Episteme

Mike's random thoughts and ramblings

The Security Talent War

You know, Mike Rothman's Daily Incite is one of my favorite sources of security news. He recently posted about McAfee's recent survey on security talent. Rothman's point:

"We security folks need to build a farm system. I've supported vendors that sponsor college programs and it would be great to see more of that. But the fact remains that if you can deal with the job (and many can't), it's a sellers market for security talent and will remain that way for a long time to come."

Here's where I'd stand up and applaud if I were in the audience. Bravo, Mike. Well said.

But I think it goes deeper than just building a farm system - we need to build a talent creation system. My goal on every team that I've been on in my security career has been to create a system where we could take people who weren't grey-beard, old-school veterans of security and turn them into extremely capable and high-performing talent in as short a time as possible (usually less than 3 months).

There are three parts to the equation for winning the talent war in information security - I'll probably be ranti... uh, talking about these parts in greater depth over the coming months. But, the short version is simple:

     1. Hiring For Growth      2. Creating a Talent Acquisition Structure      3. Creating a Knowledge Growth Culture

Of these, #1 is easily the most important. Really, building a team of great security people is much like real-estate - the profit is made when you buy the property (as goes the old maxim). Simply put, if you hire correctly, the other two take care of themselves.

Unfortunately, most people don't do a great job of hiring - we rely too much on interviews and job descriptions that describe the task without describing the actual requirements.

Share this post

About the author

Michael Murray

Michael Murray