Organisations can help to fill the cyber security skills gap by casting their recruitment net wider, according to a discussion panel at the (ISC) 2 Emea Congress 2016 in Dublin.
“The security industry has a very narrow definition of an information security professional,” said independent security consultant Brian Honan .
“The industry needs not only traditional security people with technical skills but also people with skills in business management, public relations, sales and marketing,” he said.
There needs to be a clearer pathway into the information security profession for people with these and other so-called “soft skills” said Jessica Barker , an independent cyber security consultant.
“From experience, I know there is no clear way into the industry for someone who has a background in sociology or human behaviour,” she said.
Richard Nealon , a member of the International Information System Security Certification Consortium , or (ISC) 2 , board of directors said organisations need to approach information security recruitment differently.
Instead of focusing on qualifications, he said organisations should focus on what they need people to do, and then look for talented people in other areas who fit that requirement, regardless of their age or gender.
“Recruitment should also be about finding the person who has the right range of skills to do a particular job, which is particularly relevant when recruiting security leaders, who typically are not technical specialists in any one area,” he said.
Some lateral thinking by recruiters is required, said Ade McCormack, digital strategist. “They should look for people on the periphery of security, where there is often some overlap and a fairly high degree of understanding of the challenges and environment, and encourage them to consider committing to a career in security,” he said.
Barker said the unwillingness to draw from a wider pool of talent means organisations end up recruiting people from the ranks of those who have in some senses failed to address the problem.
“Some people wear 20 or 30 years’ experience as a badge of honour, but the problem has not been solved in that time and, while experience is important, we need fresh ways of thinking too, so organisations should be looking to combine experience with innovative thinking ,” she said.
© Source: http://www.computerweekly.com/news/450401311/Information-security-needs-to-cast-recruitment-net-wider-says-panel
All rights are reserved and belongs to a source media.