Hiring security professionals has taken a new turn today, compared to the pre-pandemic era. The IT organization is reassessing its workforce and making certain internal structuring changes.
Studies show that there is a global requirement for 3.5 million security professionals. And with the growing number and sophistication of threats, organizations are hiring aggressively once again. Yet CISOs face multiple challenges as there are many candidates applying for open positions. Finding the right person with the right skills takes much effort and some time. It is also harder to train people on soft skills and core competencies. But what are the skills and qualities that CISOs look for?
Brian Pereira, Editor-in-Chief, CISO MAG, spoke to Jason Lee, Chief Information Security Officer at Zoom, to understand his hiring challenges. Lee informed us that he expects continual hiring at his company this year and revealed the type of skills and the people he is looking for.
So, what would it take to ace the interview and get into Zoom? Lee tells us in this interview story.
Zoom as a company has benefitted hugely in the past year, with remote workers depending heavily on this video collaboration tool.
Lee has 20 years of experience in technology, with a specialization in information security and operating mission-critical services. He was recently the Senior Vice President of Security Operations at Salesforce, where he was accountable for the global organization delivering critical end-to-end security operations to customers and employees including company-wide network and system security, incident response, threat intel, data protection, vulnerability management, intrusion detection, identity and access management, and the offensive security team.
Prior to Salesforce, he held the position of Principal Director of Security Engineering for the Windows and Devices division at Microsoft with the charter of protecting the online services of Windows Update, XBOX Live, and the Microsoft online store. He was also the Senior Director of Developer Services, where he was responsible for the design and management of the missioncritical PKI for all products across Microsoft. This included cryptographic services in products such as Windows and SQL Server and cloud services such as Azure and Office 365. Additionally, Lee was responsible for the codesigning and anti-malware services supporting Microsoft in that role.
Edited excerpts of the interview follow:
What are the current hiring trends in the industry and within your own organization?
SolarWinds is in the news now, especially in the U.S. So, I think there is a lot of investment going into hiring. I’ve spoken with a lot of CISOs and there is a considerable amount of hiring going on. We are absolutely expanding our security program here at Zoom.
During the pandemic, it has been much more difficult to hire. There is a lot of competition for cybersecurity experience. But one of the things that have made it easier for a lot of companies, including us, is the opportunity to offer remote positions, where you can work from anywhere in the world. You have to sell somebody on the ability to work remotely, and the ability to work on high-impact work.
It is important to note how companies are going after the same resources as you are, and what you would do to give yourself an edge, in terms of hiring.
What are your approaches to hiring talent? What channels do you use?
We leverage LinkedIn quite a bit and we do look for folks that are already working at other companies, and look for top talent anywhere in the world, at any company.
According to an industry survey, there are 3.5 million security positions open. There is definitely a shortage of cybersecurity professionals.
Absolutely. It is about how do we prepare people out of college and universities for these types of jobs, and this is critical; building stronger information assurance and information security degrees helps considerably. We are just adding more open positions to that 3.5 million. It is difficult to find and recruit the right people when there are so many positions open out there.
In other words, to get more people interested in cybersecurity, the training should go down to K-12 and secondary school?
I believe so because it is such a strong career path. The sooner you can expose people to that and get them excited about that career path, the better.
As a security leader in your organization, what are the top three qualities you look for when hiring for cybersecurity roles?
I focus on soft skills and I look for somebody who has good problem-solving abilities. Somebody who is a team player, with good communication skills, and who can handle the technical side of it. It is harder to train somebody on those core competencies of working well in teams and problem-solving — than it is to teach someone how to manage a firewall or intrusion detection. There is great technical training out there for that…To read the full interview, subscribe to CISO MAG.
This interview first appeared in the May 2021 issue of CISO MAG.
About the Interviewer
Brian Pereirais the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).