The Rise of Education and Awareness in Security
The information provided to you is motivated by the increased emphasis on education and awareness policy we have seen within the market which in turn has led to an increase in demand for these specialists within a firm’s security function.
In this article we run through the business case for hiring in this space, the recruitment challenges our clients have faced, and the ‘ideal candidate profile’, providing you with an overview of wider market conditions.
Barclay Simpson is an international recruitment consultancy that specialises in recruiting professionals for the interrelated disciplines of governance, namely Information / Cyber Security, Risk, Resilience, Audit, Compliance, Legal and Treasury.
Why the increase in Security Education?
While attackers become more sophisticated in their attempts to disrupt business, firms now need to ensure their entire staff can be a reliable 1st line of defence. A training & awareness resource is proving to be the most effective way of addressing this.
According to Cybersecurity Ventures the cost of global cybercrime expected to rise to £6 trillion by 2021, it is business critical to educate end users. In previous years the education and awareness vacancies we recruited for were motivated and prompted by failed audits and regulatory pressures. Whilst regulatory motivation remains prevalent there is a growing awareness amongst Security Leaders that developing security skill and behavioural changes are necessary to create a “human firewall”. Without this an organisation is never truly secure.
What are the challenges when recruiting?
The first challenge can be to educate the Board as to why such an individual/s is necessary. In most cases, it is no longer enough for Education and Awareness to become a “bolt on” to someone’s job specification. For scalable and progressive firms, it should serve as a dedicated role and in many cases a dedicated function. If and when the green light is given to recruit, there is one key challenge faced by hiring managers:
How do we measure success?
The responsibility to measure the successfulness of a hire in this space lies with the appointed candidate.
Contractors are often better equipped to “hit the ground running” due to their understanding of an expected swift return on investment from the board. Due to their experience in different industry sectors and varying levels of security and risk maturity, most contractors are equipped with the means to demonstrate a measure of success and progress, there is really no blanket approach.
Culture is seen as the most difficult aspect to change in any organisation. The ability to demonstrate progress throughout the journey is crucial This may take the form of metrics and reporting.
There is not a “one size fits all” approach. Unlike other positions within Security that rely heavily on technical ability, this GRC focused role is highly people orientated.
The Ideal Education and Awareness Candidate
- Understanding the human element and the ability of forging real relationships with stakeholders
- The ability of creating long lasting habits that result in company wide behavioral change
- Translating the necessity of cyber security into an easily understood and digestible language across all businesses levels
- Strong understanding of Security, Risk or Governance facilitating awareness and understanding to all stakeholders
- The capacity to produce metrics and analytical reporting to monitor success of engagement with new initiatives
- Graphic and content creation aiding in the education and awareness on all business levels
- Project planning and deployment skills
- The skill to articulate the challenges to key decision makers to gain buy in for key initiatives
- Security certification and deep technical knowledge is not necessary but is advantageous
Would you like to discuss your recruitment needs for 2019? I’d love to hear from you, so please contact me via email at jem@barclaysimpson.com