Is your cloud migration stalling? You must fight the three Horsemen of the Status Quo.
5 ways to find non-traditional IT talent
Are you facing a talent gap – or just hanging onto old ideas about IT hiring? CIOs and recruiters share strategies to locate valuable candidates
4. Rethink minimum degree requirements
Similarly, consider the possibility that not every position on your team actually requires a bachelor’s degree or higher as a prerequisite just to get an interview, much less land the job. Glassdoor recently put together a list of 15 companies, including Apple and Google, that no longer require college degrees of applicants.
“Non-degreed candidates can often be just as qualified for technical roles as degreed candidates,” Brandtner says. “Degrees may help get someone’s foot in the door, but if an applicant has been able to learn on the job in previous roles and get real-world experience, that is oftentimes just as valuable as having a degree. If you can, avoid screening out applicants based on whether they have a degree or not, to make sure you’re not missing out on talent that could be a great fit for your organization.”
[ Do degrees matter as much as they once did? Read also Tech skills gap: Straight talk on how CIOs can help. ]
5. Double-down on non-traditional backgrounds for security positions
If you’re hiring security pros, your task might be even tougher. Analyst estimates project an ongoing talent shortage; Cybersecurity Ventures, for one, predicts there will be 3.5 million unfilled cybersecurity jobs in 2021.
“There is no doubt a cybersecurity workforce shortage,” says Morey Haber, CTO at BeyondTrust.
[ Read our related story: Hiring security gurus: 3 strategies to find scarce talent ]
On the brighter side, experts often point to the security field specifically as one that’s ripe for non-traditional candidates, including career-changers, IT pros who’ve been working in another function, and entry-level hires.
In addition to the tactics above, there are ways to specifically look for security aptitude in candidates who come from non-security backgrounds, including:
- Recruit students while they’re still in school
“[Look] past the job-seeker level and build relationships with educational institutions that are beginning to cultivate student interest in a cybersecurity profession pre-career,” advises Rob Clyde, board chair at ISACA and former CTO at Symantec.
Doing so can help identify high-potential candidates before they’re really on the open market. You’re looking to fill lower-level positions with talent that is more likely to develop into A-team material in the future.
“These students are sharp and just need to be molded into your corporate image,” says Haber of BeyondTrust. “If the security job is not mission-critical from day one, I would certainly give these talented individuals a shot and you may be surprised at how eager they are to learn more.”
- Actively seek out internal talent from non-security roles
If you’re willing to cross-train or give people the resources and room to develop on the job, you probably already have “non-traditional” talent on your team. They just might be in a different role, like software development or audit.
Federal Reserve Bank of Boston’s Anderson, for instance, cites success recruiting former federal law enforcement pros, and audit pros, into his security ranks.
Clyde recommends being open to such candidates from within and cultivating initial interest with opportunities to train or otherwise test out their security potential. (With regards to the latter, see our recent article for a few how-to tips.)
- Look for someone who can think like a hacker
You don’t actually need to be a hacker to work in cybersecurity, but it certainly helps if you can think like one.
Roman Garber, development manager at Security Innovation, acknowledges that it’s great to find that true security guru who matches everything you’re looking for, but that’s the white whale for hiring managers. Garber says even when that person materializes, the ability to think like a hacker is the number-one thing he looks for. A slightly more technical way to describe this is the ability to threat model – and you don’t necessarily need to be an experienced security pro to do so.
“Someone with high aptitude for security should be able to threat model by asking, ‘if I was the adversary, how would I break into this?’” Garber says.
He notes that it’s tough to find and recruit this ability because it’s not often included on a resume. So it comes down again to looking at the whole person rather than just a list of skills; asking the right questions in an interview is key.
“Questions can range from the quite obvious – explain how threat models work – to more subtle – what type of screen lock do you use on your phone and why?” Garber says. “While technical skills can be learned by eager and inquisitive minds, the ability to put on an adversary’s hat is much harder to acquire.”
[ Want expert advice from your peers on leading IT culture change? Get our free eBook, The Open Organization Guide to IT Culture Change. ]