Rethinking How to Recruit InfoSec ProsSkilled Job Prospects Ignored for Not Having 'Proper' Credentials
Rodney Petersen sees too many government agencies and businesses using old-school methods to identify and recruit IT security professionals. And, as a result, they often fail to build their cybersecurity staffs.
Petersen is director of the National Institute of Standards and Technology's National Initiative for Cybersecurity Education, known by the acronym NICE.
In an interview with Information Security Media Group (click player below photo to listen), Petersen says employers too often ignore qualified job prospects because they might hold an associate's degree, but not the obligatory bachelor's degree, despite having the right know-how to get the job done.
"HR and job descriptions quite often try to do what everybody else is doing, and therefore if everybody else is requiring a bachelor's degree, three-to-five years' experience and XYZ certification, then that must be good for us, too," Petersen says. "There is really no direct evidence [those requirements are] measuring the knowledge skills and abilities needed."
Petersen, in the interview:
- Explains the importance of accurately describing job characteristics to attract the right people for the positions;
- Encourages employers to hire quick learners because the rapidly evolving IT security field requires professionals who can absorb new knowledge and pick up new skills swiftly;
- Describes the significance to job seekers, employers and educators of a new visualization mapping tool NICE is funding that will identify geographically IT security needs.
NICE, a government-private sector initiative housed at NIST, aims to develop IT security programs to accelerate learning and skills development, nurture a diverse learning community and guide career development and workforce planning.
Petersen, before joining NIST, served as managing director of the EDUCAUSE, a not-for-profit association of IT leaders aimed at advancing higher education, where he founded and directed its Cybersecurity Initiative and was the lead staff liaison for the Higher Education Information Security Council. He coedited the book titled Computer and Network Security in Higher Education.