Deloitte on the hunt for cyber security professionals with 'people skills'

Deloitte needs security professionals who can explain to stakeholders what a problem is in simple terms, says head of cyber security

"Big Four" accountancy firm Deloitte is on the hunt for cyber security professionals with "people skills", according to the firm's head of UK cyber security, James Nunn-Price.

Nunn-Price told Computing that Deloitte's cyber security practice is hiring 100 graduates, of which the majority are business-risk focused while 20 are technical roles.

He explained that security jobs fall into two broad categories: one is the low level monitoring of logs and alerts, and the other is the "harder bit of applying information to some sort of business requirement or problem".

"We find that the human element requires a lot of skill, and is ideal for those who have a problem solving mind-set, for which we can give that understanding of security - the techies, geeks or nerds aren't that good in the business context because they are focused on the zeros and ones," Nunn-Price claimed.

Deloitte hires both creative people for whom it helps to develop analytical skills, and vice versa. Nunn-Price acknowledged that certain roles such as reverse engineering code and cryptography need tailored courses.

But people with such skills are required to have more in their repertoire, particularly to work for a consultancy like Deloitte, he said.

"The market is demanding more [than the amount of people Deloitte is currently hiring], so we're in competition with everyone else to hire the best people," he stated.

The firm looks for whether an applicant is good at interacting and consulting, in addition to the technical side of things.

"The security people end up in a bunker because no one knows what they are saying. In the last two years there has been a huge shift, and now those people with security skills need to be able to explain to stakeholders what a problem is in simple terms," he said.

And Nunn-Price claims that this has enabled a new ‘interpreter' role to develop, for someone who is more business-risk focused, but has enough technical knowledge to go to meet stakeholders alongside an IT security professional and explain how the business is affected.

Earlier this year, Deloitte launched a master's cyber security course at De Montfort University, and is hiring as many of the graduates as it can, while some of its existing staff are being put through the paces of modules such as penetration testing, incident response and forensics.

Computing's Securing Talent campaign aims to raise awareness of the growing need for people with cyber security skills in industry and government, and for clearer pathways into the cyber security profession.