CDSA

Since its inception, Edgescan has been acutely aware of the under-representation of certain demographics in the security industry.

It is no secret that this is a sector that is overwhelmingly white and male, and this is a problem not only from an ethical perspective, but something that could actually be damaging to our collective goal of keeping organizations secure.

At Edgescan, we do not have a HR department, so it sits with each department to do its own hiring. A team of four people are consistently involved in the hiring process, and are in charge of ensuring that a new hire is made based on merit and on a person’s fit with the company’s values.

This has organically encouraged the diversification of our teams, along with our commitment to further attracting talent that doesn’t necessarily fit the average idea of an IT security analyst.

The first phase of the hiring process at Edgescan involves the entire team: everyone is invited to take a look at the pile of curriculum vitaes (CVs) and make a pick — no criteria at this stage: if just one person sees something in someone’s previous experience, the per-son automatically moves to the next stage.

There is no preferred college or entry route into a position in our teams; college education is not even a required criterion in our job adverts. Experience has taught us that great security professionals come from all walks of life, and an unconventional background is often an advantage rather than a hindrance.

Previous experience in any industry can be as beneficial as a college education in IT, as long as the candidate can show on their CV that they understand the basics.

The rest comes with training: we pride ourselves of providing a solid onboarding process and to invest in the education and professional development of candidates.The interview process involves two people, who will be picked from the hiring team. We tend to rotate each time, so that there is continuity in the assessment of each candidate.

The questions we ask follow a general template, but they won’t be exactly the same every time. The technical aspect is consistent so as to give the hiring team an idea of each candidate’s competencies and to streamline the comparison of each applicant’s performance.

We also use a scoring system which is based on a number of headings from “General IT Ability” to “Company Culture,” and the interviewers will need to cover each of these during the interview to guarantee fairness.

In terms of our efforts to make cybersecurity an accessible profession to everyone, we are proud to encourage and support our employees in their efforts to offer mentoring and guidance to students, whether at university studying computer science or in high school, considering higher education.

While the hiring process is important, engaging candidates who might otherwise not see themselves taking on this career path is an important component of widening the pool of candidates.

DIVERSITY IS MISSION CRITICAL

In 2020, Emma Heffernan, one of our security analysts, was involved in the Lost Summer Project, which was created to mitigate the disadvantage of all the intern-ship placements that were lost due to the coronavirus pandemic.

This year, James Mullen, security consultant at Edgescan, hosted a guest lecture at Technological University Dublin, which was aimed at presenting cybersecurity as a possible career path to computer science students.

Ultimately, cyber attackers are endlessly resourceful, and while they only need to be right once, security professionals need to be one step ahead and cannot afford a mistake.

This means that, to stay ahead, we need to invest in the breadth of points of view, the creativity and the lateral thinking that only a diverse team can provide.

Teams made up of people with similar backgrounds will end up being prone to the same blind spots.

Attackers primarily target people (phishing attacks remain the most popular entry point for security compromises), which is why, to protect against these attacks, understanding the people that are being attacked is paramount, and this can only be done effectively if the team protecting the workforce is reflective of the wider workforce.

Diversifying security is not only ethical, but truly mission critical.

* By Ciaran Byrne, Head of Platform Operations, Edgescan

=============================================

Click here to download the complete .PDF version of this article
Click here to download the entire Spring 2021 M&E Journal