The majority of security professionals leave for a place where they are valued, where they can learn new skills, and where they are a part of something bigger. Employee retention isn’t likely to improve unless companies have put in place the necessary foundation for finding, keeping, and nurturing the the best.
Cybercrime is on the rise, and businesses cannot afford to wait for new threats to surface. They must identify security incidents that may go undetected by automated security solutions on a proactive basis. Since 2019, according to the FBI’s 2020 Internet Crime Report, there has been a 69.4 percent increase in Internet crimes, with damages exceeding US$4.2 billion. Phishing scams, non-delivery/ non-payment frauds, and extortion were the top three crimes reported by victims in 2020.
In today’s market, finding and keeping good cybersecurity analysts and threat hunters is difficult, and it necessitates changing the interview process and evaluation criteria, as well as engaging employees in new ways. Here are some strategies businesses can adopt.
An Interview of a Different Kind
When interviewing a prospect, businesses look at their qualifications and degrees to see whether they have any specific specialty -they chose a field, adhered to it, and demonstrated that they had the necessary skills to pass. Is that, however, more significant than sheer curiosity? Curiosity, predisposition/ attitude, and culture fit are three important factors to consider.
Threat hunters should think not just like the hackers of today and the cybercriminals who came before. To a certain extent, they must think like criminals of the future. They must, to a certain extent, think like criminals of the future. They should be curious about the unknown.
Curiosity is a Powerful Motivator
Curiosity is a crucial. Technical knowledge can be taught, but curiosity, desire, aptitude, and the “figure-it-out” mentality is much more difficult to instil. During an interview, leaders can identify these attributes by asking interviewees increasingly tough questions and looking for those who can confess they don’t know but are eager to learn.
So, how can a company retain great cyber talent once they have hired them?
Don’t Put Them in a Box
Security operations centers (SOCs) usually break teams into tiers, each with its own set of responsibilities. This leads to monotony: detect an incident, create a ticket, and repeat until the shift is over. But, if that’s all the employee does, how will he or she ever advance? The more constrained an inquisitive person is, the more they want to see what’s outside their confines.
Leaders should encourage their SOC to create larger roles that allow employees to work their way through the entire incident management process, beginning from incident detection to response. Employees gain experience across the spectrum by allowing them to undertake the full analysis of an incident and involving them at every stage. Leaders should also encourage their analysts, as well as other resources, to push their own limits because it is a critical component of personal and professional development.
Create a Safe Environment
Allowing employees to obtain new experiences demands an environment where they feel comfortable asking questions. When pushed to their limits, security analysts must feel at ease and confident in their ability to raise their hand for help.
Analysts should be encouraged to work with other experts who may have more in-depth expertise of a particular stage of the incident response process. Collaborating on a process in which they aren’t as skilled gives them real-world experience and allows them to learn from a colleague. So, with the next incident, they might be able to finish the process on their own and gain a new ability to add to their analyst toolbox.
Don’t Hold Back on Training
Because cybersecurity is changing at a breakneck pace, leaving skilled professionals behind will make them feel stuck. A truly curious person will have a strong desire to learn and will often put learning ahead of other considerations.
Employee training budgets are frequently set at a low dollar amount, often at the corporate level. However, the best classes in cyber are costly. It is critical to advocate for employees and ensure that adequate training funds are supplied. Training is an investment that pays off in terms of new skills, staff retention, and morale.
Prioritizing training will reflect how much a company values the development and growth of its employees.
For more such updates follow us on Google News ITsecuritywire News