Human-Centered Security: People at the Core of Cybersecurity

Peter, you describe yourself as a "matchmaker" and have been working internationally in this field for over 20 years. What is the key to successful matchmaking, especially in the cybersecurity industry?

I'd like to start by talking about the initial situation on the job market in the field of information security: The candidate market, especially in the area of information security, is hotly contested - everywhere you read and hear about the alleged WAR FOR TALENTS. Well educated candidates with relevant practical experience have the choice and quickly find a commitment. If you want to win them, you should contact them early, get to know them and cultivate them - well before a vacancy arises. That's why we prefer to talk about KNOW YOUR TALENTS instead of WAR FOR TALENTS. And quite honestly: We don't feel the "war" out there in the market if we follow on a daily basis how candidates are dealt with in terms of feedback behavior, duration of recruitment processes and behavior in the recruitment process.

Successful matchmaking basically requires three elements:

1. Specific expertise in the field of information security We get this through daily expert discussions, articles on information security that we write with insiders, and from our Swiss Cyber Circle Community, where we meet with CISOs 8 times a year and exchange ideas on the topic of human-centered security in a workshop setting. These elements form the basis for us to understand what is at stake and thus connect information security experts with potential employers..

2. The pursuit of our KNOW YOUR TALENTS approach Practice what you preach. What we recommend to employers in terms of vital relationship management we live every day ourselves and build up new contacts to relevant experts again and again, which we then sometimes maintain for years until a placement is made. Ideally, this leads to the fact that in some cases, we can fill a vacancy within 2-4 weeks. A time to hire that is very rare in the hotly contested candidate market.

3. Systematic and targeted approach combined with established processes Relationship management is all well and good, but it's only really effective if you organize your processes in such a way that you're continuously on the ball, so you're there when the time is right.

With cyberunity you created a cyber security career community and in parallel with 2 partners you built the Swiss Cyber Circle Community, which focuses on human-centered security. Can you tell us more about why the human aspect is so important in cyber security?

People are the source of security and at the same time they are the source of vulnerabilities. In this sense, security is a 'people business', a social business. In fact, studies have shown that 99% of data security breaches are due to human vulnerabilities. If companies want to establish and bring to life integral corporate security, then the active involvement of employees is required. This is easier said than done. Therefore, firstly, the understanding and the will to establish an integral security approach is needed, and secondly, leaders who anchor the topic in the company within the framework of well thought-out awareness activities. This means interacting with people in a way that is easy to understand, rather than simply introducing rules and regulations and working with fear appeals that scare employees away. Turning those affected into participants is part of the solution.

Your company emphasizes the concept of "vital candidate relationship management." How does this differ from traditional recruiting approaches, and why is this approach particularly important in today's talent landscape?

In the first question, I addressed the hotly contested candidate market in information security - i.e., our talent landscape is very limited as demand increases. Traditionally, companies don't start contacting tomorrow's top performers until they want to fill a vacancy. Or rather, there is no question of actively contacting them - many place an ad and hope that everything will work out.

So where is the difference - what is the "big" secret? The solution is so close and yet so far away. It's living relationships that need to be built and nurtured long before a potential hire. In candidate and customer acquisition, it's like love - smart relationship building, even if it's just small tokens of appreciation, is the key to success. If you only start contacting potential candidates when you want to hire them (which is still often the case in practice), it would be like a sales specialist only starting to acquire customers when his company urgently needs the sales. Would the sales manager or the CEO accept that?

Part of the solution therefore lies in vital candidate relationship management. Just as in sales, this requires smart relationship managers who work systematically and specifically on talent acquisition every day. If companies do not want to do this on their own, there are solutions - external relationship managers who specialize in candidate cultivation in the area of cyber security.

cyberunity is the official career partner of GOHack23. What motivated you to support this cybersecurity event?

At GOHack23, cybersecurity experts, ethical hackers, and emerging talents will come together. Naturally, we want to make our presence felt and draw attention to how important it is to connect early with the talents of tomorrow and to present our KNOW YOUR TALENTS approach. In addition, we will share our experiences from our daily business with cyber experts and potential employers during a presentation. We'll discuss which positions are currently and will be in demand in the job market, which educations and certifications are desired, and what are the most common reasons for rejection after an interview. Moreover, we look forward to learning new things and are excited about the prospect of engaging in lively exchanges.