Cy Says Blog & Podcast

In today's rapidly evolving job market, traditional hiring methods based on degrees and previous job titles are becoming less effective. With the rise of new technologies and changing industry demands, companies are increasingly turning to skills-based hiring to find the best talent. But what exactly is skills-based hiring, and how does it work for companies? Let's explore.

What is Skills-Based Hiring?

As a quick refresher, here is our definition of skills-based hiring. Skills-based hiring is an approach that focuses on evaluating a candidate's specific abilities, practical experience, and demonstrated performance rather than their educational background or formal qualifications. This method assesses what a candidate can do and how well they can do it, making it a more inclusive and effective way to identify top talent.

Implementing Skills-Based Hiring in Your Company

How we have hired talent for the past 30 years requires a reset. Why might you ask? That’s a discussion for another blog but for today let’s focus on the how. As you will learn, transitioning to a skills-based hiring approach requires careful planning and execution. It does not have to be a challenging task but it requires a creative approach and open-mindedness to implement successfully. 

Here's a detailed guide on 7 steps to implement skills-based hiring effectively:

1. Identify Key Skills

• Role Analysis: Begin by thoroughly analyzing each role within your organization. Engage with current employees and managers to understand the specific tasks and responsibilities of each position.
• Skill Mapping: Identify the essential technical and soft skills required for each role. This might include understanding firewalls and network security best practices, communication skills for customer-facing roles, or problem-solving abilities for management positions.
• Prioritization: Determine which skills are critical and which are desirable. This will help in creating a focused assessment process.

2. Develop Skills Assessments

• Practical Tests: Design practical tests that reflect real-world tasks related to the job. For example, a coding challenge for a developer role or a project simulation for a project manager role. Finding a cybersecurity assessment has proven difficult but companies like Crowdstrike leverage capture the flag types of challenges when hiring candidates to accurately assess skills.
• Behavioral Assessments: Include assessments that measure soft skills such as teamwork, leadership, and adaptability. These can be situational judgment tests or behavioral interviews.
• Tools and Resources: Utilize online platforms and tools that offer pre-built assessments or the ability to create custom tests. Ensure these tools provide reliable and valid measures of the required skills.

3. Revise Job Descriptions

• Skill-Focused Listings: Rewrite job descriptions to highlight the skills and competencies needed rather than focusing on degrees or specific job titles. Use clear and concise language to describe the key responsibilities and required skills.
• Inclusive Language: Use inclusive language that encourages a diverse range of candidates to apply. Avoid jargon and unnecessary requirements that might deter qualified applicants.

4. Train Hiring Managers

• Educational Workshops: Conduct workshops and training sessions to educate hiring managers on the principles of skills-based hiring. Explain the benefits and guide how to evaluate skills effectively.
• Bias Reduction: Train hiring managers to recognize and mitigate biases in the hiring process. This includes understanding the impact of unconscious biases and using structured interview techniques.
• Interview Techniques: Teach hiring managers how to conduct skills-based interviews. This includes asking open-ended questions that allow candidates to demonstrate their skills and using standardized scoring rubrics.

5. Use Technology

• Applicant Tracking Systems (ATS): Implement an ATS that supports skills-based hiring. Look for systems offering integrated skills assessments that help automate the screening process. A gold star for companies who assess for transferable skills.
• Data Analytics: Use data analytics to track and measure the effectiveness of your skills-based hiring process. Analyze metrics such as time-to-hire, quality of hire, and employee performance to make data-driven improvements.
• Virtual Assessments: Leverage virtual assessment tools to facilitate remote hiring. This can include video interviews, online skill tests, and collaborative platforms for team-based exercises.

6. Pilot Programs

• Small-Scale Implementation: Start with a pilot program in one department or for a specific role. This allows you to test the skills-based hiring approach on a smaller scale and make adjustments before a company-wide rollout.
• Feedback Loop: Collect feedback from both candidates and hiring managers involved in the pilot program. Use this feedback to refine your assessment tools, interview processes, and overall approach.

7. Evaluate and Iterate

• Performance Metrics: Continuously monitor the effectiveness of your skills-based hiring approach. Track key performance indicators (KPIs) such as employee retention, job performance, and satisfaction levels.
• Regular Reviews: Conduct regular reviews of your hiring process and make necessary adjustments based on the data collected. Stay updated with industry trends and best practices to ensure your approach remains relevant and effective.
• Employee Development: Use the insights gained from the hiring process to inform employee development and training programs. This helps in aligning current employees’ skills with evolving job requirements.

Conclusion

Skills-based hiring is a powerful approach that can help companies find the best talent in an increasingly competitive job market. By prioritizing practical skills over traditional credentials, companies can build diverse, innovative, and high-performing teams. As the future of work continues to evolve, skills-based hiring will play a crucial role in shaping the workforce of tomorrow.

Implementing this approach requires a strategic shift in how companies evaluate and select candidates, but the benefits are well worth the effort. Embrace skills-based hiring and unlock the full potential of your talent pool. 

Over the past several years, there has been considerable discussion around the cybersecurity talent pipeline and hiring practices. We are now at a pivotal moment where five generations of workers are concurrently in the workforce, college enrollment is declining, and non-traditional skill paths are gaining momentum. The time is ripe for companies to reimagine how they recruit and hire talent. At CyberUp, we recognize that skills-based hiring is the model needed for the future.

In the coming weeks, we will define and illustrate the skills-based hiring model to establish a baseline set of expectations. Our goal is to inspire hiring managers and talent teams to embrace this practice because staying ahead of threats requires an agile, knowledgeable, and innovative workforce. Traditional hiring practices prioritize degrees/certifications and must evolve to recognize candidates with practical experience and the skills necessary to excel. Enter skills-based hiring—a transformative approach that prioritizes a candidate's abilities over formal credentials. Let’s explore what skills-based hiring means and why it's a game changer for cybersecurity.

Defining Skills-Based Hiring

Skills-based hiring is an approach that focuses on evaluating a candidate's specific abilities, practical experience, and demonstrated performance rather than their educational background or formal qualifications. This method assesses what a candidate can do and how well they can do it, making it a more inclusive and effective way to identify top talent.

We have been talking about the model for quite some time. Check out CyberUp’s early take on the concept.

The Building Blocks of Skills-Based Hiring

1. Practical Assessments

Practical assessments are at the heart of skills-based hiring. These evaluations mimic real-world tasks and scenarios candidates will encounter in their roles. For cybersecurity positions, this could include challenges like identifying vulnerabilities in a system, performing penetration tests, or developing secure code. These tasks provide employers with a clear and concrete understanding of a candidate's technical prowess and problem-solving abilities, offering insights that go beyond a resume.

2. Portfolio Review

A portfolio showcases a candidate’s hands-on work and projects, offering tangible evidence of their skills. In cybersecurity, this might include contributions to open-source projects, code samples, security research publications, or documented bug reports. Reviewing a portfolio allows employers to see the depth and breadth of a candidate’s experience, their ability to complete projects, and their commitment to the field. This element also highlights continuous learning and innovation, which are crucial traits for cybersecurity professionals.

3. Relevant Experience

Skills-based hiring places a strong emphasis on relevant experience, including internships, freelance work, volunteer projects, and self-initiated endeavors. This experience is often more indicative of a candidate’s ability to perform in a real-world setting than traditional qualifications. For instance, a candidate who has actively participated in cybersecurity competitions or hackathons demonstrates both their passion and practical skills. By valuing these experiences, employers can identify candidates who have proven their abilities outside conventional pathways.

4. Continuous Learning and Development

The cybersecurity landscape is constantly changing, with new threats and technologies emerging regularly. Skills-based hiring recognizes the importance of continuous learning and professional development. Candidates who stay updated with the latest trends, tools, and techniques—whether through online courses, certifications, workshops, or self-study—are highly valued. This element underscores a candidate's proactive approach to their career and their ability to adapt to new challenges, which is essential in the fast-paced world of cybersecurity.

5. Soft Skills Evaluation

While technical skills are critical, soft skills such as communication, teamwork, and critical thinking are equally important in cybersecurity roles. Skills-based hiring includes the evaluation of these attributes through behavioral interviews, situational judgment tests, and collaborative tasks. For example, a candidate might be asked to explain complex security concepts to a non-technical audience or work with a team to devise a security strategy. These assessments help determine if the candidate can effectively contribute to and thrive within a team environment.

6. Role-Specific Simulations

Role-specific simulations provide a realistic preview of the day-to-day responsibilities candidates will face. These simulations involve responding to a simulated security breach, analyzing security logs for potential threats, or developing a risk management plan. By engaging candidates in these scenarios, employers can assess not only their technical skills but also their decision-making process, stress management, and ability to prioritize tasks under pressure.

Conclusion

Skills-based hiring redefines how cybersecurity professionals are recruited, emphasizing what candidates can do rather than where they’ve been. This approach ensures that the best-suited candidates are identified by incorporating practical assessments, portfolio reviews, relevant experience, continuous learning, soft skills evaluation, and role-specific simulations. As the cybersecurity landscape evolves, skills-based hiring will play a crucial role in building a robust, capable, and forward-thinking workforce. Embrace the change and watch your team—and your organization—thrive.

Reach out today and see how CyberUp's team of apprenticeship experts can help you!

Nate Miller's journey from a military cyber operation specialist to an Information Security Analyst at Swirlds Labs is a testament to his determination and passion for technology. Completing the CyberUp apprenticeship program, Nate's path was filled with learning, challenges, and significant achievements.

Discovering CyberUp

Nate began his career in the military, gaining foundational cybersecurity knowledge. As a National Guard member for the Army, his dedication was clear. Although he didn't have a degree, Nate earned a Cisco Certified Networking Associate certification, showcasing his technical skills. Nate chose CyberUp to further enhance his cybersecurity skills; the support and guidance from CyberUp made the field more accessible for him. His enthusiasm for learning and technology made cybersecurity a natural progression.

During the initial three months of his apprenticeship, Nate found himself enthralled by the learning opportunities at CyberUp. He appreciated the structured support system, which made the complex world of cybersecurity more accessible. This period laid the groundwork for his future advancements and achievements within the program.

Evolving Skills and Responsibilities

Nate's role at Swirlds Labs quickly advanced from basic tasks to more complex solo projects, such as phishing campaigns. He began working independently, gaining confidence and competence. His standout accomplishment was executing a phishing campaign using voice AI technology to clone the CEO's voice. This innovative approach not only demonstrated his technical skills but also earned him recognition and a bonus from the company. It showcased his ability to leverage new tools and technologies effectively.

Throughout the apprenticeship, Nate continued to acquire new skills and knowledge. He learned to use tools like KnowBe4 for training and phishing campaigns, gaining hands-on experience that integrated these tools into the company's processes. His evolving responsibilities and solo projects highlighted his growing expertise and readiness for more advanced tasks.

Balancing Work and Life

Nate maintained a healthy work-life balance throughout his apprenticeship. The flexibility of remote work allowed him to integrate his professional responsibilities with personal commitments, such as accompanying his girlfriend to a conference in Orlando. This balance was crucial in enabling him to pursue additional certifications outside of work hours, further enhancing his expertise.

Nate's ability to manage work-life balance effectively contributed significantly to his success. By working remotely, he could work from various locations, ensuring that his personal life did not interfere with his professional commitments. This flexibility also allowed him to focus on completing certifications, fully engaging in work tasks during work hours.

Advice for Future Apprentices

With the apprenticeship program behind him, Nate aims to delve deeper into red team cybersecurity, focusing on cyber attacks and prevention methods. The foundation laid during his time with CyberUp and Swirlds Labs will benefit this pursuit. Nate advises future apprentices to be trainable, flexible, and ready for challenges. His journey is a reminder that success in cybersecurity is about continuous learning and growth.

Nate Miller's story through the CyberUp program shows how structured learning and real-world experience can transform a passionate individual into a cybersecurity expert. His journey from soldier to cybersecurity professional is an inspiring example of how dedication and the right support can lead to success in the ever-evolving field of cybersecurity.

Beginning a New Chapter

Laura Ohanian's transition into cybersecurity began with a strong foundation in psychology and web design, and a determination to find a more stable and lucrative career to support her role as a single mom. Before joining CyberUp, Laura worked as an engraver at Scott Air Force Base and held diverse roles including a licensed esthetician. Her decision to shift careers was fueled by the growing demand in cybersecurity and the support structure provided by CyberUp’s apprenticeship program. Laura's journey in cybersecurity started with gaining her CompTIA Security+ certification, which equipped her to take on her new role as an associate information security analyst.

Growth and Learning

By the three-month mark, Laura had already taken charge of critical tasks such as managing the phishing email inbox and handling service requests for access to applications and workstations. Despite feeling occasionally behind her peers with IT degrees, Laura’s dedication and constant learning kept her job enjoyable and fulfilling. Six months into her role, she appreciated the never-ending learning curve in cybersecurity and expressed a desire to delve deeper into Governance, Risk, and Compliance (GRC), reflecting her passion for understanding the broader implications of cybersecurity measures.

A Year of Achievements and Aspirations

Approaching her one-year anniversary with CyberUp, Laura highlighted the emotional support and hands-on training that were instrumental in her professional development. Her ability to overcome challenges, especially in solitary study, was significantly aided by the resources and mentoring provided by CyberUp. Looking ahead, Laura aims to deepen her expertise in the GRC field and acquire further certifications to advance her career.

During this transformative year, Laura also made significant contributions to cybersecurity initiatives at SSM Health, where her role involved safeguarding sensitive medical data and ensuring compliance with healthcare regulations. Her involvement in developing and implementing security measures has been critical in protecting patient information and enhancing the organization's overall security framework. This experience at SSM Health not only sharpened her skills but also reinforced her commitment to the field, setting a solid foundation for her future aspirations in cybersecurity.

Contributing Back to the Community

Laura is not just committed to her own growth but is also eager to give back to the community that supported her. She has expressed interest in mentoring within CyberUp’s youth and alumni programs, hoping to guide others through their cybersecurity journey.

Laura’s story is a compelling example of how resilience, continuous learning, and community support can transform careers and lives. Her experience inspires current and prospective CyberUp candidates to pursue their goals with determination and seek the support they need to succeed.