Building your IT security team, Finding Right People

Good help is hard to find, and in the world of IT security, there's little question that finding the right people to defend your operations and corporate reputation is a cornerstone to achieving success.

Getting the necessary mix of security professionals together and finding the right way to keep them onboard and focused on your organizations' top priorities is no easy task, experts said, and demands year-round attention.

Speaking at the ongoing CSO Perspectives conference in Atlanta, leading security executives outlined their process for hiring, promoting, and training employees to maintain a desired level of corporate protection.

To find the type people that you really want on your security workforce, one of the first things to remember is that a pile of certifications isn't necessarily as important as finding employees who will best fit in with your organizational culture, said Lynda Fleury, chief information security officer at Unum, a provider of corporate benefits programs.

"To me, attitude has more weight than skill. You can train people on security, network administration, and monitoring; expertise and knowledge is important, but a winning attitude and the ability to gel with staff and your corporate culture are key," Fleury said. "You want people who speak about 'we', not 'I', because in my experience there is never a single hero in IT security. If something is wrong, there is more than one person to blame, and no one individual is responsible for the team's success."

In addition to making sure that candidates are truthful in representing their skills by putting potential new hires through batteries of mock tests and running all the necessary background checks, once you've decided to bring someone onboard, it's also vital to first introduce them to line of business workers with whom they might interact.

One of Fleury's larger keys to success is aligning her team with over-arching business objectives and getting people involved in company efforts that will impact IT security as early as possible, she said.