LinkedIn has advised hiring from within and on-the-job talent testing to gather the right cyber security team and tackle the demand for cyber security skills.
Cory Scott, chief information security officer at LinkedIn, said at Infosecurity Europe in London that a global shortage of people with security skills makes hiring and retaining talented people challenging.
“We found that there were approximately 189,000 infosec [information security] professionals actively working in the industry worldwide,” he said, citing LinkedIn research.
“In the US there is what we call a demand ratio of four people actively employed today in infosec for every three new unfilled infosec positions, meaning that there is way more demand than existing staff.”
A lot of this demand stems from the high level of IT skills expected of infosec workers.
“Your security team must be as effective or better than the operations and engineering teams as far as executing technically and operationally. If it is not, you are always going to be a step behind,” said Scott.
Cory recommended that companies should hire talent from neighbouring divisions of the IT department, which have tech-savvy staff who can be trained in more specialist skills.
Evaluating whether these people have the necessary skills can be difficult, and Scott suggested setting security tests and challenges rather than reviewing CVs.
He also noted that talent can be found through word of mouth, ensuring that people who are considered for a job have the respect of their peers and a good reputation in the industry.
However, problems can stem from losing talent to churn and poaching by other companies.
Scott explained that LinkedIn engages employees to see that they have the right training and career paths, but more importantly that they have ownership over the project they work on based on quarterly reviews. This keeps them focused and engaged with their work, rather than simply chugging along.
Employees should also be integrated into the company, rather than kept in the siloed infosec part of the IT department. LinkedIn does this by setting up a 'buddy' system between technical workers.
Scott’s points highlight the challenge of finding IT talent, and it is worth noting that LinkedIn’s infosec focus could stem from a hack on the firm in 2012 in which users’ passwords were stolen and later put up for sale online.
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold