Cyber security hiring: skills vs. qualifications

In Information Security ByTeam Acumin / 27th November 2014

There are nearly five million small to medium-sized enterprises in Britain and, potentially, they are all at risk of cyber attacks. On a daily basis, a new computer virus or web-based scam is launched against a UK business, with experts estimating that 12.5% are affected by losses due to fraud – a sum that collectively sits in the billions.

While enterprises and individuals have come to rely more and more on technology, cyber security skills and qualifications have not quite kept pace. Skilled and qualified cyber security operatives are in high demand in a number of sectors globally and, as a result, various educational establishments offer specialised courses.

Finding the right candidates in cyber security can be a daunting task. There will always be newcomers with a long list of qualifications, and there will likewise be those with impressive skills but lacking in certification – but which should a potential employer choose?

Ideal candidates

There’s a seemingly unlimited number of online courses that prospective candidates may have taken, but unless these are affiliated with well known real-world establishments or reputable websites, there may be little credence. There are a number of universities and colleges offering cyber security courses, and with them there is reassurance for anyone seeking to hire a cyber security expert.

Of course, there is no substituting hands-on experience and skills testing. Many professionals seeking a career in cyber security will enter competitions and challenges. These events test the quantifiable abilities of candidates and, for companies looking to recruit, they are an ideal networking opportunity.

Candidates will often come from an inter-related IT specialism and will have a thorough knowledge of the systems used by businesses. As they move into the more specialized area of cyber security, they often train on the job and don’t necessarily have a handful of cyber security qualifications attached to their CV.

The grad route

In contrast, there is a glut of fresh-faced graduates who have taken a more academic route. They hold degrees related to the field, and are eager to get to grips with the cyber security of any employer who will give them a chance. What they may lack in real-world experience is offset somewhat by their knowledge of the most up-to-date cyber security techniques and applications.

Many industry specialists register on professional social network site LinkedIn, listing any cyber security work or challenges they have completed for prospective employers to see. As a result, many will have endorsements for their work.

As in most fields, cyber security has its difficulties when it comes to employing new people, and there are no hard and fast rules when weighing up skills against qualifications. There will always be stand-out candidates with next to no experience and, likewise, there will be inexperienced, highly qualified candidates who instantly generate a feeling of confidence in their abilities.

Ultimately, it seems a hands-on test, as part of any recruitment activity, will provide a greater insight into a candidate’s abilities than any qualifications or claim of skills and experience.