Sign up
Sign up
As we’ve explored before, most hiring processes are not well designed. They tend to be ad hoc and reactive in nature. This is despite the fact that most people will tell you that ‘building a great team’ is a top priority.
At the end of the day, cybersecurity or not, we all want to build a team of people that will do incredible work, and do so the right way. We hope that they will fit in and contribute to the type of culture that you want, and that they will stick around for a good amount of time. You want to be able to attract incredible people, have an efficient hiring process that doesn’t waste a lot of time, and, most importantly, have a process that is predictive of future performance.
Today, we’ll walk through a straightforward process for doing so. This may all seem pretty obvious- no blinding insights here. But I have consulted for and been a part of many dozens of companies throughout my career. I’ve only encountered two that really did this, and did it well (if you are curious, they were BCG and Danaher).
Here’s the process:
Don’t think of the job description as a necessary evil or a task, think of it as an opportunity to clarify your thinking around what is needed to be successful. Focus on skills, not experience (after all, with experience you are really using it as a proxy for a skill).
Define no more than 5 must have skills, and no more than 5 nice to have skills. These will be your guiding lights for the hire.
This is where some creativity will come into play.
You have multiple tools at your disposal:
For high volume roles, consider purchasing or building assessments particular to the skills most necessary for success. These types of assessments are extremely common in fields like software engineering, where a large portion of the skillset is testable.
In security, there aren’t many standardized assessments, but there are plenty of platforms that have knowledge tests around particular security domains and things like capture the flag competitions.
In addition to testing the hard skills, you should also strongly consider a generalized cognitive horsepower assessment (intelligence is the top predictor of success in most jobs), and personality/ motivators assessments to gauge fit.
Define the particular steps in the process. Consider what comes first (things that are likely to weed the most candidates out).
For roles with a reasonable hiring frequency, this process should be standardized and repeatable, and generally you want to be able to have different people run the same process and get the same result.
Assessments help for this.
For interviews, define the questions in advance. You may even want to distinguish between strong answers, satisfactory answers, and weak answers.
Use all of this to rank against your critical skills (strong/ satisfactory/ weak), so that you can do an apples to apples comparison.
One note: in addition to assessing for skills (desirable characteristics), you want to make sure you also build screens for undesirable characteristics. Think through what the biggest derailers could be, and don’t hire a person- even if they score well on all the right skills- if they are going to be detrimental to your culture.
Here's a simple way to think about this, like an equation:
You want to maximize Hi, and minimize Hf.
Everyone is a hire at some point so it may be tempting to think of this as simply the distribution from performance management reviews- however there are a couple meaningful differences:
You should measure Hi, Hm, and Hf, and set targets for them. These targets should be aligned to your compensation philosophy. Obviously, paying well aligns with a strategy of having a high Hi. It’s necessary, but not sufficient.
If you don’t learn, you are doomed to repeat your mistakes. Dig into the root cause on bad hires.
Narrow down what you need to fix:
Doing this requires discipline, and a collaboration between HR and the business that few companies actually have. But it pays huge dividends over the medium to long term.
1) Be transparent about the good and the bad
2) Have pay in bounds of your expected results
3) Consider the hiring process as a 2 way exchange (you are both interviewing)
4) Recognize the virtue loop of hires and culture