Blue team, Security Staff Acquisition & Development, Training

Diversifying Cybersecurity Talent Through Aptitude Testing


With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.

That’s what the University of Maryland did when testing hundreds of participants working for multiple agencies within the Department of Defense. Testers used the Cyber Aptitude and Talent Assessment (CATA) by Haystack Solutions that evaluates critical thinking, deliberate action, real-time action, and proactive and reactive thinking. Then it maps results against four security domains: offense, defense, analytics/forensics, and design/development.

Pulled from the article, this is what I found most interesting: “Many of the test subjects were determined to be creative thinkers who scored low on many tasks but who performed well in crucial areas such as “Need for Cognition,” “Need for Cognitive Closure,” and “Pattern Vigilance,” and so were well suited for and chosen for cybersecurity roles for which they had not previously applied.”

These are candidates that would have been passed over, but who are suited for very specific cybersecurity needs. They just need training and encouragement.

This type of CATA testing may also be helpful with another overlooked group: The neuro-diverse, such as people with Asperger’s and other forms of autism, which large companies like IBM and SAP are tapping and nurturing through programs like SAP’s Autism at Work program.

I may even ask to take the test myself so I can see what type of SOC position I’d fit into, just in case my industry analyst career takes a nosedive.

Deb Radcliff, Strategic Analyst at the Cyber Risk Alliance’s Business Intelligence Group, was the industry’s first investigative reporter to make cybercrime a beat in 1996. She then led the SANS Analyst Program for fifteen years before authoring a top-selling cyberthriller, Breaking Backbones, and joining the CRA.

Deb Radcliff

Deb Radcliff was the first investigative reporter to make cyber crime a beat starting in 1996 after researching a best-selling book about Kevin Mitnick called the Fugitive Game. Since then, she has written hundreds of articles for business and trade magazines, won two Neal awards for investigative reporting, and was runner up for a third. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. And she wrote her first book in a cyber thriller series, “Breaking Backbones: Information is Power,” which is selling well on Amazon and other outlets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.