We were invited at EVANTA recently and discussed the recurring issue of talent acquisition and skills shortage. One recurring issue faced by CISOs is how to acquire talented people in information security.

To put it bluntly, we believe in recruiting and training talents out of the box and based on real skills rather than relying solely on certifications. We also recruit and train skilled individuals in several African and southern Asian countries as well as South America. This has largely contributed to our success throughout the years thanks to the incredibly rich perspectives and skillsets it provided us with. Now we are able to support any part of the world with full understanding of compliance and a network of supportive, talented individuals who despite the distance, interact much like a huge family.

We are also very proud of this as it helps us constantly support our team members in their personal and professional growth to deliver value to our clients. This human aspect is much more important than certifications which might some weird to some. Yeas we all went the certificate route and within our team we even have collected thousands of the best certifications all staff included essentially because customers see it as a prerequisite to establish trust.

This view is reasonable from a non-security specialist, but we, in the industry should know better.

First and foremost, certifications are not a true measure of a person’s abilities in cybersecurity. Anyone can study for and obtain a certification, but that does not necessarily mean they have the practical skills and knowledge to handle real-world cybersecurity threats. Haven’t we all been in that awkward situation where a fully certified team found itself unable to take appropriate measures in a situation that, looking back, ws much simpler than they perceived it ?

On the other hand, recruiting and training individuals based on their natural abilities and real-world skills allows us to identify and nurture truly talented individuals who can excel in the field of cybersecurity.

Furthermore, it is important to note that hackers themselves do not need any formal certification or learning path to be successful. In fact, some of the most notorious hackers are self-taught and operate outside of traditional education systems.

Therefore, it is crucial for us to seek out and develop individuals with a natural aptitude for cybersecurity, rather than simply relying on certifications as a measure of their abilities.

By recruiting and training talents out of the box and based on real skills, we are able to build a team of experts who are equipped to tackle even the most sophisticated cyber threats