Building your Cyber Security Team

Top 5 Points to Consider When Building Your Team

At a time of unprecedented change to the way in which organisations operate, ever increasing cyber threats, and ever more sophisticated attackers, building a diverse, robust and above all, highly effective cyber team has never been more important.

With this in mind, below are our top 5 points to consider when thinking about building your cyber or information security team.

Identify Your Strengths and Weaknesses

With demand for cyber security workers at an all-time high, thinking strategically about your short- and long-term goals, making an honest assessment of how well your existing team operates, and appreciating your economic context are the first steps in understanding how to build your cyber team.

Regardless of your organisation, when thinking about how to build the right cyber team, you should first take the time to understand your vulnerabilities and weaknesses, using this as a starting point for beginning the process of development.

Focus on Core Cyber Security Skills

When building your cyber security team, it is worth appreciating that the candidate who appears best on paper, is not necessarily the best person for the job.

One commonality to most highly technical degree courses is that by the time a student leaves the course, a significant portion of what they have learnt and the skills they have developed will be several years behind the cutting edge of the field.

Though there are undoubted benefits that come with a highly credentialed cyber security team, education has never been more accessible than it is now, and traditional degrees and qualifications, depending on your organisation’s needs, may be far less important than real-world experience and technical expertise.

  • Secure software development skills
  • Ability to analyse, diagnose, and detect security risks
  • Interest and understanding of the latest news and developments in cybersecurity
  • Understanding of network architecture
  • Strong communication and collaboration skills

In a field such as cyber or information security, it is often those who can think outside of the box and boast a unique skill set that prove themselves to be most valuable.

By focusing on core cyber security skills rather than credentials, you can help to minimise unnecessary costs, whilst building a highly skilled and well-rounded cyber team. 

Upskilling and Training Your Existing Team

When building your cyber team, seeking outside talent is always going to be part of the process, though often overlooked is the importance of first focusing on how an existing team can be improved and further trained.

As well as presenting the very appealing opportunity of progression and self-improvement, looking within your existing team can also save your organisation time and funds relative to getting new recruits up-to-speed with specific systems and networks.

Creating an internal pipeline of talent can also improve the quality of applications by signalling to outside hires that your organisation is dedicated to professional progression, especially if the costs of additional qualifications and external training is covered by the company.

Additionally, when developing any new job specification for potential candidates, considering including details about professional development pathways, and the specifics regarding long term career opportunities within the organisation.

Finding the Right Fit and Complimentary Skills

Though this is applicable to hiring and managing across a variety of fields, finding a candidate that compliments and gels with the existing dynamics, skills and individuals within your cyber and information security team is an essential.

Though there are core skills which your entire team should possess, building a team with a diverse range of skills that compliment one another will both enrich the potential of your operation, but also help to protect against the ever growing range of cyber threats.

Finding the right person for the job is an investment of your time and an investment for your organisation. Taking the time to sift through a wide variety and large number of applications, may seem like a grind, but in the end this effort will pay off, ultimately saving you time and energy in the future.

The Cyber Security Deficit

According to UK government data, of those recruiting cyber for roles within the last 3 years, around 35% report these vacancies as being hard to fill.

As well as this, according to the non-profit security consortium (ISC)² reports the global number of unfilled cyber security positions, in 2019, as being around 4 million, up from 2.93 million the previous year.

Although these numbers may not sound greatly positive for those wishing to expand, build or develop their cyber team, it will ultimately advantage an organisation to understand the context in which it operates.

As governments, NGO’s and educational institutions attempt to encourage greater numbers to join the burgeoning cyber security industry, the field still operates at a deficit; putting the onus on recruiters and organisations to entice the best talent with competitive salaries and great professional opportunities.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


InfoSec Round-Up: November 1st 2020

InfoSec Round-Up: November 1st 2020 - Hut Six

Vaccines Under Attack, Finnish Patient Blackmail & ICO Enforcement - InfoSec Round-Up Nov 1st

InfoSec Round-Up: October 25th 2020

InfoSec Round-Up: October 25th 2020 - Hut Six

BA Fined, Instagram Investigated, Darkside Donations & PayPal Crypto - InfoSec Round-Up, Oct 25th

InfoSec Round-Up: October 18th 2020

InfoSec Round-Up: October 18th 2020 - Hut Six

Five Eyes Encryption, Hackney Council Hack & Software AG - InfoSec Round-Up, Oct 18th 2020

InfoSec Round-Up: October 11th 2020

InfoSec Round-Up: October 11th 2020 - Hut Six

HMRC Phishing, H&M Fined €35m & UK DfE ICO Report - Infosec Round-Up October 11th 2020

InfoSec Round-Up: October 4th 2020

InfoSec Round-Up: October 4th 2020 - Hut Six

TikTok Ban Blocked, Russian Hackers Sentenced & Ransomware Attacks - InfoSec Round-Up Oct 4th 2020

Maintaining Compliance for Businesses - Guest Blog

Guest Blog: The Benefits Of Maintaining Compliance For Your Business

Your business can stay ahead of issues before they become a major problem. Hut Six Security guest blog by

InfoSec Round-Up: September 27th 2020

InfoSec Round-Up: September 27th 2020 - Hut Six

Ransomware Fatality, Bing Leaks, Instagram Bug & Uber Data Sharing - InfoSec Round-Up Sep 27th 2020

UKGDPR Compliance

What is GDPR Compliance UK?

What is GDPR Compliance UK? Understanding the General Data Protection Regulation and UK Compliance. Blog by Hut Six Security.

InfoSec Round-Up: September 20th 2020

InfoSec Round-Up: September 20th 2020 - Hut Six

Leaking Databases, Social Media Oversharing & NCSC Warning - InfoSec Round-Up September 20th 2020

DDoS Attack

What is a DDoS Attack?

What is a DDoS attack and what should you do if you think you are experiencing one? Blog by Information Security Training provider Hut Six Security.