Human Capital: Our Most Important Asset

I have recently been reading about a selection of topics surrounding employees, skills and how we hire, onboard and engage with our staff. This has brought me on to the concept of ‘human capital’ which is:

Human capital is a measure of the “knowledge, skills, competencies and attributes embodied in individuals that facilitate the creation of personal, social and economic well-being”
(Organisation for Economic Co-operation and Development).

In my role as a Managing Consultant, I’m often involved in the hiring process, from writing job specifications to technical screenings, and over the last year, one of two final interviewers for almost all our Security Engineering hires. When driving this process to find and hire great people, I sometimes find it hard to articulate the non-technical knowledge, skills and competencies I’m looking for in a candidate. That is where I think human capital can help in the definition of, key indicators and metrics for candidates and already existing employees.

Quoting the CIPD: “business has yet to come to an agreed way of valuing and reporting on the value of a workforce’s knowledge.” Searching for a simple (yet well thought out) collection of metrics to search for and define, this paper (PDF) introduced me to KSAOs (knowledge, skills, abilities and other characteristics). In the following weeks I hope to do some further research and trial integrating this into the job specifications and interviewing guidelines I have written.

I thought I would add this interesting checklist from SF Magazine which aims to get you up and running with human capital strategy ASAP:

Further Reading

Continue Reading

The Cult of Passion in Infosec

Recently I read an interesting analysis (by the talented Chris Sanders) reflecting on passion; how we use it to screen infosec candidates and asking the question if what we really mean (or should mean) is ‘curiosity‘.

“Passion is very difficult to attribute to a source. In fact, most people aren’t good at identifying the things they are passionate about themselves. The vast majority of security practitioners are not passionate about information security itself. Instead, they’re passionate about problem-solving, being an agent of justice, being intelligent, being seen as intelligent, actually being intelligence, solving mysteries, making a lot of money, or simply providing for their families.”

One particularly interesting observation which caused me to pause and reflect was the line:

“Not everyone is extraordinary and that’s okay. There is this myth that we all must be the best. As Ricky Bobby famously said, “If you ain’t first, your last!”. But, by constantly trying to be the best it breeds things like imposter syndrome, self-doubt, and depression.”

It is sometimes difficult to not constantly look to the ‘next-step’ overly focusing on comparisons with other members of the infosec community. Staying grounded is important and using self-awareness and reflection to identify areas for steady development; but not at the detriment to your own well-being or the people around you.

Sending out a thank you to Chris for drawing further attention to both the issue of misplaced searching for ‘passion’ and also to the dangers of trying to be in that 5% of practitioners who truly are exceptional but who also often sacrifice other areas of their life to fuel their passion.

Continue Reading