1. Don't assume all security guys are the same!
Cyber Security is as broad as IT, possibly broader. You have database security guys, you have network security guys, you have application security guys, you have operating system security guys, you have legal security guys, risk security guys, designers, engineers, integrators, coders, security analysts, and testers. You even have security security guys. And then you have more on top.
2. Cyber Security is the same thing as both IT Security and Information Security, but IT Security and Information Security are not both the same!
Confused?? You should be! As a rule of thumb, if the role involves tech it is probably IT Security, and if the role is more business related, or around risk and processes, it is probably Information Security. Cyber Security is a term that can be used to describe either, and is really just a buzz word that has become popular in the past few years. It looks like its sticking around though.
3. You won't find someone with 5 years Darktrace experience!
Cyber Security is a fast evolving immature market sector. We are in a security tech boom. New technologies are constantly being launched. Your hiring manager is well aware of this, but that won't stop him asking for the moon on a stick! Don't be afraid to challenge new tech you've not heard of, and if like 50% of the market its been around for less than four years, ask what transferable skills you can hire. For instance for Darktrace that would be strong network analysis skills matched with IDS architecture or similar.
4. Money isn't everything!
Cyber Security is a fiercely competitive market place which has led to rising salary expectations. But precisely because it is so competitive many are actually willing to trade a current salary raise for exposure to cutting edge technology. So you might be able to get that perfect candidate on board within the band after all! Although of course we aren't talking angels here either; they'll still want that pay rise someday or other.
5. Beware – Everyone wants to be in Cyber Security!
There is a skills shortage, salaries are rising, and there is plenty of brand new shiny tech to play with. Who wouldn't want to get into Cyber? Which means that everyone is ‘refocussing' their CV, bringing to the front every last bit of exposure to that elusive tech your hiring manager has been banging on about for months. So when at last you do find it, don't get carried away. Vet them thoroughly:
- How much experience have you actually had of this tech?
- Have you actually architected / implemented / supported etc this tech?
- What problems did you have in doing so, and how did you solve them?
Asking pertinent questions should weed out wheat from the chaff. Although still keep an eye out for that exception to the rule, who lacks experience but has just the right mix of passion, aptitude and transferable skills to become your next best hire...