Building a security team that is very much like a community

“It’s important to understand how people think,” said Nick Ioannou, chief information security officer at real estate rental platform Goodlord. “Social engineering is going to transcend everything we do. So, we need people who think differently.”

Yuanno was speaking at a panel discussion recently computing Cyber ​​Security Festival Regarding the urgent need for diversity in the security team. If everyone looked and thought the same, had the same qualifications and followed the same frameworks, the job of a social engineer would be much easier; But how do you attract the right people to your team?

A good place to start is in the beginning, with the hiring process, said Yota Tromm, leadership coach and founder of Together in Tech. “At all levels of seniority, men will apply if they only have 50% of the requirements, but women tell me, ‘But I didn’t do this, I didn’t do that.'”

So Women and other minority groups within the Internet They tend to underestimate their potential. Additionally, job descriptions for security roles are often written with a specific type of candidate in mind, which means that many talented people with the kinds of skills needed in a modern team simply won’t apply.

“What I’ve seen over and over again, though, is that the most successful candidates aren’t necessarily the ones who tick all the boxes. It’s more about personality, culture, mindset, willingness to learn and grow, and even though they may not tick the boxes they can still be amazing.” Trum said.

She added that another way to unlock the security culture is to encourage successful security personnel to disclose their experiences to the public.

“There are a lot of companies out there that don’t realize that the best advertisement is their employees. And the best way you can spot talent is to get your employees to talk about how great your company is, and how much everyone around them loves being a part of your company.”

It’s important not to treat women or others who are in a minority on the security team as different in some way, said Danielle Soday, Lead Security Operations at Deliveroo.

“I think as a manager you bring equal opportunity, and that means you ask them questions as a professional. For example, I don’t want to be asked about my life, when I’m getting married. That should be irrelevant in the hiring process and then too.”

Al-Sudai continued that qualifications are important, but they are not everything and the end.

“I don’t see certification as knowledge, it just shows that you studied hard to get it, it doesn’t mean that you are an expert. Work experience and practical knowledge is much more important. And that is something I look for when hiring, someone who is motivated to get involved in more things, even if they are not there.” After. I want to create a career path for them, so they can grow and advance in my team.”

Establishing a career path, a strong and open culture, and regularly checking in to see if employees are happy with the path they have embarked on are all vital to retention, Al-Sudai said.

If anything, retaining good cybersecurity staff has become more difficult with the arrival of remote work.

Other retention tips suggested by team members were mentoring and giving employees the option to train. Iounnou said Goodlord allocated £1,000 to each employee. “They can choose how to spend it, for passing exams and other training materials.”

In Trum’s view, it’s all about maintaining a positive culture. “What are your values? What do you stand for? And how do you as a company put your people at the heart of the agenda?”

Leave a Comment