Skip to content

Trending tags

How to recruit incident responders

Matt Lawrence

03.06.19 4 min. read

We often talk about the skills shortage making it harder for organizations to defend against the evolving threat landscape. In this article, our own Global Head of Incident Response, Matt Lawrence, shares his tips for recruiting – and then retaining – the very best in the industry.

Cybersecurity is – to put it mildly – a very exciting place to be. Incident responders, specifically, are constantly pushed to expand their knowledge and expertise when helping organizations recover from compromise. Such highly skilled and technically curious individuals are crucial to defending organizations against targeted attacks – as a result, they can be incredibly difficult to find, hire, and retain in the global cybersecurity skills shortage.

There is no quick and easy fix to this issue. However, there is much that organizations can do to make themselves attractive to prospective, highly sought-after employees.

Consider how you pitch your company to graduates

Tech-proficient graduates tend to look more towards tech-centric businesses when they are at the start of their job search.  This is probably because these companies have better brand recognition in the tech community, and are also more willing to talk about the value of cybersecurity and incident response publicly.

Whether you are a technology business or not, consider ways you can be more open with how crucial technology, security, and incident response are to your business (because – let’s face it – they should be). Make it easy for prospective employees to know that you both need and focus on these specialisms by making visible efforts to share your stance.

Have the best onboarding program ever

A crucial retention component that often gets overlooked is the onboarding process for employees. This could be because the recruitment process can be long and protracted; once you’ve found the right person (or team) it can be tempting to just leave them to get on with the job.

However, the success of a team starts with the onboarding process. It’s where you can ensure that each member of the team has all the requisite knowledge they need to succeed. Generally, incident responders interact with all areas of the business and therefore may need additional support in the early days to establish those contacts. It is also the time to clearly establish their role, remit, and research interests.

Keep it interesting

One of the larger problems in retaining in-house incident responders is that big incidents don’t happen every day. Responder fatigue is real. This means that organizations have to think more clearly about how employees are empowered to do and develop their jobs. This can be boiled down to two things: technology and development.

Inspiration through technology

For technology, consider this: are you investing appropriately and giving your employees the right tools to do their job or are you expecting them to mold themselves to your existing stack? The latter is obviously not ideal, although budget constraints can make it hard to achieve the former. Regardless, the success of an incident responder is in large part down to ensuring that they have the right tools in place to do the job.

Personal and professional development

Business-breaking incidents don’t happen every day, especially when you work in-house. Consider how you will keep training interesting, and how you can constantly test your team and keep them excited. Give them ample time to research new attacker techniques or even run internal exercises between your detection and response teams. Test playbooks and table-top exercises to ensure they are still relevant.

Consider your culture

Suits, for example, aren’t for everyone, and many of the more technologically-minded amongst us will turn down a role if the dress code is rigid. Many organizations have solid reasons for such dress codes, but could you be flexible?

Campaign for better early-years inclusion

The education sector is doing its best to bring new technologies into classrooms and help students become familiar with a number of different coding languages.
However, we need to think forwards, and then work backwards. We need to think about what different types of skills we need to fulfil our needs globally – both in the present and future. Naturally, this leads us to education. Are we providing our schools universities and college with the necessary information they need to develop learning and training programs that produce – or at least open the eyes of – students to the potential of these industries? We need the security industry – whether security-specific companies or those who put security at the core of their operations – to engage more than ever before with our schools, universities, governments and regulators to help develop these programs.

Adept incident responders are rarely produced by schools. It’s generally down to individuals to gain an interest and work in their spare time. While that’s important from an individual development perspective, we still need to think about the implications for all the choices we make, including the technology we use: are we ensuring usability? Are we removing barriers for people to learn and respond to incidents and compromise effectively?

Search our latest vacancies here.

Matt Lawrence

03.06.19 4 min. read


Highlighted article

Related posts


Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.