Business Analytics and Information Systems, Faculty
The Harbert College is dedicated to attracting, developing, supporting, and retaining exceptional faculty whose research extends business thought and shapes best practice.
A recent article in the Wall Street Journal revealed that nearly 3.1 million professionals “are needed to bridge the cybersecurity talent gap.”
Casey Cegielski, an expert in cybersecurity and Professor in the Department of Systems and Technology in the Harbert College, believes firms – and HR managers -- should consider putting a greater emphasis on fundamentals and tempering requirements.
Dr. Casey Cegielski, Professor in Harbert College's Department of Systems and Technology. |
“There’s a misalignment between expectations and the production processes. There needs to be a little bit of a recalibration,” said Cegielski, who developed the nation’s first interdisciplinary cybersecurity and information assurance program in a college of business.
“I don’t think you need to look for the person who checks all of the technical boxes for you right away. Look for the person who can grow into the position and learn what you need them to learn tomorrow. You don’t want to hire the guy who solves these problems right now because you’re not requiring that person at your price point – and you’re not going to find that person in all practicality who is going to take the entry-level job."
Cegielski, who has authored more than 60 research articles in peer-reviewed journals, noted that managers in the cyber space are often wrapped up in searching for candidates who can effectively navigate multiple cyber and business disciplines, including compliance, quality assurance, patch management, and code review, for example.
“Managers often try to hire the unicorn (the perfect candidate for the perfect salary) as opposed to the person you actually need,” Cegielski said. “Too many firms are consumed with looking for somebody who checks every box as opposed to someone who checks some of the boxes most important to your organization.
“Most people aren’t going to have all of the bases covered. What results is an interview process by exclusion, not inclusion. ‘This guy doesn’t have this, throw him out.’ Or, ‘this guy doesn’t have that, throw him out.’ At the end of the day, you’re left with marginal candidates because you threw out of lot of really competent people because they didn’t check enough minutiae in your laundry list of things.”
“The reality of it is – concentrate on the things that matter fundamentally to your organization. If you have great needs working on penetration testing, then stay with that. Leave all of the other certifications and skills out of the job. If you need somebody in your organization who understands compliance for systems and organizational control reporting – then concentrate on finding that candidate. Leave all of the other nonsense out because you’ve just hit the one fundamental area that’s critical to your organization. Get the one big stone in your jar before you start trying to put the pebbles around it.”