A skills shortage has cybersecurity experts in high demand on Wall Street as firms boost their game to lure top talent. But how should firms go about recruiting the right personnel to match their needs?
A panel of experts at the recent SmartBrief Cybersecurity Forum weighed in on what they are doing to identify and recruit cyber warriors. As George Rettas from Citigroup noted, recent headlines have made an already competitive landscape even tougher as Wall Street, which is already used to competing with companies from other areas of critical infrastructure, must now compete with non-critical infrastructure companies desperate to avoid headline risk.
“It’s people like Sony, who are in the entertainment business,” Rettas explained. “They’re not even critical infrastructure. Now they are hiring the best cybersecurity professionals in the world.”
The conversation also touched on how to organize the upper echelons of cybersecurity teams. With CTOs, CIOs, CISOs, etc … who should report to whom? Opinions on the panel differed as Al Berg, chief security and risk officer for Liquidnet, said security executives should not report directly to the CIO. Berg believes there should be room for “healthy tension” between the two positions because some of the recommendations the security team might make could make the CIO “uncomfortable.”
Meanwhile, International Securities Exchange CTO and CISO Robert Cornish pointed out some of the advantages of having the two positions connected via the chain of command. “One advantage … is being aware of every change that happening in your environment from a technology perspective. … I’ve seen in the past where security ends up being the last to know that some new product system was installed onto the network.”