Cybersecurity is one of the top concerns for organizations today – whether they are small, medium or large businesses. Gartner estimates that the global spending on Cybersecurity would top US$96bn in 2018, an increase of 8% over 2017.
The Official 2017 Annual Cybercrime Report predicts that global losses arising out of cybercrime is expected to touch US$6tn by 2021, up from US$3tn in 2015. According to the same report, it is estimated that that there will be one Ransomware attack every 19 seconds by 2019.
Is spending on technology enough?
While increased spending on technology and services can help manage the changing threat landscape in the short-run, the benefits will become incremental over time. A strong and robust Cybersecurity organization will not only focus on the technical architecture but also on the human side of its operations. There is a need to channelize the resources to cover the aspects of Technology, Process and People – the 3 crucial parts of a successful Cybersecurity organization.
The people function:
Recruiting people with the ‘right skills’ has emerged as one of the top challenges today. The global Cybersecurity talent landscape is typically different from other technology domains and skill areas – there are more Cybersecurity jobs globally than people with the requisite skills indicating a near-zero unemployment rate. This has made the job of recruiting the right talent all the more difficult in a shrinking talent market. A wrong hire can lead to cost escalation – replacement cost plus cost of hiring temporary resources.
While a skills test followed by a structured interview has been the most prevalent method of hiring, things are changing today. Organizations are trying to gauge ‘latent skills’ in candidates to asses their Cognitive capabilities and Behavioral traits. According to a research done by IBM Smart Workforce Institute, “the main differentiator between more and less effective cybersecurity professionals is the so-called ‘soft skills’, not technical skills”.
Changing dynamics of cybersecurity hiring:
Many organizations are introducing the element of Behavioral Assessment in to their Cybersecurity recruiting programs. One of the key drivers is the need to assess latent abilities in a candidate as opposed to an existing technical capability. There are 3 broad assessment areas:
- Cognitive Capabilities includes verbal skills, verbal reasoning, numeric ability and reasoning
- Behavioral Traits to indicate organizational and culture fit
- Motivation and Interests help assign tasks to bring about alignment between their interests and job responsibilities.
Benefits of behavioral assessment
- Predicting performance: This can provide insights in to the future performance of resources who may not have all the requisite technical skills but are still being considered based on their behavioral and cognitive abilities. This can prove to be a good indicator of their potential performance should they be hired.
- Data-driven decision making: The behavioral data which is generated can provide insights in to the strengths and weaknesses of the resources which can be leveraged for future training requirements to improve performance.
- Cost savings: Technical assessments coupled with behavioral assessment is key to a successful hiring decision. It is the most cost-effective combination which accounts for 40% of job performance.
Cybersecurity behavioral assessment market:
In recent times, technology companies and software vendors have introduced behavioral & aptitude assessment frameworks and tools to help recruiters cope up with the challenge. Generally, most of them are extensions of existing Talent Management solutions but some others are standalone products or bespoke solutions.
In March 2918, IBM launched the Cyber Aptitude Assessments as a part of IBM Kenexa Behavioral Assessments for Hourly Roles on Cloud, which delivers technical aptitude assessment. This assessment tool is designed to measure the aptitude of the candidates along 3 important scales – Personality, Error Detection, and Pattern Matching. This helps Chief Information Security Officers (CISOs) and Chief Human Resource Officers (CHROs) to select and retain Cybersecurity professionals across roles – Security Data Analysts, Cybersecurity Developers, Threat Monitoring Analysts etc.
Another similar assessment framework, SANS CyberTalent Aptitude Assessment, is a 30-question assessment tool that focuses on 3 core elements of aptitude – Comprehension, Problem Solving and Knowledge Application.
Clearly, assessments are becoming holistic, incorporating not only technical assessment but assessment of candidates’ soft/behavioral skills. These skills go a long way to determine the success of a candidate in a cyber role.
While multiple solutions are available in the market which can be used across job roles and industry clusters, there are only a few that are focused on Cybersecurity alone. Though the market is at a nascent stage, it is expected that Talent Management and HR Technology solution providers will be launching similar products in the next 12-18 months.