Hackers Wanted (Must Be Willing to Work at Bank)
It’s hard finding a good hacker these days — a hacker to work for banks, that is.
Even though cybersecurity jobs can offer six-figure salaries, generous signing bonuses and other perks, banks are struggling to find people to hire.
Part of it is perception — banks don’t seem nearly as cool as all of the other industries that are just as aggressively targeting the same talent pool.
But another — and more serious — factor is that the demand for cybersecurity experts is vastly outstripping supply. The digital security firm Symantec estimates there are 500,000 to 1 million open cybersecurity jobs across the nation that cannot be filled due to a shortage of skilled candidates. By 2020, Symantec expects that number to increase to 1.5 million.
Gary Warzala, chief information security officer at PNC Bank, describes the cyber workforce as experiencing negative unemployment. “Clearly, the demand for talented people has never been greater,” he said.
The stakes could not be higher for banks, which are expected to have fortresslike protection. Indeed, 77% of the 161 directors and senior executives who participated in Bank Director’s 2016 risk practices survey ranked cybersecurity as their top concern.
Industry insiders and experts say the usual recruiting tactics — such as attending college career fairs — aren’t enough in this market. So banks are getting more creative with their efforts to lure cyber talent.
“You really have to get in front of the people doing security,” said Jeff Combs, founder of J. Combs Search Advisors, which specializes in information security recruitment.
That’s what PNC’s Warzala has been doing. He serves as a board member of the Economic Crime & Cybersecurity Institute of Utica College. He also speaks at security events like the CISO Executive Summit and has participated in cybersecurity contests.
Some banks are hosting coding events, allowing college interns to work remotely during the school year, and demoing security hacks to teens. They also are sending their senior executives to mingle at ethical hacking competitions and global information events like Black Hat.
These bankers, so often decked out in suits, are noticeably dressed down for such occasions, the better to connect with the young people they are seeking to hire. Jamie Dimon, chairman and chief executive of JPMorgan Chase, wore a tracksuit to one of these events a few years ago.
Eastern Bank began working with Northeastern University of College of Computer and Information Science about a year and a half ago to help its recruitment efforts, according to Ive Gonzalez, the bank’s vice president of talent acquisition and inclusion director. The $9.9 billion-asset Eastern also has joined security LinkedIn groups, among other things, to find candidates.
Later this year, Gonzalez plans to host a meetup in the bank’s innovation lab to demo technology and to debunk the idea that banking is dull.
“It’s about pipelining,” she said.
While the youth focus is essential in recruiting for these roles, those working in the field are more diverse than the cybersecurity stereotype of young men in hoodies.
“Don’t get me wrong, we have those people and we need them,” said Ash Khan, head of information security for Citi’s Global Consumer Banking division.
But Khan also needs people who can easily explain risks to senior executives, among other competencies. “Cybersecurity is a very broad discipline,” he said.
Cyber want-ads reflect that. They are seeking everyone from individuals with process engineering skills to those with an aptitude for teaching. One of the most-sought after traits is an analytical mindset.
At least some of the factors limiting banks are of their own doing — like getting hung up on whether a candidate has a college degree rather than focusing on whether they have the skills to excel in the job. “To find the best people, you have to be willing to hire those without degrees,” Combs said.
When a software-as-a-service company sought to hire someone to uncover its security weaknesses, it found a strong candidate banks may have overlooked: a 21-year-old without a college degree.
“They recognized his value,” said Mark Aiello, president of Cyber 360, a cybersecurity staffing firm hired by the SaaS company.
Despite the lack of a degree, the company offered around $150,000 a year with a $40,000 signing bonus. “It’s a seller market, not a buyer’s market,” Aiello said.
Drug screens are another potential hiring limitation for what is known as one of the most conservative industries.
Aiello said that, in states where marijuana is legal, drug testing could cause recruiting setbacks. “With pot becoming legal in some many states, it can get in the way of hiring ethical hackers that may enjoy recreational substance on weekends but are still very talented at what they do.”
Even the government has run into this challenge. FBI Director James Comey caused a media frenzy in 2014, when he said the bureau couldn’t staff enough hackers because too many failed its drug test.
Additionally, recruiters say banks should strengthen their pipeline of potential candidates by backing initiatives that support women as well as veterans.
Dakota State University runs cybersecurity camps — sponsored this year by Citibank and First Bank and Trust — for female middle school and high school students.
Source | AmericanBanker