One of the most challenging aspects of working in cybersecurity can be the deceptively simple act of finding the best job that suits your skillset and best fits the employer's expectations. Whether it is an entry-level position, a lateral move, or a career advancement, there is more to finding a rewarding position than just relying on the heavily publicized skills shortage.
Wouldn't it work to your advantage if you knew how a cybersecurity recruiter viewed your skills to place you in the best position for longevity and advancement? We were fortunate to speak with David Sforza, who is a cybersecurity recruiter for Fortra. He shared insights that can help anyone at all levels in their cybersecurity journey.
Can you please tell me about your role?
I am the manager of the talent acquisition team at Fortra. I am also a senior recruiter and manage the recruiting team under the supervision of our Senior Manager.
What qualities are you looking for when recruiting for cybersecurity-related roles?
First and foremost, we want to make sure that we're finding people that are aligned with Fortra's core values, no matter the role. The people we recruit will be interacting with our customers and we want to make sure that they represent who Fortra is and what we stand for. Beyond that, it depends on the position. If it's an entry-level position, we're often looking for a particular mindset. We hope to find people with some experience, but more and more, experience is not necessarily the priority if it's an entry-level position. There are boot camps, colleges, and universities that have cybersecurity programs that people can get degrees in. We see that, and we look for those as well. There are also a lot of available certifications. When it comes to an entry-level standpoint, and the applicant has no experience coming into the industry, if they have a degree or certifications, that's great. However, a lot of times, hiring managers are going to look for the mindset. Again, this ties back to core values - will this person listen to our customers and strive to provide exceptional support.
Cybersecurity is one of those fields in which you have to be inquisitive. You must have an almost inherent feeling of why things work the way they work and be able to solve problems (we are problem solvers!) - not necessarily from the tech side, but as a person, you want to know why things work the way they do. So, if you have an issue with something, you need to have the curiosity to solve the problem. Also, because of the nature of cybersecurity, you must always be looking for what's next, what's coming.
What we try to do for our customers is make sure that their platforms, applications, or whatever it may be, are safe from malware, ransomware, attacks, and so on. So, a lot of what we look for in people is what they are doing to keep themselves up to date as cybersecurity changes. We focus on AI and cybersecurity. Those are two of the hot buzzwords right now because everybody in the world is concerned about both of those things. AI has been around for a while, but its importance is really only starting to rise in the public consciousness, especially in terms of how it's going to affect their lives. We're always looking for folks who are researching on their own and are inquisitive about how AI is going to affect things. For Fortra, the focus is on the different attacks that may be emerging from AI.
What advice would you give individuals who are applying for roles? What makes them stand out?
Behind the scenes, before we get to the point of speaking with a candidate, we have conversations with our hiring manager. We want to know what they are looking for in a new employee. What does the applicant need to offer to be an attractive candidate? From a recruiting standpoint, we look for those types of candidates. It's going to be different depending on what kind of position it is. If it's a software engineer, we're going to need to know what languages they code in and what their proficiency level is. If it's more of an analyst position, what are they doing now? What are they looking to do moving forward? So, when we're looking at folks after talking to the hiring managers and the team and getting a sense of what the candidate needs to have, we can assess if a person is a good choice. We focus and adjust our searches when talking to candidates on those specific things. That way, we know we're delivering the correct candidates to the organization.
What mistakes do you often see from individuals applying for a job?
We run into many issues where folks aren't necessarily putting everything on their resume that can help us see that they have the experience we need. It's a fine line. A candidate may have a very sparse resume that doesn't tell us anything. Conversely, we sometimes receive a resume that's 17 pages long and super detailed. That's not something that a hiring manager is going to look at. Most managers are going to look at a couple of pages. They're going to see in the last five to 10 years what the person has been doing if that specific position requires that. Is it relevant to my position? Relevance is very important.
What is more important for your hiring process, and what is your experience in a role or industry qualifications?
For an entry-level position, the hiring manager is not looking for a lot of experience because the company wants to provide the training over time. They will want to get somebody on a career track, and they're going to train them to do it their way. They don't want to have to retrain somebody. They like that blank slate. If it's a position that requires experience, then it's pretty evident that the experience is relevant.
If I'm looking at two different people, a lot of times, it could be just looking at what the person is doing now. What have they done in the past? What extracurricular activities are they doing to show that they're interested in the work? Are they studying for certifications on their own? Are they involved in blogs? Have they participated in any cybersecurity competitions, or are they members of any groups? Are they naturally inquisitive about learning as much as they can? Those are the candidates that we want to talk to first. For entry-level jobs, we look for enthusiasm, but as things progress, you need those qualifications to back that up. That natural progression is if you love the role, you love the job, you love the industry, you're going to be seeking more knowledge because you know you want to progress, and this is the career for you.
If you could give job seekers some advice, what would it be?
The best advice I offer to an applicant is to make sure your resume is up to date. That also means carefully spell-checking it. I have seen an instance where a person is applying for a position that requires a high attention to detail, such as a quality engineer, and they misspell the word quality. Your resume should also list more than your job responsibilities. It should include how you performed those tasks. Give a short description of how that task benefited the organization.
The other thing is making sure that you have the right experience for the position. A lot of applicants get into the sense that completing boot camp training will qualify them to be a cybersecurity engineer. However, the job requires more than that. If it's an entry-level position, that's probably going to suffice. Nevertheless, if it's an intermediate or senior-level position and you just jumped into the cybersecurity world, you really don't have anything with respect to the required experience.
Another important consideration is if you are invited for an interview, make sure you show them that you want the job. We have had experiences where people interview and present themselves very blandly, with no apparent true interest in the job. Hiring managers are looking for enthusiasm. Bring that. Make sure you show up on time. If it is a remote interview, make sure you're in an appropriate area. You shouldn't be holding an interview while you're shopping or in a loud coffee shop. It helps you to look and sound professional. The interviewer is going to be looking at you. Especially in this virtual world, most of what we do is interview virtually. So it's even more important how you come across on camera as opposed to what you look like in person. You're not going to get that opportunity. Your first foray into this process is going to be you in front of this camera. Make sure that it's a good one, and make sure that your background looks professional.
Do you get many applicants that are completely new? What are your thoughts about those types of people? What value do they or could they bring to a business?
Yes! We're seeing people who are jumping into cybersecurity as a second career. We have met nurses and other medical folks, accountants, and industrial engineers. They recognize that cybersecurity is the future, and now is an excellent time to enter the field. We need a lot of cybersecurity people. So, folks are jumping into it from another career. Some of them are going to have to be okay with maybe taking a step back in terms of seniority, in terms of perhaps even being able to absorb a salary that's less than what they have been earning. They are going to have to prove themselves in the industry first before they can get into the advancement hierarchy. I don't look at anybody who's coming into the industry from the outside any differently than anyone who, for instance, would be jumping out of college after getting a degree and wanting to get into cybersecurity. It's along the same lines.
I understand that it's not just the job per se and the skills that you have are important, but applicants that have a 15-year career already under their belt, even if they don't have the tech side of things just kind of nailed down yet, and they're coming into this new, there's a lot of intangibles and soft skills that they bring to the table because they've already been doing something else for a few years. Maybe they have management skills, maybe there's the self-discipline of being able to manage their own time, whatever it may be, those soft skills and those intangibles they can bring to the cybersecurity side of things and be just as successful.
At Fortra, we pride ourselves on hiring from within. You can start in an entry-level position, and as long as you continue to show that you're interested in advancing and have the opportunities to do so when those positions or those opportunities open up, we see people continue to rise throughout the organization. We really kind of allow people to flex their creative muscles. Somebody who's interested and wants to be part of the cybersecurity industry is somebody that we're definitely going to want to have as part of our organization. We love talking to candidates who are seeking an opportunity to better themselves, be here for the long term, grow with the company, and grow as a person and in their career over time. That's the ideal situation.
Our conversation with David was a rare gift, giving job-seekers a candid peek to be able to know some of the inside information to better land a job in cybersecurity.