Chapter 1: Understanding the Hiring Landscape

Over the past year, I have been involved in interviewing candidates for two cybersecurity positions, as well as navigating my own job search. This experience prompted me to reflect on what qualities we, as an industry, value when recruiting talent. My focus here is not on technical skills but rather on the essential non-technical, often termed "soft," skills that are crucial for success.

Cybersecurity encompasses a diverse range of roles, each requiring unique skill sets. Nevertheless, I believe the following competencies are critical to consider when hiring for any cybersecurity-related position, especially if you aim to foster motivated and effective teams.

Continuous Learning and Adaptability

Cybersecurity is a rapidly evolving field. Techniques that were once regarded as best practices can quickly become obsolete. A prime example is SMS-based multi-factor authentication, which is now questioned by experts like those at Okta and Microsoft, who suggest it may be less secure than a strong password. Thus, it's vital for cybersecurity professionals to remain vigilant and adaptable to these changes.

What to look for in a candidate: Look for evidence of industry certifications and active participation in conferences and local networking events. These indicators suggest a candidate's commitment to staying informed. However, be cautious not to place too much emphasis on certifications alone; not every individual has the means to obtain them, nor does every employer support this pursuit.

Effective Communication Skills

Many roles in cybersecurity require managing the expectations and requirements of various stakeholders, including Sales, Operations, and Engineering teams. Therefore, it's essential to hire someone who can communicate clearly, professionally, and assertively.

What to look for in a candidate: Pay attention to the candidate's communication throughout the interview process. Is their resume well-organized and articulate? How do they communicate via email? Are they articulate during the conversation?

Time and Project Management Proficiency

In smaller organizations, information security tasks are rarely isolated. Team members often juggle multiple projects simultaneously, necessitating strong organizational and prioritization skills.

What to look for in a candidate: Assess a candidate's project management skills through scenario-based questions. For instance, you might ask:

• "You are responsible for implementing XYZ. What strategies would you use to manage this project?"
• "How do you organize your daily tasks when multiple projects are running concurrently?"

Consider tailoring these questions to align with your organization's specific context.

Initiative and Self-Motivation

In smaller teams, the ability to take the initiative is highly valued. It's important to hire individuals who can contribute significantly to the team's success, so look for candidates who demonstrate motivation and drive.

What to look for in a candidate: Review their past roles and the projects or initiatives they've led. Don't overlook their extracurricular activities—do they exhibit leadership in volunteer roles or community engagement?

Creative Problem-Solving

While the phrase "thinking outside the box" may sound clichéd, it is nonetheless vital in cybersecurity. Ideally, candidates should approach challenges with a security-focused mindset, identifying vulnerabilities that others might overlook.

What to look for in a candidate: Gauge their problem-solving abilities through live exercises or thoughtfully designed scenario-based questions.

The importance of each of these skills may vary based on the specific role. For instance, a customer-facing analyst should excel in communication, while back-end security analysts may prioritize analytical skills over public speaking finesse. As you evaluate these competencies, remember to consider the unique needs of your organization, as you are best equipped to determine what will lead to your team's success.

What techniques or questions do you find most effective during interviews?