Recruiting and Measuring Key Cybersecurity Roles—Starting with Your Core Values
By Angela Redmond and Nick Vetere
At BARR Advisory, one of our core values is transparency. By offering transparency in all we do, we build relationships based on respect, accountability, and trust. This not only helps us align with our company vision, but also promotes a healthy team of associates.
Within the organization, BARR strives to promote transparency from the top down. This means talking openly about mistakes and how to learn from them. Failure and asking for help is not viewed negatively, as we believe that’s how we grow.
From a recruiting perspective, we believe it’s also important to be transparent with candidates who are looking to obtain a cybersecurity role. When recruiting at BARR, we provide information upfront like salary range, anticipated hours, day-to-day expectations, and highlight our unique culture.
With transparency in mind, let’s take a deeper look at how BARR recruits for and measures those in key cybersecurity roles.
Recruiting for Cybersecurity Roles
Technical Skills
When recruiting individuals for cybersecurity roles, it’s important to look for past experiences in working with cybersecurity compliance frameworks like SOC 2, ISO 27001, HIPAA, HITRUST, etc. Having this technical aptitude will ensure candidates can hit the ground running to support your cybersecurity program once onboarded. However, gaining this experience takes time, and a demonstrated desire to learn and gain this experience goes a long way. Those who’ve taken courses, gained certifications, and received exposure via training can also be great candidates for key cybersecurity roles.
Another factor when recruiting for cybersecurity roles is looking for individuals who have experience with cloud service providers like AWS, Microsoft Azure, and Google Cloud Platform. From startups to enterprises, most organizations today operate at some capacity in cloud environments, whether they are hybrid or fully cloud-based. Having experience with cloud-based environments demonstrates an experience in these compliance-focused roles.
Communication and Inclusivity
Cybersecurity can become complex very quickly. There’s a lot of specific vocabulary and intrical steps to complete when working through an audit or creating a cybersecurity program. Those in cybersecurity roles will be working with clients on solutions to their, oftentimes, complex problems. Internally, cybersecurity teams must communicate about client issues, new technologies, developing security issues, and much more
That’s why it’s important to remove the complexity in cybersecurity through simplicity. Individuals who work in cybersecurity roles must obtain strong written and verbal skills that are communicated simply and effectively.
Effective communication is even more critical when working on remote teams and projects. While it can be challenging to convey an idea clearly through a video conferencing platform or Slack, it’s important to find those who can get their point across clearly in a remote environment.
Hiring candidates that bring diverse skill sets and backgrounds is also important when recruiting for cybersecurity roles. After all, diverse perspectives cultivate innovative ideas. For example, an individual with accounting or even traditional IT experience can use their experience when reviewing general and application controls. Similarly, candidates with backgrounds in teaching and education often excel when working with clients and learning cybersecurity best practices.
Where to Recruit
Sometimes the best candidates are not always actively looking. At BARR, we recruit from various avenues with the intention to hire people who are committed to their role and our organization.
A few of our recruiting partnerships include:
- Evolve Security Academy
- LinkedIn groups such as Women in Cybersecurity and business-oriented organizations
- Apprenti for our apprentice program
- Colleges and universities to recruit a diverse pool of recent graduates
Measuring Success in an Evolving Industry
When measuring success within cybersecurity roles, it can be important to check in with associates frequently. At BARR, performance coaches connect with their team on performance and overall well-being through monthly 1:1s, quarterly conversations, and annual performance reviews, making sure the right people are in the right seats.
If factors outside the workplace affect individual productivity, we allow for transparency, working as a team to get the job done. Meeting expectations and performing at a high level while providing clients with the tools to exceed their security goals ensures success both individually and as a team.
Scorecards and KPIs
Cybersecurity scorecards can be used as an evaluation tool to measure the overall effectiveness of a cybersecurity program. Scorecards typically include several key performance indicators (KPIs), which provide a way to measure against a predetermined cybersecurity indicator.
Typically one person owns an individual KPI within a scorecard. This helps to clarify each person’s responsibilities and performance of those responsibilities with review dates and target goals. For example, one person may be in charge of making sure all new employees complete security awareness training while another may be tasked with making sure all laptops have the correct software installed.
While scorecards may take some time upfront to create, they can be a helpful tool in measuring the responsibilities of those key cybersecurity roles.
Adaptability
As an ever-evolving industry, it’s important for individuals to maintain a curiosity and willingness to learn. There are many educational opportunities available online, and autonomous research with the right tools is essential for those in key cybersecurity roles.
BARR recruits individuals who are not only willing to adapt but raise their hand and take initiative. Associates who are assertive and strive to evolve as a person demonstrate they can be future ready, enhancing individual and business growth.
Automation
With the increase in security issues and need for internal controls, automation is becoming an even greater need in IT auditing. Automation creates more seamless audit engagements and helps clients have a better pulse on their cybersecurity posture. Those in cybersecurity roles will have the opportunity to hone in on the consulting aspect of their jobs as auditing becomes less about monitoring compliance issues and more about identifying problems for organizations and advising clients on best practices.
Interested in learning more about recruiting for key cybersecurity roles? Contact us.
About the Authors:
Angela Redmond is Director of BARR Advisory’s Cyber Risk Advisory practice. She is known for her exemplary client service as well as her technical expertise in assessing security and compliance against regulatory standards including SOC 1, SOC 2, and SOC for Cybersecurity. Angela currently serves clients in a wide range of industries — from global technology services and media production to financial services.
Prior to joining BARR, Angela was a Senior Auditor for the Federal Reserve Bank in Kansas City and later a Financial Systems Analyst at the Board of Governors of the Federal Reserve System in Washington, D.C. She holds a Bachelor of Science in Accounting from Kansas State University.
As Recruiting Manager, Nick Vetere is responsible for recruiting and retaining top tier-talent for BARR. In addition to developing and implementing innovative recruiting strategies, Nick also provides support to various People Operations efforts, including diversity, equity, and inclusion.
Nick has extensive experience in recruiting talent for top public accounting firms, having worked as a recruiting manager for both BDO and KPMG prior to joining BARR. He holds a Bachelor of Arts degree in organizational behavior studies from the University of Michigan and a master’s degree in accounting from Wayne State University.