Often security roles are filled by staff that are in the right place at the wrong time. Although this may address short-term compliance obligations, it ultimately undermines organisational security. What, then, should you look for when hiring security staff?
There are three things that should be considered when selecting staff to fill security positions: appropriate temperament, applicable skills and an understanding of the business. Every security role will require a different blend of these capabilities; however, each is always going to be important.
The temperament or cultural fit you are looking for in your security staff is the ability to keep an open mind and think outside the box. You want a team that can deal with constantly changing threats and organisational priorities, growing with the organisation rather than attempting to prevent change, in the name of security.
Security sits on top of other disciplines, so your team also needs an appropriate skills base to build your organisation’s security capability on. Key skills you should look for are: business acumen and an understanding of the organisation; information management skills; technology skills; and experience with human resource management and training. This blend will help balance your security program across the critical areas of physical, personnel, information and technology security, reducing the likelihood of significant vulnerabilities being overlooked.
An understanding of the organisation and its business is essential as security staff move into more senior roles. The ability to evaluate threats in terms of their potential business impact rather than their impact on a specific technology or system changes the way the security program is run. You want your security group to be focused on business success rather than security compliance alone.
Finding the right blend of staff is difficult; however, planning to fill security roles from the top down with the right people will ensure you end up with a functional group that supports your business. Where roles cannot be filled economically from within your organisation, it’s best to turn to specialists who can support you. Verisade provides security services to Australian businesses, with capabilities ranging from managerial through to technical, with a focus on finding the best solution for your business—rather than just saying no.