Scout, Recruit, Then Hire


infosec Recruiting

In the world of information security (infosec), finding and retaining top talent is a continuous challenge. The landscape is rapidly evolving, and organizations are on the hunt for individuals who not only possess technical prowess but also fit seamlessly into their teams. Drawing inspiration from the intense world of college football recruiting, where teams scout for exceptional athletes, I present an approach to infosec hiring. This method prioritizes building relationships, assessing group dynamics, and answering the hard questions right from the start.

Step 1: Scouting at Conferences and Networking Events

Much like college football recruiters attend high school games and events to spot potential stars, your organization should proactively participate in infosec conferences and networking events. Identify the high performers, the individuals who stand out through their knowledge, engagement, and passion for the field. Strike up conversations, exchange ideas, and aim to understand not only their technical skills but also their values, communication style, and approach to teamwork.

Step 2: The Power Lunch with the Team

Once you’ve identified potential candidates, invite them to a casual lunch with members of your infosec team. This is a critical step that mirrors the football recruiting process, where potential recruits visit the college campus and meet the team. During this lunch, the goal is not to grill candidates with technical questions but to gauge their compatibility with your team’s culture. Do their values align? Is their communication style a good fit? Do they show enthusiasm for collaboration? These are the aspects that can’t be easily assessed through a traditional interview.

Step 3: Testing Group Dynamics

After the initial lunch, it’s time to get creative. Arrange a collaborative activity or a problem-solving challenge that requires the participation of both the candidate and your current team members. This could be a mock security scenario, a brainstorming session, or even a team-building exercise. The goal is to observe how they work together, communicate, and contribute. Are they open to different viewpoints? Do they take the lead when needed? Do they respect others’ ideas?

Step 4: Inviting for the Formal Interview

If the interactions during the lunch and group activity have been positive and promising, it’s time to extend the formal interview invitation. At this stage, both parties are already familiar with each other’s values, communication styles, and collaborative abilities. The interview can now focus more on technical skills, problem-solving abilities, and their potential contributions to the organization’s goals.

Addressing the Hard Questions First

This innovative approach to infosec hiring tackles the tough questions upfront. By prioritizing relationship-building and observing group dynamics early in the process, you’re not only assessing the candidates’ technical skills but also their compatibility with the team and the organization’s culture. This reduces the risk of hiring someone who might possess impressive technical abilities but disrupts the team’s dynamics.

In a field where teamwork, adaptability, and effective communication are paramount, this approach ensures that candidates not only have the technical chops but also the interpersonal skills to thrive. Just as college football recruiters aim to build championship teams, your infosec hiring strategy can be the key to building a dynamic and harmonious group of security professionals who drive innovation and success.

Your Home Page for Information Security News

About Joe Sullivan 35 Articles
Joe Sullivan has worked in information security for over two decades. He holds numerous certifications and has worked in various roles during that time. Joe is a SANS instructor and senior security consultant for TrustedSec. Joe regularly contributes to SecFlux and shares some of his experiences, knowledge, and insight into current cyber events.