence, organizations must adopt a holistic approach to their defenses, integrating various departments and functions.

Candidates with non-traditional backgrounds can help bridge the gap between technical and non-technical teams, fostering effective communication and collaboration. Their ability to understand and articulate complex concepts in layperson's terms can help ensure all stakeholders are on the same page when implementing cybersecurity measures.

A Gartner study estimated that 95% of cloud security failures are due to human error. Additionally, there have been recent calls by cybersecurity providers to start training their customers. In nearly every situation, an extra layer of safeguarding against misunderstanding is beneficial. Having professionals with excellent communication skills helps keep best cybersecurity practices top of mind for everyone across the organization, highlighting what’s working well and where the company can improve.

Promoting a Diverse and Inclusive Workforce

Diversity and inclusion drive innovation and foster a positive work environment. By considering candidates with non-traditional backgrounds, recruiters help promote a diverse and inclusive workforce within the cybersecurity industry. Research has shown that varied teams are more likely to develop innovative solutions and outperform their homogeneous counterparts.

A workforce with different backgrounds can also help organizations better understand and cater to the needs of varying customers, stakeholders, and communities, ultimately leading to stronger decision-making and business outcomes.

Avoid Filtering out Exceptional Candidates 

To avoid unintentionally narrowing your candidate pool:

  1. Address familiarity and unconscious biases that can permeate the hiring process and hinder your chances of finding the right fit.
  2. Reevaluate your list of candidate requirements and determine what they represent regarding desired capabilities.
  3. Consider unconventional methods for identifying and verifying these qualities in candidates and expand your search to include individuals from diverse fields that require critical and systemic thinking.

To mitigate unconscious bias, remove personally identifying information from resumes during the review period. Craft job descriptions that avoid gendered language, which can deter diverse applicants. This Gender Decoder tool is a helpful resource.  

Reflect on your organization's hiring practices ensuring you prioritize the most qualified candidates with the right skill sets. If your workforce needs diversity, it may be time to reevaluate your approach. Continuously assess your hiring methods to foster an organization that thrives on its diverse mindsets, backgrounds, and experiences.

Time to Shift the Recruitment Approach 

Obtaining a college degree or specific qualification certifications is optional for a prosperous career in the cybersecurity field. Instead, innate passion, intelligence, and hard work contribute significantly to an individual's ability to excel in this domain. The cybersecurity industry should broaden its horizons in seeking potential candidates, emphasizing the search for individuals who possess invaluable characteristics such as curiosity, ambition, and the ability to remain resilient under pressure.

By prioritizing these qualities in prospective employees, companies can tap into a wider talent pool that may have been overlooked due to traditional education and certification requirements. This approach can lead to discovering passionate and motivated individuals who can become exceptional contributors to the cybersecurity workforce with the proper guidance and training.

The industry must invest in providing comprehensive training and mentoring programs tailored to their unique skill sets and interests. These programs should not only teach technical skills but also cultivate problem-solving capabilities, critical thinking, and adaptability, which are essential for success in cybersecurity.

With a more modern approach, the cybersecurity industry can foster a new generation of professionals who can excel in a wide array of roles and contribute to the overall protection and resilience of the digital landscape.

About the author: Melissa Cohoe is a second-generation IT professional with over fifteen years of experience in a variety of roles, including Risk Management Consulting, General Manager of Professional Services, Application Management, Development Management, and Event Management, IT Disaster Recovery, and IT Risk Management.  At NewRocket, she is the Global Practice for Security, Risk, & Resilience with responsibility for innovation and efficient delivery of Risk, Resiliency, and Security programs at New Rocket.
About the Author

Melissa Cohoe

Melissa Cohoe is a second-generation IT professional with over fifteen years’ experience in a variety of roles, including Risk Management Consulting, General Manager of Professional Services, Application Management, Development Management, and Event Management, IT Disaster Recovery, and IT Risk Management.  At NewRocket, she is the Global Practice for Security, Risk, & Resilience with responsibility for innovation and efficient delivery of Risk, Resiliency, and Security programs at New Rocket.