Indeed reports that almost one in five jobs are highly exposed to generative AI. The technology has proved advantageous for cybersecurity careers, automating threat data analysis and allowing cybersecurity professionals to focus more on mitigating the risks. And let’s face it, considering the number of high-profile breaches we’ve seen in recent months, from MOVEit to Johnson Controls, cybersecurity pros need all the help they can get.
Generative AI can be a powerful tool for identifying new risks and alerts, but using it requires a unique skill set. When interviewing cybersecurity candidates, I look for three critical soft skills: lateral thinking, persistence, and communication.
1. Lateral thinking
While many employers emphasize problem-solving skills in job descriptions, the ability to think outside the box is imperative in cybersecurity. Candidates must be able to quickly pivot when addressing risks and threats in real-time. For example, a good candidate with lateral thinking skills will consider how new technologies like generative AI can be integrated into existing resources to identify security risks more quickly and streamline operations.
Candidates must be able to quickly pivot when addressing risks and threats in real time.
In addition to its benefits, generative AI introduces data security and privacy concerns that we can’t disregard. While candidates should know how to use this technology to their advantage, they must also understand how large language models (LLMs) can leverage and compromise organizations’ internal data. Unsurprisingly, nearly half of executives worry that the integration of generative AI will result in new attacks against their AI models, services, or data. Security professionals should be proactive and question how new threats can bypass existing tools and processes. They must be able to seek new ways to approach challenges, whether it’s assuming the attacker’s point of view or discovering new vulnerabilities.
To gauge whether a candidate possesses lateral thinking skills, the interviewer should focus on situational questions demonstrating how they used different resources to overcome a challenge. I often ask, “Tell me about a time when you faced significant ambiguity or limited information and had to take action.”
2. Persistence
Cybersecurity is not a static learning career — security threats are dynamic and changing day by day. A successful practitioner should show determination in their learning and execution. While ransomware has existed for decades, other risks, such as AI-powered attacks and third-party data breaches, have emerged in recent years. And with threats becoming more dynamic and damaging, companies face more significant consequences for even the most minor lapse in security. Security practitioners must demonstrate their ability to navigate new industry guidance, security and privacy legislation, as well as the escalation of attacks. Candidates should demonstrate how persistence and determination help them overcome even the most complex cybersecurity challenges.
It’s essential to look for a résumé highlighting professional development throughout the candidate’s career, as this shows their persistence and determination. CISOs should ask interview questions that demonstrate how a candidate addresses a challenge, such as, “Tell me about a time you failed. What did you do about it?” These questions can give the hiring team a good understanding of whether the candidate is a quick learner and how they respond to adversity.
3. Communication
Read more about cybersecurity startups
- Connecting the dots on diversity in cybersecurity recruitment
- 5 ways to attract top cybersecurity talent in a tight labor market
- https://techcrunch.com/2023/05/14/an-open-letter-to-tech-workers-about-careers-in-public-service/
- Cybersecurity could offer a way for underrepresented groups to break into tech
- Addressing the cybersecurity skills gap through neurodiversity
- https://techcrunch.com/2019/01/27/too-few-cybersecurity-professionals-is-a-gigantic-problem-for-2019/
Cybersecurity is not a one-person sport. It’s a team effort that requires ongoing collaboration and information sharing. As security professionals, we sometimes need to realize how easy it is to get lost in the jargon of technical concepts. We constantly communicate with nontechnical stakeholders — executives, customers, and employees — who aren’t as keen on convoluted security terms. The ideal cybersecurity candidate will know how to frame different concepts clearly and concisely, breaking them down and offering analogies wherever possible.
A good indicator of effective communication skills on a résumé would be evidence of cross-functional responsibilities with past roles. An example question I might ask in an interview to gauge this would be, “In as much detail as you can, tell me everything that happens when you type www.cnn.com into a web browser and hit enter.” Such a question would show me firsthand how the candidate would respond if a nontechnical executive were to ask the question.
The No. 1 mistake cybersecurity candidates can make
It’s often apparent when a cybersecurity candidate is chasing the dollar and not considering their commitment to the position or demonstrating a passion for the specific domain in which they work. The high pressure and demands of cybersecurity roles can lead to burnout, and a passionless role can seriously affect mental health. Sixty-six percent of security leaders report experiencing high levels of stress at work. While generative AI can help relieve some of the pressure, it is crucial to find a role that you are passionate about to avoid burnout.
Identifying whether a candidate is money-motivated is difficult, but a fair warning would be “job hopping.” Hiring teams should be aware of frequent job changes, especially if they do not indicate career progression. I once hired a candidate for a highly compensated incident response position, which is often fast-paced and high stress. My team and I explained the nature of the work and its pace to the candidate. While highly competent, he was unmotivated and not eager to stretch himself. As a result, we had to let him go.
Acing your cybersecurity interview
Generative AI is a valuable resource in the cybersecurity industry, but we must consider it an accessory rather than the silver bullet for combating cybercrime. Cybersecurity professionals must be able to think strategically, stay determined, and know how to communicate convoluted concepts — qualities that cannot be replaced with technology. By demonstrating these skills in their résumés and interviews, candidates will be one step closer to securing their next cybersecurity role.