What to Look for in a Cloud Security Analyst.
Find high potential candidates in your recruiting pool.
CyberMSI has gone through 1,000s of resumes, and we are always seeking capable cloud security professionals. We look for some specific attributes that we know from experience will make a candidate successful as a cloud security analyst.
In this blog, we discuss the features that we believe are the most important for cloud security analysts. We will also discuss how some of this information can found in a candidate during an interview.
Previous IT Experience
Previous IT experience should be taken into consideration because it can be used during investigations that are related to the field that they worked in. For example, if a candidate used to work as a server admin, they would be able to handle incidents involving servers easier and more effectively because they have immediate experience with the field.
The main job of a cloud security analyst is to effectively manage incidents in the cloud environment so having strong problem-solving skills is critical. Asking how the candidate would approach incident management is very helpful. By paying attention to this question, you can determine their problem-solving skills and how well they align with the organizational approach.
Experience with Specific Tools
There are some security tools that are invaluable to cloud security analysts and finding a candidate that has experience with these tools can be a serious boost to your organization. The experience with tools that we are looking for the most often are SOAR and other leading querying languages that they can bring to the position.
Sincere Passion for Security
Every organization is looking for passionate professionals, but it is difficult to determine that during the iterviews. Some ways to learn if a candidate is passionate about security is to ask them questions like what security related activities they do in their free time or which of their security related technical skills they are working on now. The passion will come out naturally if they are able to readily answer these questions.
Working as a security analyst can get stressful especially during high severity incidents. Asking a candidate about how they have handled conflict in the workplace in the past can be very enlightening. A good candidate would have a story about how they reasonably navigated through conflict, but we get a shocking amount of candidates that are blunt about how aggressive they are or claim to never have conflict.
Dynamically Gathered Information
Taking notes about the candidate can say almost as much about them as all the standard questions combined. The way that they carry themselves and any idiosyncrasies they have will communicate what they will be like to work with regularly. Candidates that are perfectly qualified on paper may not be a good fit based on their behavior, and this information can be communicated easier by taking notes on the fly.
We will continue to share best practices and lessons learned in future posts on staffing cybersecurity professionals. If you or anyone that you know feels that they would answer these questions well, we are always looking for more qualified professionals to join our team.
In closing, consider these three questions when staffing cloud security analysts in your organization:
- What is the best way to assess technical experience and soft-skills during the interview?
- Are there techniques we can use to determine if the answers candidates are giving us are sincere?
- Is there any noticeable behavior found during the interview that is worth discussing as a team?