How to hire the right people in cyber security

In the realm of cyber security, it is no secret that the world is currently suffering from a shortage of expertise, with the void between demand and supply widening at an alarming rate. In the UK, it has become a serious problem, with recruitment site Indeed highlighting the issue by publishing research that shows that the number of cyber security roles advertised was the third highest globally. The worrying statistic is that the employer demand exceeded the number of candidates by more than three times.

In light of this, the alarm has been raised and the government has dedicated funding to increase awareness, with universities and colleges now expanding research facilities into cyber security to breed the new wave of IT professionals. However, due to the lack of specialists currently available, those who may lack security credentials but may have general IT knowledge are strongly encouraged to try their hands at security. Experience, whether in security or IT in general, goes a long way and is regarded as a positive attribute to potential employers.

With a global realisation and appreciation for IT security, enterprises are now desperately seeking to fill positions within their IT departments but what should companies consider when hiring candidates to operate their defence infrastructures? Do companies simply judge a candidate by their CV or should they look past the qualifications?

To answer these questions, the IT Analyst and CISO Forum has brought together some of most successful professionals within the industry to discuss the subject and provide advice.

Moderating the how to hire the right people in cyber security debate is Ray Stanton, Group CISO at the National Grid and who by his own admission has no formal qualifications in information security despite having been heavily involved in the industry for many years. However, he recognised that for anyone starting out today in information security, formal qualifications were essential in signalling serious intent to future employers. “If you want to be a success in your career, you can’t leave it to accident. You have to plan,” he said.

Regarding the Forum, the former global head of business continuity, security and governance at BT added: “The CISO debates provide an excellent forum for discussion on real items that are affecting the industry and I have always found – unlike other debates – try to give some practical take-a-ways for attendees, while having some fun!”

One example of good planning came from Avtar Sembhi, who is now Global Head of Global Banking & Markets and Commercial Banking ISR at HSBC. Having begun a career in manufacturing, he had initially stumbled into security, becoming an AV administrator. But realising he wanted to earn more money, he realised he needed to learn some more solid skills.

Moving to Deloitte for the next 10 years, he explained how he learned many of the people skills and relationship management principles that have become essential to him in his later career. He said being a management consultant taught him how to deal with people, understand their needs, and deliver a service in a credible and consistent fashion.

As for formal qualifications, he felt that a good track record counted for more, but conceded that “certificates show a commitment to the industry.”

To join Ray and Avtar please attend The IT Security Analyst and CISO Forum to learn from the UK’s top CISOs and global IT Security Association Leaders for exciting and topical debating sessions and earn CPE credits towards your SSCP®/CISSP® and ISACA certifications.

This is just one of the exciting sessions we have in store for the day. For a full line-up, please visit and to register to secure your place to attend the debates hosted by the

IT Security Guru.

IT Security Analyst and CISO Forum

CISO Debates, 17TH MAY 2017 2pm – 6pm


To register for FREE, please visit:

The post How to hire the right people in cyber security appeared first on IT SECURITY GURU.


Leave a Reply