When filling out cybersecurity teams, character, passion and diversity top experience, and hiring a technologist who thinks outside the box could be a better move than opting for a government security veteran.
About a decade ago I was sitting in a large auditorium listening to valedictorian speeches at my daughter’s high school graduation ceremony. Most of the five-minute speeches seemed too long, with predictable thank-yous to parents and teachers, hopes and dreams, future service, etc.
But one bright young lady shocked everyone. “I’ve examined my options … visited colleges … taken my parents’ money … and have decided to buy a ship. I plan to live life as a pirate!” she declared.
Her passionate appeal to her classmates was to break the rules. Go the wrong way on one-way streets. Don’t just reach for the stars — explore the universe. Live free or die. Don’t let others define you. Follow your heart.
She received the only standing ovation.
But as a former National Security Agency employee, images of traitors and espionage filled my brain. I thought, “Hazards ahead!”
Nevertheless, a few years later, I realized that this 17-year-old was tapping into something important. I read in What Would Steve Jobs Do? by Peter Sander that Jobs once proclaimed, “It’s more fun to be a pirate than to join the Navy.”
So why did Jobs seek to hire pirates?
“A pirate can function without a bureaucracy,” Sander writes. “Pirates support one another and support their leader in the accomplishment of a goal. A pirate can stay creative and on task in a difficult or hostile environment. A pirate can act independently and take intelligent risks, but always within the scope of the greater vision and the needs of the greater team.”
I’ve often heard similar statements made about “black hat” hackers. The desire is to hire people with an outside-the-box mentality. The sentiment is that hackers who like to break things, who steal things, also find new ways of accomplishing things. Hackers are professionally curious, and never say never. Talented hackers who understand the dark web and think like criminals are needed to stop the bad guys.
Which brings us to the elephant in the room with hiring pirates — and black hat hackers. Namely, their activities are generally illegal. They do not follow society’s rules. Taken to the extreme, pirates and black hats might not even show up at the office at all.
But this leaves us with other questions like, how far do you let the pirates/hackers go? Could their illegal actions tarnish organizational reputations, lead to more insider threats and audit findings, or even bring fines, jail or bankruptcies?
This discussion leads to an inevitable question: Can you hire an ethical pirate? In security circles, many people call these people “gray hat” hackers, with a foot in both the good and evil online worlds.
There are no easy answers to these tough questions. Nevertheless, the importance of this topic cannot be underestimated. Every organization seeks to hire the best talent, but the greater goal is to build effective teams that work well together to deliver solutions, produce new innovative products and services, and build a culture of lasting success.
It is generally true that technology and security professionals who earn interviews have the minimum skills to fulfill the duties in the job descriptions, at least on paper. But how do we measure future potential and cultural fit? Beyond credentials and certifications, what traits should we be looking for?
My answer is to start with character. Is this person trustworthy? I’d rather hire a good securty pro who has a great attitude, is trustworthy and is accountable than a great cyberexpert I don’t trust.
Second, is the person passionate about the role, the organization and team success? You can’t fake passion.
Third, hire for diversity of experiences and backgrounds on the team. I agree with Steve Jobs on this: “Recruit a diverse, well-traveled and highly skilled pirate, and they’ll follow you anywhere.”
Never miss a story with the daily Govtech Today Newsletter.