Knowing that there is a dearth of experienced cyber security engineers, analysts and practitioners to recruit and hire, many organizations are choosing to transfer and promote from within and hire less experienced folks that show great potential to grow in to the role. This is a strategy that has payed off for many, but in order to be successful, you need to be willing to invest in those individuals you are bringing in. You won’t be helping yourselves or them by hiring them and leaving it up to them to figure out how to be successful.
So what should you do? First, make sure you have the budget appetite to pay for training. That should go without saying. But at least as important, make sure each of them has a mentor they can learn from. If you don’t have a mentor in your organization that has the right skill set, partner with other organizations in your network or be willing to bring in that expertise on a consulting or temporary basis. You might be concerned that all of this investment may be for naught if those individuals choose to leave and take a better offer. That’s always a possibility no matter if you make the investment or not. But if you invest in your people, and provide a nurturing and interesting work environment where they continue to be challenged, they will more than likely want to stay.