Computer Security Day is Nov. 30, making it a great day to think about the foundation of strong security: your employees. With the threat landscape constantly evolving, you need to develop your employees' skills with each small step in sophistication and every massive leap in technological advancement. And to drive ROI, you need to strategically consider who you're training.
It may seem obvious: Of course you should train employees who come from a computer science background and demonstrate a competency in IT. But there are many non-tech qualities and traits that make for a successful cybersecurity professional - and you want to be careful to not overlook them when hiring or training your existing IT staff members.
Here are indications that an employee would be a good fit for InfoSec training:
Fast Company recently pointed out that musicians and other types of artists in creative fields could excel in cybersecurity due to their ability to think outside the box. For example, people who come from musical backgrounds are able to take complex concepts and organize them into patterns.
The source noted a common theme between mathematics and languages: They can be manipulated and constructed to produce different expressions and meanings. Additionally, writers or who majored in art or literature possess critical-thinking skills and imaginative characteristics that can be helpful in environments where innovative ideas and solutions are helpful.
"Certain qualities indicate an employee would excel at InfoSec training."
They come from a military background.
These individuals are disciplined and know how to work well under pressure. They're training has already made them accustomed to operating under the conditions where the possibility of an attack is always present and how to prioritize based on process, approach and control.
Sarah Ellen Freed made a noteworthy observation about this concept in a research report.
"Cybersecurity professionals can be considered the police officers of the information technology field," she wrote. "Therefore, a consideration of both law enforcement and information technology provide a basis for consideration of those characteristics most relevant to cybersecurity."
People who come from this background know how to work with a team to achieve a common goal. Plus, they usually have high levels of integrity and trustworthiness that can be useful in situations where critical processes and sensitive information are at stake.
They are passionate about learning.
Someone with an innate hunger to learn and thirst for knowledge is great for IT because it is a field that is constantly evolving and uncovering new ground. Whether it is the people who are constantly asking questions and trying to figure out how things work, those who have committed themselves to continued learning - even when it wasn't necessary - or the employees always willing and eager to teach others, someone who showcases an appreciation and even passion for education will likely excel in InfoSec training.
Just because an employee hasn't made their life about computers and technology doesn't mean they wouldn't succeed in cybersecurity. Given the appropriate training, InfoSec skills can be taught - especially when the trainee has already demonstrated they are predisposed to the personality traits needed to execute certain cybersecurity roles.
To further ensure a high ROI on InfoSec training, take into account the specific type of training each employee should undergo based on their individual skills. To learn more about this, download our whitepaper.