Skip to content
Back to Blog hiring managers meet deadlines
Cyber Security calendar    Oct 10, 2018

Stuart talks Security: Hiring Managers - It's time to look closer to home

Insider insight for hiring managers in the cyber security space to help them overcome the challenges associated with hiring in the face of the skills shortage. This edition focuses in on the internal search for security skills.

What’s the first thing you do when you are looking for security talent? Post a job on LinkedIn? Contact your internal recruiter or your external partner? It might surprise you to hear this from a recruiter but it's often prudent to start your search a little closer to home. In fact a CISO we spoke to in our recent CISO Survival Guide stated "Skills are important but given the shortage that exists it’s rare that you will find a candidate that has every attribute you are looking for. In such cases it’s often a good idea to develop from within where you’ll find people that know the business and know the stakeholders – that’s a great starting point."With security professionals being difficult to find and becoming more and more expensive, one of the best options is looking at what talent you have internally and how you could invest in their transition to security. I spoke with the CEO of HackEDU, Jared Ablon a company who have created a software based training platform to transition your software developers into a more security-centric role. 

He stated that security organizations are realizing that the cannot properly scale to meet their application security needs. So many organizations are moving towards a 'security champion' model and are empowering their developers. Security champions are the developers that think about security, ensure that standards are up to date and enforced, research new security requirements that may be needed, and evaluate security tools. This works best if it is voluntary rather than forcing people to be a part of it, in a lot of instances there are developers that are already excited about security. For this model to work both security champions as well as developers need to be empowered with training to help stop security vulnerabilities.

HackEDU provides hands-on secure development training that helps developers improve their ability to write secure software, boost their understanding of how software systems are hacked, and decrease the time to solve security related problems. In addition, the training helps meet PCI, HIPAA, ISO, and NIST compliance requirements.

HackEDU's training ensures developers learn both offensive and defensive application security training which is more engaging and proven to be more effective than defensive training alone. The lessons use real applications and content includes real public vulnerabilities. This training shows developers how attackers are looking at their code, the impact of the vulnerabilities, and provides real coding exercises to fix vulnerabilities.

Given the cost and time to hire for security professionals, as well as ensuring candidates are bought in from a cultural perspective, this is certainly an option to be weighed up when bringing in security talent.

Blog-CISO-Survival-Banner

Head of Marketing

Subscribe

Subscribe to our newsletter

Get the latest hiring insights direct to your inbox.

Latest Articles

Unlocking the Power of Neurodiversity: Essential insights for the modern workplace

Unlocking the Power of Neurodiversity: Essential insights for the modern workplace

Deepen your understanding of neurodiversity and its impact on the workplace, as we address taboo topics and common misconceptions. Watch ou...

3 top tips to attract the best cloud security talent

3 top tips to attract the best cloud security talent

This article comes from an engaging session at UK Cyber Week, where our Head of Cyber Recruitment led a fantastic talk on Securing the clou...

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Talking GTM Talent: How to Screen for the Top 10% of Enterprise Account Execs

Wondering how to spot the high-performing Enterprise Account Execs from the crowd? Learn how to separate the best from the rest in our on-d...