The costs of cyber-attacks to organizations are staggering:
- Target entered into an $18.5 million settlement with 47 states
- Sony paid $15 million in investigation and remediation
- 60% of small companies go out of business within 6 months of an attack
What’s more unsettling is that successful attacks are becoming increasingly common. Think about it: an organization has to prevent every attack from every source, yet attackers only have to find an opening one time to succeed in the cyber-attack. The odds are not in organizations’ favor.
What can organizations do to protect themselves despite these challenges?
While technology and security advances are important for building cyber defenses at an organizational and national level, a secure network is also a result of the people who protect it: cyber security personnel.
Unfortunately, selecting and training personnel isn’t easy. In fact, Symantec predicts that by 2019 there will be 1.5 million unfulfilled cyber security jobs worldwide. Beginning to fill that gap depends on organizations knowing who can be effective in this role.
Who do we need to look for to fill these roles?
In order to understand how to best select and train these individuals, we have modeled their necessary characteristics in much the same way we do their job responsibilities: as complex, dynamic systems. This opens up the possibility of closing the labor gap by identifying those people who have the raw ingredients to be a top performer.
The Multistage Model of Cyber Security Personnel Attributes (shown below) visualizes the complex combination of characteristics needed for cyber personnel success.
This model captures several implications for Talent personnel. Specifically, we need to:
- Assess a combination of cognitive, personality, and motivation related characteristics rather than focusing on one or two characteristics
- Consider both distal characteristics (e.g. cognitive ability, personality) needed at the time of selection, and more proximal characteristics (e.g. social skills, technical knowledge) that can grow through training initiatives
How do we assess these to find those with cyber aptitude?
A comprehensive cyber security selection system will provide information from:
- Cognitive Tests – general cognitive ability, logical reasoning, working memory
- Personality Tests – drive, structure, flexibility, and mastery
- Technical Knowledge Tests – Capturing specific technical areas (e.g. programming, understanding network infrastructures)
- Social Skills Simulation – communication, interpersonal skills assessed in a high-fidelity environment
Aon’s suite of psychometric assessments and custom simulation challenges can be combined to create an overall seamless, engaging, and in-depth assessment of critical cyber security personnel attributes. A complete candidate experience that measures these multiple attributes provides organizations the opportunity to identify those with the aptitude to become top cyber security personnel.
Interested in learning more? Check out the white paper, Requisite Attributes and Selection for Cyber Security Personnel.