Information security and privacy specialists: is there a skills shortage or is it a case of employers’ short-sightedness?

Information security and privacy specialists: is there a skills shortage or is it a case of employers’ short-sightedness?

Our Managing Director, Sam Blake, recently caught up with Gian Piero Zambrini who is an experienced technology and independent Data Protection and GDPR consultant with experience of operating across a range of sectors. Gian gave his insight on whether there is a skills shortage or is it a case of employers’ short-sightedness?

“Over the years I appointed and led technical resources, project managers, business and support analysts in various teams as a “hiring manager”. It soon became apparent that preliminary selection on fixed criteria such as sector-specific experience, degrees from prestigious universities (or just degrees) and “years of experience” did not necessarily help me to find the resources needed: by focusing on the above criteria I’d miss “pools” one could otherwise successfully source from.

My approach to date has been partly to “hire for attitude”:  I consider broader attributes of a candidate such as performance potential, intellectual and emotional acumen, integrity, adaptability, lateral thinking and how an individual would fit in the existing team and the organisational culture. Of course, technical skills and/or potential for learning new ones need validation and such assessment forms part of the selection stage. Interviews need to be structured, with questions scored within a pre-defined scale.

This is why it is sometimes baffling to witness organisations lamenting the shortage of information security and privacy specialists: the skillset inherent to these professions tend to be transferable across sectors and, in many cases, not dependent on the experience of a specific business vertical. Yet, if we look at the “essential” criteria being applied, we come across “ x years of experience in this sector”, “relevant degree” etc.

Eleanor Dallaway, editor of Infosecurity magazine, discusses it in greater depth in this compelling article: https://www.infosecurity-magazine.com/editorial/editorial-q2-2017-hand-of-fate/