enterprisesecuritymag

Recruitment of DFIR Candidates

By Deidre Diamond, Founder and CEO, CyberSN

Deidre Diamond, Founder and CEO, CyberSNDeidre Diamond, Founder and CEO, CyberSN

Attracting specialized cybersecurity talent has never seemed more difficult. Nearly half of all cybersecurity professionals are solicited to consider other positions at least once per week. Digital Forensics Incident Response (DFIR) professionals are generally not actively searching for jobs and traditional recruiting methods go unanswered or never seen. Attracting, hiring and retaining DFIR candidates to expand and lead your team can happen quickly and without frustration. Here’s how.

"DFIR jobs are complex, recruiting qualified and passionate professionals is a specialized and challenging project"

Define your tasks and projects. DFIR roles and responsibilities vary from industry to industry and company to company. Knowing and illustrating the tasks and projects upfront generates interest and attracts qualified candidates. Outline the tasks and projects specific to the role at your company and avoid using an internet search on “forensic analyst” to build your job posting. Be specific with the tasks, for example, performing live systems analysis and Linux memory forensics versus experience with live system analysis in the position description.

Speak the language. The majority of active DFIR job posting are unattractive or uninformative to the intended audience plus DFIR people are involved in an activity at their terminal and fairly happy with their current position. You want to capitalize on “fairly happy.” What is missing for them in their current role? Forensics and incident response is very environment specific. Listing the environment speaks the DFIR language; is key for a passive job seeker. Let potential new team members know the environment and tools available in your DFIR practice. Including environment such as AWS hosted web applications, Windows, and Ubuntu Linux, iOS mobile forensics provide insight and generate interest. It is important to note listing environment and tools is an OPSEC balance in some industries, a topic for another discussion and the benefit of attacking interested DFIR people is worth evaluating the OPSEC risk.

Budget, budget, budget. CSOs and CISOs have great vision in projecting, building and executing sound budgets covering people, training, risk, compliance, and the security products necessary to operate an effective cyber program. Budget plans are missing a critical DFIR resource; cyber staffing agency budgets. DFIR jobs are complex, recruiting qualified and passionate professionals is a specialized and challenging project. Cyber staffing specialists have the expertise in cybersecurity staffing. The expertise to define your role and responsibilities, find the qualified professional and augment your internal Human Resources hiring processes as a project. This changes your DFIR hiring to a hiring project rather than a staffing requisition. A project with a budget for cyber staffing consultants that speak the language, connected with the cyber community, have the same passion as DFIR job seekers and can move quickly.

Effective interviews and move quickly. Schedule interviews quickly and have meaningful sessions that connect with a potential new team member. Have a plan to cover the technical aspects of the role and identify the person’s strengths that will benefit your team, remember to interview and not interrogate. Most importantly be prepared and committed to discussing career growth, your retention plan, and total compensation. Move quickly when the interview is complete. Follow up with the person and when you have found an interested and qualified person, extend a career offer quickly. Take advantage of the interview’s momentum and express your interest to the new DFIR team member less than 24 hours after the interview is complete. There are many factors for the potential new team member to consider when a career offer is made. The sooner the offer is in the person’s hands the likelihood of accepting increases significantly.

Growing or building your DFIR team can happen without feeling the frustration typically associated with a talent shortage. DFIR professionals have an expertise and move quickly. The same is needed to hire them. Define your hiring process as a DFIR project, budget the appropriate staffing expertise, have a career plan for the person you want to hire, make offers based on total compensation conversations and prepare for rapid execution!