Finding Security Professionals With The CISO Hiring Guide Series

As modern threats evolve in sophistication and networks become more distributed, it is more important than ever that organizations of all sizes have a cybersecurity resource strategy in place. While SMB organizations may elect to work with partners or managed security service providers (MSSPs), many larger organizations seek to outfit their teams with experienced security professionals who can protect their networks while enabling digital initiatives.

However, finding such talent has become a challenge due to the cybersecurity skills gap.

Because of the expanding attack surface and proliferation of point security products and solutions, demand for security professionals has steadily increased just at the time when the shortage of available experienced security talent has never been greater. Currently, 22 percent of security leaders say their security teams are too small for their organization, and according to a recent workforce development survey, 59% of organizations have unfilled cybersecurity positions. And the analyst group Frost & Sullivan is forecasting a shortfall of 1.5 million cybersecurity professionals by 2020.

Finding security professionals with the CISO Hiring Guide Series

For CISOs to effectively compete in this employee marketplace, they need to understand and implement best practices for finding and engaging security professionals. Data shows that jobseekers spend fewer than 60 seconds reading a job description before deciding if it is a good opportunity and fit. To help CISOs navigate this process and ensure that the right candidates are attracted to their job postings, Fortinet developed the CISO Hiring Guide Series. These guides cover strategies and best practices for writing effective job descriptions, job posting strategies, candidate screening, interviewing, vetting, onboarding, and retention.

Ultimately, these guides are designed to help CISOs manage risk more effectively by finding, hiring, and retaining top- and hard-to-find cybersecurity talent. 

Attracting top talent for your essential security positions

As CISOs aim to minimize risk to their network, they should first focus on filling key security positions. When drafting listings, they must leverage best practices that include proper key words and language that will attract the right—and best—candidates, along with optimal description length, and specificity, etc. For example, CISOs should keep the job summary under 100 words, keep bullet point lists to 5-6 points, break up postings with subheadings, and list specifics when referring to hard and soft skillsets.

Here are some descriptions of the requirements that C-suites and CISOs should include when seeking to fill these roles within the context of the modern threat landscape.

• Chief Information Security Officer - First, organizations must employ an experienced and effective CISO who is charged with building out the rest of the security team. The CISO must enable business and digital transformation through the effective use of security, with an eye toward cost-effectiveness and efficiency. An important function of the CISO is to work alongside the Chief Compliance Officer and General Counsel to ensure the organization operates within the standards set by various regulatory bodies. Ultimately, the CISO/CSO is responsible for the long-term security strategy of the organization, managing the budget and communicating with the C-suite and board on security KPIs and updates. The ideal candidate for this position will have 10 or more years of security experience and CISSP certification, in addition to having established broad relationships with other security professionals and organizations. 
• Cybersecurity Architect - The Cybersecurity Architect plays an important strategic and tactical role within the organization, especially as security evolves to meet modern needs. To that end, the security architect is responsible for designing, implementing, and managing next-generation security deployments. This individual must work across lines of business to ensure that digital business enablement meets security requirements. As such, architects must be highly collaborative and well versed in engagement models such as DACI and RACI. The ideal candidate will have 10+ years of experience and possess hands-on knowledge of firewalls, IDS/IPS, log management, security solution integration and interoperability, and network device troubleshooting.
• VP/Director of Network Engineering/Network Operations - Typically reporting to the CIO or the VP of IT Infrastructure, the Head of Network Engineering and Operations plays a key role in business enablement as well as security. This role requires a unique combination of hard technical skills, as well as soft skills like leadership and entrepreneurship. The selected candidate will need a clear understanding of the networking hardware and software deployed within the organization, and how they interoperate. This candidate should ideally have at least eight years of network engineering and operations experience, including six years of business management.

Additional role descriptions include:

• Cybersecurity Administrator 
• Cybersecurity Engineer 
• Penetration Tester 
• Director of IT Security 
• Security Operations Manager/Director 
• Network Operations Manager/Director 
• Cyber Incident Response Specialist

Final Thoughts 

Locating and hiring these essential security team members can be a challenge. What’s more, once a team is established, CISOs must ensure that these individuals can work together in an integrated way across distributed networks to minimize the use of siloed, disparate solutions. Leveraging an integrated, architectural approach to security ensures that all of these team members receive the same information at the same time, thereby simplifying management of the NOC and SOC.

As CISOs and other C-level executives seek to outfit their organizations with security talent in the midst of the current cybersecurity skills shortage, they must pay close attention to how they engage with prospects. Starting with an effective, specific job listing and moving through the interview process with specific goals and objectives, CISOs can rely on the Hiring Guide Series to help find and attract those candidates with the necessary skillsets to fill each of these core positions.

Explore The CISO Collective - an online content hub and mobile application that provides CISOs with one stop to find the most relevant news and information to enable them to be more effective in their roles.