How one CIO thinks outside the box to fill cybersecurity jobs

How one CIO thinks outside the box to fill cybersecurity jobs

Federal Reserve Bank of Boston CIO Don Anderson shares his hiring strategies for cybersecurity talent

up
20 readers like this

on

August 30, 2018

Strong security organizations have a solid understanding of the business and its goals and know their role in making those goals a reality. They’re also creative and think outside the box when they build their team – something we’ve been doing successfully at the Federal Reserve Bank of Boston.

Qualified cybersecurity individuals are scarce and difficult to hire in today’s competitive climate. When we do find them, we fit them into traditional cybersecurity roles including reviewing alerts, reviewing compliance reports, and analyzing malware. 

[ Read also: Hiring security gurus: 3 strategies to find scarce talent. ]

For other roles – in vendor management, project management, and as security analysts, for example – we are more likely to look outside traditional security backgrounds, and hire folks with degrees in economics, math, or even history.

Strong negotiators wanted

What’s important to us in building our team is finding people with strong negotiation skills who could double as consultants. Often the skills that hardcore security or technology talent have are too black and white; We need people who are comfortable with ambiguity and working in that gray space. Those who are skilled at finding a win-win often do well and are more valuable to the organization. 

"They need to show an interest in learning about the organization and our goals and have the intellectual horsepower to learn our security policy."

We also look for talent who can positively impact our organization. As part of our team, they have an opportunity to solve complex problems and must be comfortable working around people. They need to show an interest in learning about the organization and our goals and have the intellectual horsepower to learn our security policy.

When we hire from outside security, we like to see how people run. There are some who look at a security program and know how to match it up against a business need. Others just don’t have it in their DNA though, and revert to either a “Yes, you can do it” or “No, you can’t” mindset with “No” as the default answer.

Law enforcement and audit pros bring skills

We’ve been successful in building our team this way, but it hasn’t always been easy. Sometimes you know immediately that someone will be a great fit, and other times it takes two or three months to see that it just won’t work out.

Some of our most successful hires already exist in our organization as federal law enforcement officers. Many of them are pursuing master’s degrees and law degrees and move from the physical security world to cybersecurity with ease. We’ve also been successful in moving folks from audit and even IT interns into security. 

All this is reflective of the transformation that IT organizations are going through. You don’t necessarily need someone that’s a hardcore security person; you need someone who can have a conversation, talk about business goals, and work with the business to get things done.

[ Want expert advice from your peers on leading IT culture change? Get our free eBook, The Open Organization Guide to IT Culture Change. ]

Comments 0
Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System's Internet Cyber and Network Security services and Financial Management Technology services the Bank’s IT function, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank's Executive Committee.

7 New CIO Rules of Road

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kevin Casey
December 11, 2018

Digital advertising fraud costs the industry billions. Blockchain offers possible relief – and lessons for other industries.

Submitted By Carla Rudder
December 11, 2018

Sometimes, being left out of a meeting is more painful than being in it. Here's how to get a seat at the table.

Submitted By Carla Rudder
December 10, 2018

Learn from your peers' DevOps mistakes – before you hit trouble. DevOps experts talk burnout, adoption strategy, talent, and more

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.