With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.

That’s what the University of Maryland did when testing hundreds of participants working for multiple agencies within the Department of Defense. Testers used the Cyber Aptitude and Talent Assessment (CATA) by Haystack Solutions that evaluates critical thinking, deliberate action, real-time action, and proactive and reactive thinking. Then it maps results against four security domains: offense, defense, analytics/forensics, and design/development.

Pulled from the article, this is what I found most interesting: “Many of the test subjects were determined to be creative thinkers who scored low on many tasks but who performed well in crucial areas such as “Need for Cognition,” “Need for Cognitive Closure,” and “Pattern Vigilance,” and so were well suited for and chosen for cybersecurity roles for which they had not previously applied.”

These are candidates that would have been passed over, but who are suited for very specific cybersecurity needs. They just need training and encouragement.

This type of CATA testing may also be helpful with another overlooked group: The neuro-diverse, such as people with Asperger’s and other forms of autism, which large companies like IBM and SAP are tapping and nurturing through programs like SAP’s Autism at Work program.

I may even ask to take the test myself so I can see what type of SOC position I’d fit into, just in case my industry analyst career takes a nosedive.

Deb Radcliff, Strategic Analyst at the Cyber Risk Alliance’s Business Intelligence Group, was the industry’s first investigative reporter to make cybercrime a beat in 1996. She then led the SANS Analyst Program for fifteen years before authoring a top-selling cyberthriller, Breaking Backbones, and joining the CRA.