The lead story in the SANS NewsBites from today was "White House/DHS Announce New Cyber Skills Pipeline Initiative.” The two statements below caught my attention.

1 - “The Federal Government struggles to recruit and retain cybersecurity professionals due to a shortage of talent along with growing demand for these employees across the public and private sectors.”

2 - “As agencies prioritize their cyber workforce needs, they will likely need to adopt innovative hiring techniques to ensure the best and brightest cyber talent can seamlessly enter the Federal Government.”

With the cybersecurity talent shortage, we must get creative in where we look to fill our open cybersecurity positions. Many years ago a good friend in the Human Resources department gave me the advice to hire character and train skills. For many years I have experienced success in finding team members from non-traditional areas and then sending them to learn our craft. A couple of examples include Fraud and Abuse, Help Desk and Network Operations. I found it interesting to learn from them how their former departments operate as well as learning firsthand how their department viewed the information security program. Yes, it pays to have thick skin.

From what non-traditional areas have you found talented members to join your information security team?

Russell Eubanks

ISC Handler

SANS Instructor

@russelleubanks