How one CIO thinks outside the box to fill cybersecurity jobs

How one CIO thinks outside the box to fill cybersecurity jobs

Federal Reserve Bank of Boston CIO Don Anderson shares his hiring strategies for cybersecurity talent

71 readers like this


August 30, 2018

Strong security organizations have a solid understanding of the business and its goals and know their role in making those goals a reality. They’re also creative and think outside the box when they build their team – something we’ve been doing successfully at the Federal Reserve Bank of Boston.

Qualified cybersecurity individuals are scarce and difficult to hire in today’s competitive climate. When we do find them, we fit them into traditional cybersecurity roles including reviewing alerts, reviewing compliance reports, and analyzing malware. 

[ Read also: Hiring security gurus: 3 strategies to find scarce talent. ]

For other roles – in vendor management, project management, and as security analysts, for example – we are more likely to look outside traditional security backgrounds, and hire folks with degrees in economics, math, or even history.

Strong negotiators wanted

What’s important to us in building our team is finding people with strong negotiation skills who could double as consultants. Often the skills that hardcore security or technology talent have are too black and white; We need people who are comfortable with ambiguity and working in that gray space. Those who are skilled at finding a win-win often do well and are more valuable to the organization. 

"They need to show an interest in learning about the organization and our goals and have the intellectual horsepower to learn our security policy."

We also look for talent who can positively impact our organization. As part of our team, they have an opportunity to solve complex problems and must be comfortable working around people. They need to show an interest in learning about the organization and our goals and have the intellectual horsepower to learn our security policy.

When we hire from outside security, we like to see how people run. There are some who look at a security program and know how to match it up against a business need. Others just don’t have it in their DNA though, and revert to either a “Yes, you can do it” or “No, you can’t” mindset with “No” as the default answer.

Law enforcement and audit pros bring skills

We’ve been successful in building our team this way, but it hasn’t always been easy. Sometimes you know immediately that someone will be a great fit, and other times it takes two or three months to see that it just won’t work out.

Some of our most successful hires already exist in our organization as federal law enforcement officers. Many of them are pursuing master’s degrees and law degrees and move from the physical security world to cybersecurity with ease. We’ve also been successful in moving folks from audit and even IT interns into security. 

All this is reflective of the transformation that IT organizations are going through. You don’t necessarily need someone that’s a hardcore security person; you need someone who can have a conversation, talk about business goals, and work with the business to get things done.

[ Want expert advice from your peers on leading IT culture change? Get our free eBook, The Open Organization Guide to IT Culture Change. ]

Don Anderson is the Senior Vice President and Chief Information Officer (CIO) at the Federal Reserve Bank of Boston. In this capacity, he is responsible for the Federal Reserve System's Internet Cyber and Network Security services and Financial Management Technology services the Bank’s IT function, Real Estate Services, and Law Enforcement units. Don is currently a member of the Bank's Executive Committee.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Kevin Casey
June 26, 2019

If AI is going to have deep impacts on the human workforce, it stands to reason that human resources will need to play a vital role in how organizations adapt. That’s no small task.

Submitted By Eric Brown
June 26, 2019

The candidates you're interviewing could be the smartest people in the world when it comes to creating machine learning systems, but if they don't have this one soft skill, they won't be as successful. 

Submitted By Stephanie Overby
June 25, 2019

These two age groups will be an important part of IT teams for the foreseeable future. New Mercer data shows how to recruit and retain both.


Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.