Trying to recruit a Unicorn, when a Pony is just fine

Raising children, I believe is an amazing blessing for those that are inclined and at times a confusing trial of wins and errors. As a father, I have had an incredible time raising two sons over the last twenty years and now both of them are millennials entering the workforce. I find watching them deal with this reality is a lesson in patience and understanding. My oldest son, has completed a degree in IT and is now looking for his first entry level position. So far, after 40+ applications and a handful of interviews, he is still pushing forward seeking that illusive first job after college. As a father, I of course got interested and decided to read some of these entry level job descriptions and needless to say I was surprised. For an entry level position, I found many employers were asking for a lot of experience in multiple skills, programming languages or professional certifications. I found myself thinking, this is entry level right? For an entry level position why are they asking for three years of experience? For an entry level position, why are they asking for experience in several programming languages or multiple technology suites/professional certifications?

As you can imagine this surprised me, but then I remembered a conversation I had recently in Denver. Several weeks ago, I attended a CISO round table dinner in Denver hosted by Logrythm. Robb Reck, CISO for Ping Identity, led the discussion that evening over some excellent sushi and many of the questions were focused on the subject above, finding talent, hiring the right staff, mentoring teams and helping HR understand how to recruit viable cyber/IT candidates. That evening, Robb discussed how he likes to hire people who were developers, who now want to transition into the field of cybersecurity. I found his insight interesting, he has seen as many of our peers have found over time, that it can be advantageous for the CISO to grow their teams with talent already in their organization. Many of us CISO's have been frustrated over the years trying to fill open positions with job descriptions that are basically for unicorns. I now believe it is critical for the CISO to be involved in the whole HR process for new team members and we should be willing to accept candidates who are a good team fit, but don’t necessarily meet the hallowed status of a cyber unicorn. Honestly, I would be happy with a couple of hard working ponies who I could mentor and help them become unicorns.

So Rob, I am happy to say I get where you are coming from and I agree. I see many veterans who are transitioning and they are interested in the cybersecurity field. Many of them definitely fit the mold of a hard working pony and I find it refreshing that I don’t need the laundry list of requirements on a job description to be matched for me to be happy with a candidate. As long as they can meet a couple of primary skills for the position and they have the soft skills to mesh with my teams, then that’s good enough – let’s get to work.

As for my son, I told him to take some other IT classes and to not give up. I told him that he should look at other positions within the IT/Cyber community and to not worry about meeting all of the mundane requirements on a job description. I told him to get involved with the community and to be a tenacious pony because it will pay off, that his first job may not be the position he had envisioned in school. Then again, who out here in the IT/Cyber community has not moved to different positions during their career? A pony has to start somewhere if they want to become a unicorn, so a word to our community we need to give them a chance, think of all the talent we could be missing.

***One last note, in addition to having the privilege of serving as Vice President and Chief Information Security Officer for Webroot Inc., I am co-authoring with my partners Bill Bonney and Matt Stamper on Part 2 of the CISO Desk Reference Guide. For those of you that have asked about our first book, more information can be found at https://www.cisodrg.com. We expect to have Part 2 available this December.