Part 1 of 16
I was the victim of discrimination. As a white male, at the tender young age of 18, in New York City.
But I digress.
My ideas on Hiring the Unhireable began at the RSA 2012 conference in San Francisco, when then DHS Secretary Janet Napolitano put out the call to arms. “We can’t find good cyber security people. There just aren’t enough.”
I thought, “That’s crap—that’s not even close to true.”
We don’t have a lack of talent. What we have is a provincial mindset, entrenched over decades, in a flawed Cold War binary philosophy. Many of the current hiring systems all too often enforce an arbitrary, capricious and discriminatory set of criteria, which is fundamentally designed to eliminate true, valuable human talent—consciously choosing instead to often default to the center of the Bellc; that 68 percent we refer to as “normal”.
Leaders from the US, UK, EU and elsewhere bemoan that they immediately need tens of thousands of super-talented security geeks, but can’t find them. This dearth will only worsen our already sub-par security posture in the coming years. The abyss is widening. Welcome, IoT. We are losing the war. And, it’s all because not enough people are talented or skilled at the myriad necessary security practices.
Again, I disagree.
What they can’t find are good security people who fit into their hard-crusted mold of what corporate and government structures have become. Many organizations have created a climate of CYA-driven self-preservation while political correctness runs insanely rampant. Mean-spirited litigious greed dominates, to the detriment of everyone, everywhere. And that certainly refers to more than just the information security industry, but for the purposes of Hiring the Unhireable, I will stick to the security and IT fields.
There is actually a lot of truly great talent out there. But we may not see it in the traditional ways. We have a tremendous opportunity to buck the self-congratulatory narcissism of those who have destroyed the hiring of qualified technical people so completely that we now have a highly visible schism between the Hireable and the Unhireable—widening day by day into an inescapable abyss.
Over the years, what we have essentially done—intentionally or not—is create a sub-category of talent whom we will never hire. The Unhireable. I sincerely hope that mass awareness of this self-destructive behavior will evolve more rational policy that encourages ‘Hiring the Unhireable’.
If we need/will-continue-to-need cyber-security folks so badly (a prognostication with which I do agree), then we must ensure that the discriminatory practices in place today are erased and relegated to a history lesson entitled, “Well, here’s another nice mess we’ve gotten into.”
Information Security is finally recognized as a National Security issue in many countries. The integration of critical infrastructures to traditional networks to the cloud and now to mobile and IoT means that any nation’s ability to function is fundamentally based on its success or failure at information security. We were ignored 30 years ago – to the collective detriment of everyone, everywhere. The politicians just didn’t “get it”.
Despite this historical failure, our “leaders” still have consciously chosen to fail as the urgent times call for common sense changes to meet national security challenges.
Today’s IT and IT-security, as it affects national, corporate and personal security and privacy is an imperative. And as such, if we truly want to do our best, we must hire the unhireable.
So, let me un-digress and get back to my discrimination.
Part 2: Winn can’t get a job
Part 3: Vive la difference!
Part 4: Celsius or Fahrenheit?
Part 5: Embrace failure
Part 6: You’re not so special (Really, you’re not)
Part 7: Autistics DO need to apply
Part 8: Let’s profile ’em all!
Part 9: Binary trust is just an excuse to say ‘No’
Part 10: Stop the drug testing
Part 11: Put ’em out to pasture (ageism)
Part 12: Sending talent to the ‘Dark Side’
Part 13: Working 9-to-5 and the whole IP thing to start
Part 14: Perks for geeks
Part 15: What to expect from the unhireable once you’ve hired them
Part 16: We can’t do it–It’s just too damn hard
Winn Schwartau is the CEO of The Security Awareness Company, the author of Information Warfare, Pearl Harbor Dot Com (Die Hard IV), and the upcoming Analogue Network Security.