A need for fully skilled, experienced professionals is causing headaches when hiring in information security.
Speaking to IT Security Guru, Christian Toon, head of information risk for Europe at Iron Mountain, said that a current recruitment drive has shown that there is a need for full skillsets and “a security all rounder”.
He said: “We do need someone with computer skills and defined ideas, but we need more. It is about being personable but be able to expand into forensic investigations. An employee needs to look at the shift of the security strategy from the defence of the perimeter to securing of information, and focus on what is happening rather than attacks.
“It is less about one thing like forensic skills; while it is important to focus on the factors of a breach, it is important to understand what happened. There is a lot more to be said on experience as while the CISM is great and there are qualifications in the industry, it is about experience and organisations want both and there is a disconnect.”
Commenting, Sue Milton, immediate past president of ISACA London, said that employers are asking for more from their staff, and are looking for an academic and professional track record as well as the experience that underpins and leads the application of those.
She said: “Employers are looking for a proven benchmark so they know if you have professional qualification X and academic qualification Y, together they know what the lowest common denominator is of their employees.
“Employers are now looking for people with good inter-personal, management skills. The ability to understand the technical stuff but also have the ability to manage teams, manage circumstances and be able to promote the adequate security within a business environment.”