Today’s business landscape requires organizations to be increasingly dependent on the strength of their cyber security teams, and understanding how to hire a legitimate expert in the field is critical. But cyber security is an industry that continues to evolve, and it is a challenge for businesses to identify unique, valuable skills for their cyber security professionals. The following guidelines should help you discern the gold from the dross:
1) Talking the Talk and Walking the Walk
Security experts hail from many backgrounds. They may have taken traditional routes, being groomed in IT departments after collecting CISSP or CISM certifications. They may have obtained a degree in computer science or some other technology field.
Alternatively, many cyber security experts also have more of a business background. They may have acquired an MBA before launching their security careers. Some have more expertise as a C-level executive than an IT professional.
Regardless of their path, successful experts should reflect a proven track record of dealing with security issues. Look for candidates with real-world applications of industry knowledge and a prospective cyber security professional. No matter what career path an expert takes, he should be able to demonstrate he's actually an expert!
2) Tailored Approaches vs. Cookie Cutter Solutions
Cyber security experts must exhibit mastery of their domain and understand how to quickly and efficiently respond to critical issues. But, each organization's pain points are unique and require customized solutions.
If a security expert is not willing to approach your company's security requirements with a tailored technique and a process that focuses on your individual needs, he is not providing the highest level of value.
3) Identify the Problem—Then Solve It!
There is a big difference between identifying a problem and solving it.
True cyber security experts are required to continually identify incidents, potential threats and risks weaving their way through a network infrastructure. But, that's only half the battle. Working to fix identified holes in an organization's security strategy requires a level of focused analysis and evaluation. Your cyber security experts must exhibit superior skills to solve complex and intricate problems.
If your cyber security expert is only identifying problems in your organization and not helping you resolve them, your company may need to solve a new problem – finding a more efficient security professional.
4) Team Players vs. Lone Wolves
Cybersecurity experts may be the industry's rock stars, but they shouldn't perform as the solo act.
The role of a cybersecurity professional is to work cooperatively with a company's top executives to create a strategy that is relevant and comprehensible throughout the enterprise. A proficient security expert values client communications that strengthen a corporate strategy.
Bottom line, a top cyber security expert should be able to take the confusing topics on Internet security and make them clear. With extensive experience, training and aptitude, they will successfully help your company navigate the technical landscape, identify the key areas of focus, and explain them in common terms. They should understand that one size does not fit all and a cookie cutter approach to security does not scale in this current age of complexity and should be able to quickly narrow down the solution space to create a cost effective solution for your organization.
Dr. Eric Cole is CEO of Secure Anchor, former CTO of McAfee and Lockheed Martin, member of the Commission on Cyber Security for President Obama, the security advisor for Bill Gates and his family, and author of a new book, Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet. For more information, please visit, www.onlinedanger.com and connect with Dr. Cole on Twitter, @drericcole.