DEV Community

Nando Delgado
Nando Delgado

Posted on

How to Hire a Cybersecurity Expert (Before It’s Too Late)

In the game of supply and demand, quality cybersecurity experts can be tricky to find. Market data has shown that the need for cybersecurity experts in the workforce has grown 53% through 2018, and there is a predicted shortfall of 1.5 million cybersecurity professionals in the near future.

What’s more, at Hackmetrix we’ve identified that the 10 most common security issues found on our users’ web apps are relatively simple fixes once you know what you’re looking for.

Now, we understand that hiring a cybersecurity expert for your business might not sound like the most riveting topic, and you might already find yourself dozing off, we will provide you with the TL;DR version of this piece right off the bat:

TL;DR

  • Cybersecurity is more important than ever in protecting businesses and profits
  • There aren’t enough qualified people in the workforce to keep your business secure, and the need is going to keep growing
  • You need to get your act together and figure out how to find a cybersecurity expert to protect your customers and keep your business from going under
  • Cybersecurity professionals’ qualifications vary hugely, you need to know what to look for

There. That sums it up nicely. Still here and want to learn how to hire the right cybersecurity expert to protect you and your business?

Yeah. We thought so. Let’s dive in:

Do They Have a Record

When it comes to cybersecurity expertise and experience, there are many ways to skin a cat.

Education and experience varies wildly in cybersecurity, and that isn’t necessarily a bad thing. Perhaps they have more c-level executive experience, or perhaps they have a degree from some high ticket University. They might have half a dozen certifications or decades of work in a well-respected cybersecurity firm.

Cybersecurity experts come in different shapes, sizes, backgrounds, and experiences. Ultimately, how they got trained is almost inconsequential. When hiring a cybersecurity expert, you want to see their track record. Who have they worked with? How long? What types of systems have they seen and what kind of clients have they helped?

The track record of a cybersecurity expert will tell you far more than their educational background.

But Speaking of Certifications…

That being said, you still want your cybersecurity expert to have applicable certifications.

Looking at all the certification options, it sometimes resembles a bowl of alphabet soup that got tipped over: OSCP, CSM, CISM, CISSP, CompTIA, Security+, the list goes on and on. Depending on your business needs, there are specialized certifications that can cater to you – and the goal is to find the right cybersecurity expert to work with your business who has the certifications you want.

The Pack Survives

The media often portrays the brilliant and socially awkward IT genius who doesn’t know how to fit in and work with a team, often speaking jargon that leaves their peers glossy eyed and confused as they walk away, shaking their heads all the while.

While that character might work great on screen, it would be a nightmare for your business. If you have to hire an interpreter to decode what your cybersecurity expert is telling you to do, you haven’t found a very cost efficient or useful strategy to handle your IT needs.

When hiring a cybersecurity expert, you want to find someone who can explain clearly what the issue is, and also clearly explain the solutions. Your cybersecurity expert needs to be a team player, not a rogue IT nerd who talks down to everyone.

Actions Speak Louder than Words

Here’s the rub: Finding a problem is easy. Understanding a problem is trickier.

Solving a problem is what separates the wheat from the chaff. When hiring a cybersecurity expert, ask for their track record in actual problem solving, not problem identifying.

You need someone who actually knows how to fix the problems they find, without that, you’re wasting your time and money.

Code is Gold

Now, one caveat: You can have an outstanding cybersecurity expert who doesn’t know how to code. It is possible. That being said, there are a number of major benefits to having your cybersecurity team know how to code. Whether it is to help troubleshoot problems that have already happened, recognize problems or weaknesses before they happen, or understand potential threats lying in wait.

Can They Do the Boring Stuff

Yes, you want to have them on your team because they understand cybersecurity and all things technical in a way that you might not understand. Yes, you are hiring them because of their expertise. However, it doesn’t matter how brilliant or talented they are if they can’t also work within your day to day business needs.

The best cybersecurity expert is also someone who can write up clear reports and understand how budgets work. You want to hire a cybersecurity expert who is part of the team, and that means being able to do the boring day to day work that keeps the business working.

The reality is, hiring a cybersecurity expert is just not optional in business anymore. Having a cybersecurity expert is as critical as having an HR department for your business: It protects you from threats, risks, and potential lawsuits.

The longer your business waits to hire this critical position, the longer your business, your data, and your entire livelihood is at risk. Choose wisely, but move quickly.

Discussion (1)