![[Original size] White and Pink Strikeout](https://static.wixstatic.com/media/8264b6_7b0a194fbd554fac92d9b94b2375c5e8~mv2.png/v1/crop/x_52,y_156,w_384,h_171/fill/w_446,h_199,al_c,lg_1,q_85,enc_auto/%5BOriginal%20size%5D%20White%20and%20Pink%20Strikeout.png)
Matt Hockey is a rare recruiter: one that has a hands-on knowledge of what we as cybersecurity professionals actually do day-to-day - but also has an insight into how the market is made up and what hiring managers want out of us. He is both unicorn hunter and hacker-in-training - and that makes for an interesting set of insights.
Check out what he has to say below, and his LinkedIn profile is here:
My Entry into Cyber Recruitment
Prior to my role in Cyber Security Recruitment, I was an Insurance Broker (sounds irrelevant but please bear with!). After becoming increasingly frustrated by being handed pages of old phone numbers to call that led to dead ends, I decided to create an AI-based chatbot.
This entailed learning to code, program and drink a lot of coffee.
I then got to applying it to a platform that then correlated the data that the prospect punched in and gave them a rough insurance quote - enticing them to book a call with me through the bot giving me fresh leads!
All was well - until I realized I enjoyed the tech more than the insurance (shock, right?).
As time went on, I decided to leave the Insurance world and get into recruitment. I went to interview at a few different firms but felt rather uninspired by the markets I would be recruiting for. This changed when I got introduced to Josh Keeley, who at the time was Manager of Blackthorn Trace, a large recruitment firm. He invited me in for a chat to go through my options, which then unknowingly turned into an interview after chatting about tech with him. Unsurprisingly, I jumped at the offer! That brings us up to the present day, where I am now the Offensive Security Specialist within Blackthorn Trace.
Observations
Although only being in the industry for less than a year, there are a few things that have become very apparent, very quickly.
One of these being the industry claims there is a ‘skills shortage’. Which I agree with to a degree. In some areas of cyber, there are just not enough people for the demand, but on the other hand, there is an inflated image of the ‘perfect candidate’ (or unicorn as lots of people in the industry call them) that is often unobtainable.
For example, we have received job descriptions for juniors with CISSP…
This is something that we as recruiters need to manage the client expectations on, and often inform the HR teams is not possible - while offering an alternative.
The skills shortage is a problem, but we are seeing a culture change (which is positive!)
Increased training budgets are now a key point for some companies when we take jobs on with them, which I feel is key, as it shows not only commitment to the candidate but also an understanding that they can’t hire someone with all of the skill-set they require from the outset.
One of the main observations I have after being within the Cyber Security world is the undeniable sense of community. Everyone I have come into contact with is not only enthusiastic about what they do, but also helpful in bettering my understanding of the market.
The groups on Discord, LinkedIn and Reddit are how I’ve immersed myself into the industry and I would encourage anyone who is looking to break into the cybersecurity sector to do the same! Expanding your network is one of the most powerful tools at your disposal when trying to reach a career goal, LinkedIn being one of the most accessible, easy to use tools to do so. You need to invest a little time in order to use it effectively, but this will pay off.
Meetups and Events
Another is going to meetups and events that are specialist to your field; DD4420, OWASP meet ups or the Ladies of London Hacking Society are just a few that can increase your professional and in turn personal network tenfold. Once you are in these groups and networks, you will see that the community that the cyber world has is second to none.
I have personally seen a lot of this; across my time at Blackthorn I have become more and more invested within the market, wanting to learn what cybersecurity professionals do from a more hands-on perspective. I started out by doing more coding-specific courses (both web development and programming) so I could better prepare for using tools and getting to grips with cybersecurity methodologies.
After completing a few of these, I am now studying for my CompTIA A+/Net+/Sec+ examinations - I feel these are a good starting point! Mentioning this to a few people, I have been sent exam notes, revision resources and advice by a range of people for which I am very grateful.
Alongside these, I am working on more practical courses by the Blue Security Team, which are brilliant! They offer an excellent blend of hands-on assessment, as well as a strong theoretical explanation and questioning.
Editor's Note:
To any new recruiter that is plying their trade in the cybersecurity market - you'll find a lot of professionals have heard every trick in the book before, and will be extremely difficult to get hold of.
If you're looking for a strategy to get past that - you could do a LOT worse than Matt Hockey's efforts at better understanding what the job entails from the professional's standpoint and his ability to play the long game. Build a relationship with someone, and you'll become the recruiter he sends all of his friends to - rather than chasing the one unicorn to pocket the quick return every time.
Get in touch with Matt here.
Comments