Insights from a CISO: What I look for when hiring new talent

Hiring cybersecurity talent is one of the major challenges faced by CISOs across the industry. Reaching the right people, developing an attractive job proposition, and then retaining those people long-term is essential for the effective running of any cybersecurity team – and when the demand for cybersecurity professionals outstrips the supply, it’s not easy to make sure your team is equipped with the right skills at all times. 

We asked Max Imbiel (CISO at Bitpanda) what he looks for when hiring in the crypto security space – and what he thinks any cybersecurity professional with an interest in fintech or cryptocurrency should learn. 

Here’s what he told us. 

As a CISO, what are the key criteria you focus on when you're looking for new cybersecurity talent to add to your team?

“There are of course multiple dimensions to this task of hiring talent:

• Do I have the right inclusive wording and definitions on the application form?
• Do I need someone with experience in a certain area or can they be trained on the job?
• Do they fit our team and company culture?
• What are their ambitions? 

“So for me the person behind a profile is always more important than just the skills and certifications.”

And speaking more specifically on security for a crypto platform – do you prefer hiring professionals with cryptocurrency experience, or is that not important?

“It is of course a plus if you can speak the language of our business. But I also believe that if you are willing to learn the ins and outs of it, you can do so best on-the-job.”

If you were giving advice to someone at the early stages of their cybersecurity career who wanted to work on security in the cryptocurrency space, or in fintech more broadly, what would you tell them to do/learn/experience?

“So if you want to work in crypto or fintech, rest assured, at some point in time it will be necessary to be audited and under very strict regulatory requirements. 

“This will result in a lot of documentation, establishments of defined processes, risk assessments on new developments, strict rules etc. 

“This will be of course beneficial and needed for these companies to grow into the mature financial institute they want to become. But it will be different from a tech startup where enterprise decisions can be made quick and dirty.”

What are the key pressures that security professionals face in fintech right now?

“Most certainly right now it is DORA, the Digital Operational Resilience Act which is coming into effect for (almost) all financial institutes in the whole European Union on January 17th 2025. 

“DORA introduces a lot of regulatory compliance requirements for boosting and adhering the resilience of a financial institute, and by doing so EU-wide and enforcing it also on the IT-suppliers of a financial institute, it will serve as a formidable blueprint in actually improving and strengthening the resilience of our European financial markets.”

Finally, why are events like Black Hat MEA valuable to you and your work? 

“Events like Black Hat MEA are highly valuable for us security professionals, learners, beginners and leaders – because they provide us with this dynamic and unbiased environment where we can talk, exchange, share and learn from and with each other. I highly value events like this and encourage everyone to join them to their best capability.”

Thanks to Max Imbiel at Bitpanda. Join us at Black Hat MEA 2024 to learn directly from the world’s leading cybersecurity experts.