Cy Says Blog & Podcast

Employers are recognizing the necessity of taking a skills-based hiring approach, in fact, LinkedIn’s Future of Recruiting Report found that 73% of recruiting professionals say hiring based on skills is a priority. Skills-based hiring is gaining momentum, and organizations are removing the degree requirement, but it’s not enough to power your Talent Acquisition strategy.

 Traditional Hiring Practices

This approach often prioritizes formal education and certifications. These credentials indicate a candidate’s knowledge, but they don’t always reflect their practical skills or ability to adapt to real-world scenarios and challenges. Using this practice alone will limit your talent pool and exclude candidates who may possess the skills but lack formal qualifications. 

Skills are the New Currency

Skills-based hiring focuses on candidates' abilities to perform specific tasks. Focusing on these tasks/skills can have significant advantages:

• Broader Talent Pool - Ability to tap into a diverse range of candidates, including those who are self-taught or have gained experience through non-traditional means.
• Better Job Fit - Skills-based assessments can accurately predict the candidate’s ability to succeed leading to better job performance.
• Adaptability - In fast-paced fields like cybersecurity, where threats and new technology are constantly evolving, skills-based hiring ensures that employees have the most current and relevant skills.
• Retention - 93% of apprentices are retained after completing the program according to apprenticeship.gov.

Innovating the Hiring Process

HR can play a pivotal role, here’s where to start:

• Develop a Skills Ecosystem - create a comprehensive list of skills/core competencies required for various roles within the organization.
• Design a Skills Assessment – Implement practical assessments such as coding challenges, case studies, or task simulations to evaluate ‘real-world scenarios.
• Pilot Program – Select a specific department or role to implement, this allows for easier monitoring and quick pivots according to the data you discover. Tip:  Start with a high-impact area like infosec/cybersecurity, due to the growing demand for skills and ever-changing requirements there is significant ROI potential.
• Executive Buy-In – Gaining executive support is crucial. Use data, involve key stakeholders early in the process, present data-driven insights, and align this program to the company initiative.

HR’s role in driving skills-based hiring initiatives is crucial for the future success of organizations. By innovating the hiring process, securing executive buy-in, implementing supportive policies, and piloting effective programs, HR can ensure that the organization attracts and retains top talent, ready to meet the challenges of tomorrow. Budgeting for FY2025 is right around the corner, there is no better time to bring this initiative to your organization than now.

Companies are facing an increasing number of cyber threats, and the ability to find the best talent in this field continues to be harder. Traditional hiring practices, which often prioritize degrees and certifications, can hinder a company's ability to quickly and effectively fill these roles. Skills-based hiring, which focuses on the actual competencies and abilities a candidate brings to the table, has emerged as a critical strategy for companies looking to build stronger cybersecurity teams.

Here’s why skills-based hiring is crucial for companies when hiring cybersecurity talent.

1. Addressing the Talent Shortage

The cybersecurity talent shortage is well-documented. In 2023, the global demand for cybersecurity professionals reached record highs, and projections suggest this demand will continue to grow. Relying solely on candidates with specific degrees narrows the pool of eligible applicants and exacerbates the hiring challenges companies face. A skills-based approach widens the candidate pool by focusing on what individuals can do rather than where they’ve studied. This shift allows companies to tap into a broader talent base, including self-taught individuals, those with certifications, and candidates from non-traditional educational backgrounds.

2. Faster Hiring Process

In a field as dynamic as cybersecurity, time is often of the essence. Cyber threats don’t wait, and neither can your company’s defenses. Traditional hiring processes, especially those that place heavy emphasis on degree requirements, can be slow and inefficient. Vetting candidates based on their demonstrated skills allows companies to streamline the hiring process, cutting down on the time it takes to fill critical roles. Instead of focusing on pedigree, companies can quickly identify candidates with the exact skill sets needed to address their cybersecurity challenges.

3. Adaptability to Changing Threats

The world of cybersecurity is constantly evolving, with new threats emerging every day. As such, the ability to adapt and learn on the job is essential for cybersecurity professionals. A skills-based hiring approach focuses on candidates who have demonstrated their ability to adapt, solve complex problems, and stay up to date with the latest cybersecurity trends. By prioritizing skills over formal education, companies can hire individuals who are not only equipped to handle today’s challenges but also prepared for the future.

4. More Diverse Teams

Skills-based hiring promotes diversity by removing barriers that disproportionately affect certain groups. Traditional hiring practices, such as requiring specific degrees from certain schools, often exclude candidates from diverse socio-economic backgrounds. Skills-based hiring levels the playing field, allowing individuals from various backgrounds to compete based on their abilities rather than their educational pedigree. Building more diverse teams is crucial for cybersecurity, as diverse perspectives lead to more innovative problem-solving and stronger defenses.

5. Increased Retention and Engagement

Hiring employees based on their skills often leads to higher engagement and job satisfaction. When candidates are hired for roles that match their skills, they are more likely to feel valued and motivated to succeed. This is especially important in cybersecurity, where the work can be high-pressure and demanding. By focusing on what employees can do, rather than traditional credentials, companies are more likely to retain top talent and reduce turnover.

6. Filling Critical Skill Gaps

Cybersecurity is a broad field, with various sub-specialties ranging from network security to ethical hacking and incident response. Not all cybersecurity professionals need the same set of skills, and traditional degree programs don’t always prepare students for specific roles within a company. Skills-based hiring allows employers to focus on the unique needs of their organization and hire candidates with the precise skills required to fill those gaps. Whether it’s hands-on technical experience or proficiency in using specific cybersecurity tools, skills-based hiring ensures that the right people are in the right roles.

7. Future-Proofing Your Workforce

Cybersecurity threats and technologies are evolving at an unprecedented rate. Companies need employees who are not only skilled today but are also capable of growing with the industry. Skills-based hiring focuses on an individual’s ability to learn and adapt, which is key to staying ahead in a fast-paced field like cybersecurity. By hiring for current and future capabilities, companies can build resilient teams that are prepared to tackle emerging threats and technological advancements.

Conclusion

In a field as critical as cybersecurity, where threats are evolving every day, companies cannot afford to rely solely on traditional hiring methods. Skills-based hiring offers a more agile, inclusive, and effective way to bring talent into the organization. By focusing on the abilities and experiences of candidates, rather than rigid educational requirements, companies can build more robust cybersecurity teams, close skill gaps faster, and ultimately protect their digital assets more effectively. 

Skills-based hiring is not just a solution to the talent shortage; it’s a strategic approach that ensures businesses are prepared for the cybersecurity challenges of today and tomorrow.

In today’s rapidly evolving job market, the path to a rewarding career is no longer confined to traditional education or rigid career paths. As industries transform and technology advances, the skills required to thrive in various roles are shifting. For job seekers, especially those looking to break into new fields or pivot their careers, understanding the importance of transferable skills and the rise of skills-based hiring can be a game-changer. This is especially true in the dynamic field of cybersecurity, where the demand for skilled professionals continues to outpace supply.

The Shifting Job Market

Historically, employers placed heavy emphasis on specific qualifications, such as degrees from prestigious institutions or years of experience in a particular field. While these credentials are still valuable, they no longer hold the monopoly they once did. Employers recognize the skills an individual brings to the table can be more predictive of success than traditional qualifications alone.

For job seekers, this shift represents an enormous opportunity. Whether you’re transitioning from the military, changing careers, or re-entering the workforce after a hiatus, the skills you’ve acquired—often in seemingly unrelated roles—can be your ticket to new and exciting opportunities, particularly in the rapidly growing field of cybersecurity.

How Skills-Based Hiring Empowers Job Seekers

Skills-based hiring is an approach where employers prioritize a candidate’s skills and abilities over traditional qualifications like degrees or specific job titles. This method is becoming increasingly popular, especially in fast-growing industries like cybersecurity, tech, and healthcare, where the demand for talent often outpaces the supply of formally qualified candidates.

For job seekers aiming to enter cybersecurity, this means that your diverse background, filled with a variety of roles and experiences, can be an asset rather than a hindrance. Here’s how skills-based hiring can work in your favor:

1. Highlighting Your Unique Strengths: Instead of worrying about gaps in your resume or a lack of formal education in cybersecurity, you can focus on showcasing the skills you’ve developed throughout your life and career. This approach allows you to present a more holistic picture of what you bring to the table.
2. Opening New Doors: Skills-based hiring can help you break into cybersecurity roles you might not have considered before. For example, if you have a knack for problem-solving and have developed strong analytical skills in a previous role, you could pivot into a cybersecurity analyst position, even without a traditional background in that field.
3. Fostering Continuous Growth: When employers focus on skills, they’re often more open to candidates who show a willingness to learn and grow. This mindset encourages continuous professional development, allowing you to build on your existing skills and acquire new ones, keeping your career trajectory dynamic and forward-moving.

Positioning Yourself for Success in Cybersecurity

To fully leverage the power of transferable skills and thrive in a skills-based hiring environment, especially in cybersecurity, it's essential to position yourself strategically. Here’s how to do that with a focus on entering the cybersecurity field:

1. Deeply Understand Your Skills: Begin by conducting a thorough self-assessment to identify your transferable skills relevant to cybersecurity in your current career. For example, teachers possess a wide range of transferable skills that can be highly valuable in a cybersecurity role. Their ability to communicate complex information clearly and effectively translates well into explaining technical concepts to non-experts, a critical skill in cybersecurity. Teachers are also adept at problem-solving, often having to think quickly and adapt lesson plans to meet the needs of their students, which mirrors the dynamic and fast-paced nature of cybersecurity. Additionally, their organizational skills, attention to detail, and experience in managing sensitive information align perfectly with tasks like risk assessment, data protection, and incident response. By leveraging these skills, teachers can make a smooth transition into cybersecurity, bringing a fresh perspective and a strong foundation for success.
2. Research the Cybersecurity Market: Before you start applying, research the specific cybersecurity roles you’re interested in, such as security analyst, SOC analyst, or penetration tester. Look at job descriptions to identify the most in-demand skills and certifications, such as CompTIA Security+. However, many skills that aren't tied to formal certifications can be just as valuable as technical expertise. These transferable skills, often honed through diverse work experiences, can be just as impactful as certified technical knowledge in a cybersecurity career. This research will help you understand how your existing skills align with what cybersecurity employers are looking for.
3. Tailor Your Resume and Cover Letter: With your skills inventory and market research in hand, craft a resume and cover letter tailored to each cybersecurity job you apply for. Highlight your transferable skills prominently, using specific examples of how you've applied them in previous roles. For instance, When transitioning from the military to a cybersecurity role, emphasize transferable skills like discipline, attention to detail, and risk management on your resume. Military experience with assessing threats, responding to emergencies, and working in high-pressure environments closely aligns with cybersecurity demands. Highlight leadership, teamwork, and any technical work with communication systems or intelligence gathering to show your readiness for roles in security operations and threat analysis. Use action verbs and quantify your achievements to stand out.
4. Build and Showcase a Cybersecurity Portfolio: Cybersecurity is a field where practical skills are highly valued. Create a portfolio that showcases your work, such as write-ups on cybersecurity projects, contributions to open-source security tools, or successful completion of Capture the Flag (CTF) challenges. This tangible evidence of your skills can be a powerful supplement to your resume, demonstrating your readiness for a cybersecurity role.
5. Optimize Your Online Presence for Cybersecurity: Ensure your LinkedIn profile and other professional social media accounts reflect your cybersecurity aspirations. Update your LinkedIn headline to highlight your key transferable skills and certifications. Engage with cybersecurity content, join relevant groups, and participate in discussions to increase your visibility. Consider writing articles or sharing posts that demonstrate your knowledge and interest in cybersecurity.
6. Prepare for Cybersecurity Interviews with a Skills Focus: During interviews, be prepared to discuss your transferable skills in detail and how they apply to cybersecurity. Practice answering questions that ask for examples of how you've handled security-related issues or managed risks in previous roles. Use the STAR method (Situation, Task, Action, Result) to structure your responses, emphasizing your ability to adapt and learn quickly.
7. Pursue Continuous Learning in Cybersecurity: Cybersecurity is a field that evolves rapidly, so continuous learning is essential. Pursue certifications like CompTIA Security+, CEH, or a vendor-specific cloud certification to enhance your credentials. Online platforms like ITPro.TV, SANS, and Pluralsight offer courses that can help you build the necessary skills. This not only improves your marketability but also shows potential employers your commitment to cybersecurity.
8. Network with Cybersecurity Professionals: Networking is crucial in the cybersecurity community. Attend industry events, join professional associations like (ISC)² or ISACA, and connect with individuals who work in the cybersecurity roles you’re targeting. Informational interviews can provide valuable insights and open doors to opportunities you might not find through traditional job searches. When networking, clearly articulate how your skills are relevant to cybersecurity and the roles you’re interested in.
9. Consider Cybersecurity Volunteer Work: If you’re looking to break into cybersecurity, consider volunteering or freelancing in roles that allow you to apply your skills in a security context. This not only helps you gain relevant experience but also expands your network. For example, volunteering with CyberUp to speak with students and educate them on the importance of online safety and cybersecurity risks provides a great way to build skills while giving back to your community. 
10. Seek Feedback and Mentorship in Cybersecurity: Finally, seek feedback from peers, mentors, or industry professionals on how you’re positioning your skills for a cybersecurity career. Mentorship from experienced cybersecurity professionals can provide valuable guidance on navigating a career transition and offer insider knowledge on how to effectively market your skills to potential employers in this field.

Conclusion

In an ever-changing job market, the ability to leverage transferable skills and embrace skills-based hiring practices is crucial for job seekers, especially in cybersecurity. By positioning yourself strategically—through self-assessment, targeted research, tailored applications, continuous learning, and purposeful networking—you can open doors to new career opportunities and take control of your professional journey. Whether you’re just starting, changing careers, or looking to advance in your current field, the skills you’ve honed over the years are more valuable than ever, especially in the critical and rapidly growing field of cybersecurity.

Over the last several weeks we have shared a lot about skills-based hiring. It has been focused on the perspective of the employer and hiring manager, but there is another person involved, the applicant. Of course, they are where the rubber meets the road in the hiring process but it’s imperative to dive into the viewpoint of the potential hire. I will jump back to the employer side of things again but to help break up the monotony let’s deep dive into how an individual can control their future through skills-based hiring. 

Skills do not come in a one-size-fits-all model. There are several ways that an individual can obtain skills to obtain the job of their dreams. Some of them are free, some of them are low cost, and many have a larger price tag. Regardless of the one you choose, with a little bit of tenacity and grit, you can break into cybersecurity 100% of the time.

Free Options

1. Self-Study and Research
   1. Industry Blogs and News Sites: Regularly read cybersecurity blogs (e.g., Krebs on Security, Dark Reading) and news sites.
   2. YouTube Tutorials: Many cybersecurity professionals and educators share free tutorials on platforms like YouTube.
   3. Open-Source Tools: Experiment with tools like Wireshark, Nmap, and Metasploit in a home lab environment.
2. Hands-On Practice:
   1. TryHackMe (Free Tier): Access to a limited number of free labs and challenges.
   2. Hack The Box (Free Tier): Basic access to some of the labs and challenges.
   3. CTF Competitions: Participate in free Capture The Flag competitions hosted by various organizations.
3. Networking and Community Involvement:
   1. Join Cybersecurity Forums and Groups: Engage in discussions on platforms like Reddit, Spiceworks, or specialized forums.
   2. Attend Free Virtual Conferences and Webinars:** Many organizations host free online events and webinars.
4. Mentorship and Internships:
   1. Find a Mentor Through Networking: Reach out to industry professionals on LinkedIn or through local meetups.
   2. Apply for Unpaid Internships: Some internships might be unpaid but provide valuable experience.

Low-Cost Options

1. Apprenticeships: 
   1. CyberUp offers a 6-month pre-apprenticeship training for candidates to earn their CompTIA Security+ certification. After completion, candidates will begin their paid, on-the-job training cybersecurity apprenticeship program. 
   2. https://www.apprenticeship.gov/ - for other apprenticeship programs near you.
2. Online Courses: 
   1. Coursera, Udemy, Cybrary (Free or Low-Cost): Many courses have free options or are available at a low cost, especially during sales or with financial aid.
3. Hands-On Practice: 
   1. TryHackMe (Paid Tier): Access more advanced labs and features with a paid subscription.
   2. Hack The Box (Paid Tier): Unlock more labs and features with a subscription.
4. Networking and Community Involvement:
   1. Local Meetups: Some local meetups may charge a small fee for events or workshops.

Paid Options

1. Certifications:
   1. CompTIA Security+: Typically costs between $350-$370 for the exam.
   2. Certified Ethical Hacker (CEH): Costs around $1,200 for the exam, with additional fees for training materials.
   3. Certified Information Systems Security Professional (CISSP): Costs around $749 for the exam, with additional fees for study materials.
2. Formal Education:
   1. Degree Programs: Costs vary widely depending on the institution but can range from a few thousand to tens of thousands of dollars.
   2. Bootcamps: Intensive programs typically range from $5,000 to $15,000, depending on the provider.
3. Conferences and Networking:
   1. In-Person Conferences (e.g., DEF CON, Black Hat): Registration fees can range from $200 to over $2,000, depending on the event and type of pass.
4. Advanced Online Courses and Specializations:
   1. ITPro TV: Several options and class types with hands-on ranges that can range from $500 - $5,000.
   2. Coursera Specializations or Professional Certificates: Can range from $39 to $79 per month.
   3. Udemy Courses (Full Price): Typically range from $20 to $200 per course, though sales often reduce the price.

This isn’t an exhaustive list of options but it is a great starting point to build your skills in cybersecurity. My biggest advice is to follow these four simple recommendations to achieve your final goal, employment.

1. Determine where you want to be: There are so many options in the world of cybersecurity that you can pick a career. It can be slightly overwhelming to break down all the functions, skills, and opportunities available. The only way I have found to learn about each of these is to build a network of professionals on your side who coach and advise your journey. Through networking and mentorship, you can determine the best path and work towards the development of your training plan. 
2. Map out your learning journey: Now that you have a sense of what you want to do you need to figure out how you get there and gain those skills. Through conversations and research, you can determine the most important skills needed for the role and begin finding ways to learn them from the recommendations above. Free is always a great option but as you read, there are more than a few ways to get to the finish line here. 

• Build your network: Along your journey find new and fun ways to meet people. That can be virtual or in-person but building your community is critical to your long-term success. Find groups like OWASP, B-Sides, Defcon, ISACA, ISC², or others that meet regularly and provide professional development opportunities. These events are a great way to build advocates in roles you are interested in. 
• Pay it forward: It never feels like it happens fast enough but if you follow these rules you will eventually increase your odds of success. When you do get there remember how it happened and over to return the favor to someone else trying to break in. Bring new programs and opportunities to your work and continue to advocate for new hiring best practices. We all can acknowledge the system can use some help so join us in being part of the solution!

Now get out there and start gaining those skills! If you are someone looking to gain skills check us out or find us when you are ready to get to work. If you are a hiring company same advice, reach out and ask us how you can tap into our amazing bench of cyber-trained career transitioners! See you out there.

In the fast-paced, ever-evolving world of cybersecurity, the ability to adapt and thrive in the face of constant change is paramount. As cyber threats grow more sophisticated and diverse, the need for professionals who can pivot, innovate, and apply a broad range of skills across various scenarios becomes increasingly crucial. This is where transferable skills come into play.

What Are Transferable Skills?

As a quick reminder, transferable skills are competencies and abilities that are not tied to a specific job or industry but are applicable across various roles and environments. These skills, which include communication, problem-solving, teamwork, leadership, and adaptability, allow professionals to transition smoothly between different jobs and industries. In cybersecurity, where the landscape is always shifting, these versatile skills are essential for success.

Why Do Transferable Skills Matter in Cybersecurity?

1. Adaptability to Changing Threats: Cybersecurity is an ever-changing field. New threats emerge daily, and technologies that were cutting-edge yesterday may be outdated tomorrow. Professionals with strong transferable skills, such as adaptability and learning agility, can quickly adjust to new challenges, whether it's mastering a new software tool or responding to an unforeseen cyber threat.
2. Critical Problem-Solving Abilities: Cybersecurity professionals must be adept at identifying, analyzing, and solving complex problems. Transferable skills like analytical thinking and creative problem-solving are vital in developing innovative solutions to counter cyber threats. These skills enable professionals to think on their feet and devise strategies that go beyond standard protocols, addressing unique challenges with tailored solutions.
3. Effective Communication Across Teams: Communication is key in cybersecurity, not just within a team but across the entire organization. Professionals need to articulate complex security issues to non-technical stakeholders, ensuring everyone understands the risks and necessary actions. Strong verbal and written communication skills, along with active listening, are transferable skills that enhance collaboration and ensure that critical information is conveyed accurately and effectively.
4. Collaboration in a Team Environment: Cybersecurity is rarely a solo endeavor. It requires collaboration across various departments, from IT to legal to executive leadership. Transferable skills like teamwork and empathy are essential for working effectively with others, sharing insights, and building consensus on security strategies. These skills help in fostering a cooperative environment where diverse perspectives lead to stronger, more comprehensive security solutions.
5. Leadership in Crisis Situations: When a security breach occurs, quick and decisive action is required. Leadership, another key transferable skill, is crucial in guiding a team through a crisis. Whether you're leading a response team or coordinating with external partners, the ability to motivate, direct, and inspire others is invaluable in mitigating damage and restoring security.
6. Resilience in the Face of Adversity: Cybersecurity professionals often work under intense pressure, dealing with high-stakes situations that require resilience and a calm demeanor. Transferable skills like resilience and time management help professionals maintain focus, manage stress, and continue performing at a high level, even when the stakes are high and the challenges seem insurmountable.

The Bottom Line:

Skills-based hiring in cybersecurity focuses not only on a candidate's technical skills but also on transferable skills. Transferable skills allow professionals to navigate the complexities of the field, respond to emerging threats, and communicate effectively across an organization. For employers, recognizing and valuing these skills in candidates can lead to more effective teams and stronger security postures. For job seekers, showcasing transferable skills can make you a more attractive candidate, capable of thriving in a dynamic and demanding industry.

Curious about how to identify and develop transferable skills for cybersecurity? In our next blog, we’ll dive deep into strategies for building and highlighting these skills in your job search. We’ll explore how skills like problem-solving, adaptability, and communication can not only help you break into the field but also ensure your long-term success. Stay tuned to learn how these skills can empower you to stand out in a competitive job market and become a valuable asset to any organization.