Ask the Expert

Best practices for choosing an information security team new hire

I'm a security manager who's looking to bulk up my security team. The executives at my company would like me to try to promote someone internally from our help desk. Many of the IT pros there have years of experience, but not in security. Are there certain qualities or experiences I should look for in a candidate?

    Requires Free Membership to View

There are two main things that you should look for when hiring an information security professional: Someone who can think like a security person and someone who can be flexible enough mentally to pick up new ideas quickly.

By thinking like a security person, I don't mean "thinking like a hacker." While hacking skills are useful in some contexts, there is much more to security then that. Thinking like a security person means putting one's self in the shoes of various users and thinking about what their needs are. How will they use the software? Also, how will they accidently or intentionally misuse the software? Then it's a matter of finding solutions that address identified issues.

It's also important for the candidate to be able to think like a business person, or a programmer, or any other type of end user. Most importantly, however, he or she must understand that, in reality, security is about finding an acceptable compromise between perfect security and usability.

In order to achieve this compromise, the potential team member should be able to absorb new ideas and technologies quickly so he or she can help users make intelligent risk decisions. So in reality, those two traits I mentioned a minute ago are one in the same.

This mental agility, in my book, is far more important than years of experience. If someone has the right mindset, then he or she can learn the specific technologies or regulations required for the job. Working with this sort of person is far easier then breaking someone out of a solid mold.

For more information:

This was first published in March 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: