It seems like every week there is a story in the media about high profile organisations being exposed due to some form of Cyber-attack. Whether its confidential customer data being released, ransomware, phishing attacks, or denial of service bringing down computer services: these events are big news and can really cost your business. If you have any kind of online presence (and who doesn’t), you are at risk and it is your obligation to protect your business - and in particular, your customer data. The costs of a breach can be substantial: either directly or by causing ongoing reputational damage.
Transformation of technology in recent years has been unprecedented, combined with consumer expectations of a service “that just works”. It is a key requirement for almost every organisation to monitor, prevent and defend their IT system. Which brings us to cybersecurity roles: today alone, there are 833 ads on Seek for cybersecurity roles, from almost every type of organisation in Australia. In conversations with our customers it seems that there is one common issue, that there are not enough good candidates for these roles. Which leaves you as an organisation with limited options, do you hire someone that is not as strong a fit as you would like, do you pay above market rate to attract better candidates, do you look overseas, or do you just keep the vacancy open?
There has been a 74% increase in job opportunities in the cyber market in the past 5 years. This demand cannot be fulfilled by university graduates, but everyone is seeking similar skillsets and experience. Even if you manage to find good candidates, are they being poached by your competitors offering better salaries or perks? We are hearing time and time again about how this is currently a candidate’s market.
One of Testgrid’s key partners, IBM, has identified an alternative. They have recognised that the traditional approach of seeking experienced hires is becoming more difficult, and have developed a way to identify the “latent” ability of either new hires or existing staff: people that are likely to have the raw capabilities to excel in a cybersecurity role. They do this by assessing behavioural attributes and cognitive aptitude, with a view to being able to acquire necessary technical knowledge on-the-job. This approach turns the process on its head, and suddenly provides a substantial pool of future talent that can readily be trained.
Behavioural competencies that IBM identified as being a strong fit for cyber analyst roles include:
- Adaptability - Learning Orientation - Compliance - Organisation
- Resilience - Dependability - Energy
I was keen to see how well I matched to these roles, and was amazed at how this assessment was constructed. It was enjoyable to complete, and combined what you might consider abstract reasoning type tasks, behavioural questions, error detecting, and pattern recognition. I have a slightly strange educational background in that I studied Sciences and Maths at High School then Law at University; so a blend of many different skills. It turns out that I would be a good match for cybersecurity roles, which is logical given my background, but certainly not a career I would have considered before (not that I am planning to leave the wonderful world of Psychometric Testing!).
Your next pool of talent for cybersecurity roles might not be where you think: you could broaden your view of your intake, and US data suggests that traditional professional services graduates can often be a great match. So, could this approach help you to identify the best talent (and screen out those that aren’t a good fit)?
IBM have created a unique offering in this market, with the only validated assessment for this type of role. It is currently being used by US and UK government departments in particular, and is now being launched more widely.
So, if you, like many of Testgrid’s customers, are struggling to hire in this area, then maybe it is time to change your approach and find a whole new pool of candidates.
If you would like more information on this assessment or the successes that we’ve already observed, please get in touch at firstname.lastname@example.org