What if every candidate interviewed was tested on their cybersecurity competency? How would that affect hiring and how would that affect your company’s security?



Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Greg van der Gaast, head of information security, University of Salford.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identify accounts at risk and mitigate unauthorized access. Learn more about Enzoic.

On this episode of Defense in Depth, you’ll learn:

  • For all candidates, whether in cybersecurity or not, gauge their current level of cybersecurity awareness.
  • There was a time we put knowledge of Microsoft Word and Excel on our resumes. Now you never see it because it’s common knowledge. Security knowledge is not common. At this stage it would be seen as a valuable bonus to have it on your resume.
  • There are always small things that hiring managers look for to tip the scales in a candidates favor. Cybersecurity skills should be one of them.
  • For candidates who would have the most to gain from cybersecurity awareness, bring in the CISO to ask one or two questions during the hiring process.
  • Different departments bounce candidates off each other even if they’re not going to be working in a specific department. They want to know how well a person will or won’t interface with your department.
  • There’s a strong fear that adding cybersecurity into the hiring criteria will greatly slow down the hiring process which could damage business productivity.
  • There was much debate around seemingly great candidates, such as an accountant with 20 years of experience, who fails miserably on cyber awareness. Would that raise a red flag?

Creative Commons photo attribution to Cal OES.