With a shortage of four million cybersecurity workers, we need to get more creative in identifying non-technical skills among potential candidates that can be applied to the cybersecurity realm. One way is to test them for aptitude and personality traits, like the career planning tests I took in college.
That’s what the University of Maryland did when testing hundreds of participants working for multiple agencies within the Department of Defense. Testers used the Cyber Aptitude and Talent Assessment (CATA) by Haystack Solutions that evaluates critical thinking, deliberate action, real-time action, and proactive and reactive thinking. Then it maps results against four security domains: offense, defense, analytics/forensics, and design/development.
Pulled from the article, this is what I found most interesting: “Many of the test subjects were determined to be creative thinkers who scored low on many tasks but who performed well in crucial areas such as “Need for Cognition,” “Need for Cognitive Closure,” and “Pattern Vigilance,” and so were well suited for and chosen for cybersecurity roles for which they had not previously applied.”
These are candidates that would have been passed over, but who are suited for very specific cybersecurity needs. They just need training and encouragement.
This type of CATA testing may also be helpful with another overlooked group: The neuro-diverse, such as people with Asperger’s and other forms of autism, which large companies like IBM and SAP are tapping and nurturing through programs like SAP’s Autism at Work program.
I may even ask to take the test myself so I can see what type of SOC position I’d fit into, just in case my industry analyst career takes a nosedive.

Deb Radcliff, Strategic Analyst at the Cyber Risk Alliance’s Business Intelligence Group, was the industry’s first investigative reporter to make cybercrime a beat in 1996. She then led the SANS Analyst Program for fifteen years before authoring a top-selling cyberthriller, Breaking Backbones, and joining the CRA.

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.
We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.
Back to Top
RSS Feed RSS – Posts


Leave a Reply