Cy Says Blog & Podcast

Over the past several years, there has been considerable discussion around the cybersecurity talent pipeline and hiring practices. We are now at a pivotal moment where five generations of workers are concurrently in the workforce, college enrollment is declining, and non-traditional skill paths are gaining momentum. The time is ripe for companies to reimagine how they recruit and hire talent. At CyberUp, we recognize that skills-based hiring is the model needed for the future.

In the coming weeks, we will define and illustrate the skills-based hiring model to establish a baseline set of expectations. Our goal is to inspire hiring managers and talent teams to embrace this practice because staying ahead of threats requires an agile, knowledgeable, and innovative workforce. Traditional hiring practices prioritize degrees/certifications and must evolve to recognize candidates with practical experience and the skills necessary to excel. Enter skills-based hiring—a transformative approach that prioritizes a candidate's abilities over formal credentials. Let’s explore what skills-based hiring means and why it's a game changer for cybersecurity.

Defining Skills-Based Hiring

Skills-based hiring is an approach that focuses on evaluating a candidate's specific abilities, practical experience, and demonstrated performance rather than their educational background or formal qualifications. This method assesses what a candidate can do and how well they can do it, making it a more inclusive and effective way to identify top talent.

We have been talking about the model for quite some time. Check out CyberUp’s early take on the concept.

The Building Blocks of Skills-Based Hiring

1. Practical Assessments

Practical assessments are at the heart of skills-based hiring. These evaluations mimic real-world tasks and scenarios candidates will encounter in their roles. For cybersecurity positions, this could include challenges like identifying vulnerabilities in a system, performing penetration tests, or developing secure code. These tasks provide employers with a clear and concrete understanding of a candidate's technical prowess and problem-solving abilities, offering insights that go beyond a resume.

2. Portfolio Review

A portfolio showcases a candidate’s hands-on work and projects, offering tangible evidence of their skills. In cybersecurity, this might include contributions to open-source projects, code samples, security research publications, or documented bug reports. Reviewing a portfolio allows employers to see the depth and breadth of a candidate’s experience, their ability to complete projects, and their commitment to the field. This element also highlights continuous learning and innovation, which are crucial traits for cybersecurity professionals.

3. Relevant Experience

Skills-based hiring places a strong emphasis on relevant experience, including internships, freelance work, volunteer projects, and self-initiated endeavors. This experience is often more indicative of a candidate’s ability to perform in a real-world setting than traditional qualifications. For instance, a candidate who has actively participated in cybersecurity competitions or hackathons demonstrates both their passion and practical skills. By valuing these experiences, employers can identify candidates who have proven their abilities outside conventional pathways.

4. Continuous Learning and Development

The cybersecurity landscape is constantly changing, with new threats and technologies emerging regularly. Skills-based hiring recognizes the importance of continuous learning and professional development. Candidates who stay updated with the latest trends, tools, and techniques—whether through online courses, certifications, workshops, or self-study—are highly valued. This element underscores a candidate's proactive approach to their career and their ability to adapt to new challenges, which is essential in the fast-paced world of cybersecurity.

5. Soft Skills Evaluation

While technical skills are critical, soft skills such as communication, teamwork, and critical thinking are equally important in cybersecurity roles. Skills-based hiring includes the evaluation of these attributes through behavioral interviews, situational judgment tests, and collaborative tasks. For example, a candidate might be asked to explain complex security concepts to a non-technical audience or work with a team to devise a security strategy. These assessments help determine if the candidate can effectively contribute to and thrive within a team environment.

6. Role-Specific Simulations

Role-specific simulations provide a realistic preview of the day-to-day responsibilities candidates will face. These simulations involve responding to a simulated security breach, analyzing security logs for potential threats, or developing a risk management plan. By engaging candidates in these scenarios, employers can assess not only their technical skills but also their decision-making process, stress management, and ability to prioritize tasks under pressure.

Conclusion

Skills-based hiring redefines how cybersecurity professionals are recruited, emphasizing what candidates can do rather than where they’ve been. This approach ensures that the best-suited candidates are identified by incorporating practical assessments, portfolio reviews, relevant experience, continuous learning, soft skills evaluation, and role-specific simulations. As the cybersecurity landscape evolves, skills-based hiring will play a crucial role in building a robust, capable, and forward-thinking workforce. Embrace the change and watch your team—and your organization—thrive.

Reach out today and see how CyberUp's team of apprenticeship experts can help you!

Nate Miller's journey from a military cyber operation specialist to an Information Security Analyst at Swirlds Labs is a testament to his determination and passion for technology. Completing the CyberUp apprenticeship program, Nate's path was filled with learning, challenges, and significant achievements.

Discovering CyberUp

Nate began his career in the military, gaining foundational cybersecurity knowledge. As a National Guard member for the Army, his dedication was clear. Although he didn't have a degree, Nate earned a Cisco Certified Networking Associate certification, showcasing his technical skills. Nate chose CyberUp to further enhance his cybersecurity skills; the support and guidance from CyberUp made the field more accessible for him. His enthusiasm for learning and technology made cybersecurity a natural progression.

During the initial three months of his apprenticeship, Nate found himself enthralled by the learning opportunities at CyberUp. He appreciated the structured support system, which made the complex world of cybersecurity more accessible. This period laid the groundwork for his future advancements and achievements within the program.

Evolving Skills and Responsibilities

Nate's role at Swirlds Labs quickly advanced from basic tasks to more complex solo projects, such as phishing campaigns. He began working independently, gaining confidence and competence. His standout accomplishment was executing a phishing campaign using voice AI technology to clone the CEO's voice. This innovative approach not only demonstrated his technical skills but also earned him recognition and a bonus from the company. It showcased his ability to leverage new tools and technologies effectively.

Throughout the apprenticeship, Nate continued to acquire new skills and knowledge. He learned to use tools like KnowBe4 for training and phishing campaigns, gaining hands-on experience that integrated these tools into the company's processes. His evolving responsibilities and solo projects highlighted his growing expertise and readiness for more advanced tasks.

Balancing Work and Life

Nate maintained a healthy work-life balance throughout his apprenticeship. The flexibility of remote work allowed him to integrate his professional responsibilities with personal commitments, such as accompanying his girlfriend to a conference in Orlando. This balance was crucial in enabling him to pursue additional certifications outside of work hours, further enhancing his expertise.

Nate's ability to manage work-life balance effectively contributed significantly to his success. By working remotely, he could work from various locations, ensuring that his personal life did not interfere with his professional commitments. This flexibility also allowed him to focus on completing certifications, fully engaging in work tasks during work hours.

Advice for Future Apprentices

With the apprenticeship program behind him, Nate aims to delve deeper into red team cybersecurity, focusing on cyber attacks and prevention methods. The foundation laid during his time with CyberUp and Swirlds Labs will benefit this pursuit. Nate advises future apprentices to be trainable, flexible, and ready for challenges. His journey is a reminder that success in cybersecurity is about continuous learning and growth.

Nate Miller's story through the CyberUp program shows how structured learning and real-world experience can transform a passionate individual into a cybersecurity expert. His journey from soldier to cybersecurity professional is an inspiring example of how dedication and the right support can lead to success in the ever-evolving field of cybersecurity.

Beginning a New Chapter

Laura Ohanian's transition into cybersecurity began with a strong foundation in psychology and web design, and a determination to find a more stable and lucrative career to support her role as a single mom. Before joining CyberUp, Laura worked as an engraver at Scott Air Force Base and held diverse roles including a licensed esthetician. Her decision to shift careers was fueled by the growing demand in cybersecurity and the support structure provided by CyberUp’s apprenticeship program. Laura's journey in cybersecurity started with gaining her CompTIA Security+ certification, which equipped her to take on her new role as an associate information security analyst.

Growth and Learning

By the three-month mark, Laura had already taken charge of critical tasks such as managing the phishing email inbox and handling service requests for access to applications and workstations. Despite feeling occasionally behind her peers with IT degrees, Laura’s dedication and constant learning kept her job enjoyable and fulfilling. Six months into her role, she appreciated the never-ending learning curve in cybersecurity and expressed a desire to delve deeper into Governance, Risk, and Compliance (GRC), reflecting her passion for understanding the broader implications of cybersecurity measures.

A Year of Achievements and Aspirations

Approaching her one-year anniversary with CyberUp, Laura highlighted the emotional support and hands-on training that were instrumental in her professional development. Her ability to overcome challenges, especially in solitary study, was significantly aided by the resources and mentoring provided by CyberUp. Looking ahead, Laura aims to deepen her expertise in the GRC field and acquire further certifications to advance her career.

During this transformative year, Laura also made significant contributions to cybersecurity initiatives at SSM Health, where her role involved safeguarding sensitive medical data and ensuring compliance with healthcare regulations. Her involvement in developing and implementing security measures has been critical in protecting patient information and enhancing the organization's overall security framework. This experience at SSM Health not only sharpened her skills but also reinforced her commitment to the field, setting a solid foundation for her future aspirations in cybersecurity.

Contributing Back to the Community

Laura is not just committed to her own growth but is also eager to give back to the community that supported her. She has expressed interest in mentoring within CyberUp’s youth and alumni programs, hoping to guide others through their cybersecurity journey.

Laura’s story is a compelling example of how resilience, continuous learning, and community support can transform careers and lives. Her experience inspires current and prospective CyberUp candidates to pursue their goals with determination and seek the support they need to succeed.

Embarking on a Cybersecurity Adventure

Tia Harris began her cybersecurity journey with experience in security from roles at Boeing and the Illinois Army National Guard, despite having no degree. Her pivot was sparked by a CyberUp career development session, highlighting the alignment between her experience and the demands of cybersecurity. Tia valued the transparency and relevance in CyberUp’s training, quickly applying her new skills at the Federal Reserve Bank, embracing projects across various sectors.

Early Realizations and Growth

Within three months, Tia excelled in her role, supported by CyberUp in areas like resume building and interview prep. Her enthusiasm for cybersecurity grew, viewing the field as full of opportunities for professional advancement. By six months, Tia had embraced her role not just as an analyst but as an educator within her organization, teaching cybersecurity awareness with creativity.

A Year of Transformation and Achievement

Approaching one year, Tia's role evolved to Associate Information Security Analyst, focusing on compliance and awareness. Her projects involved cross-team collaboration, enriching her experience.. Tia found that CyberUp’s study tips and professional development played a pivotal role in her success today. Her goal is to continue growing in the Federal Reserve Bank’s security assurance team.

In reflecting on her first year, Tia is particularly proud of her contributions to a major compliance project that improved the company’s security posture. Her ability to bridge technical knowledge with practical application has not only enhanced her team's capabilities but also positioned her as a key player in her department. This success, coupled with her ongoing commitment to learning and development, underscores the significant strides she has made in her career and the potential she has to influence the future of cybersecurity.

Legacy and Mentorship

Committed to giving back, Tia is enthusiastic about mentoring in CyberUp’s youth program and participating as a volunteer speaker. Her journey demonstrates the power of seizing opportunities in cybersecurity.

Tia’s story is an inspiration to those considering cybersecurity, showing that success is achievable with the right guidance and resources.