Feature
#ELLIE • 9 min read

Ways to Assess Cyber Security Candidates for Your Team

With the cyber skill gap resulting in a shortage of 3.5 million cyber security professionals worldwide, finding and retaining valuable team members is no simple feat!

Candidate streaming tools offer serious peace of mind that you’re hiring the right people for the job. But they can also reveal skills that may not naturally present at the interview stage. After all, only some face-to-face interviews will include hacking drills, real-world scenarios, and branded learning paths that test someone’s technical proficiency.

Let's dive right in and figure out how to get ahead of the curve by ensuring new candidates and your team are up to scratch!

Why is a cyber security assessment important?

Defending your business from cyber security risks is incredibly important. From third-party exposure to cloud vulnerabilities, phishing, and ransomware, companies need to be highly vigilant when it comes to protecting their systems.

It's also quite sobering to realise that there has been a 205% increase in cyber-attacks since 2022. This figure is partly down to an increase in hybrid working conditions globally, but also because potential attacks are much more sophisticated these days. So, finding the most suitable candidates to protect your precious systems against malicious attacks is crucial.

While there's much to be said for fielding candidates through qualifications, real-world experience and a stellar CV are vital puzzle pieces. Plus, while you might get plenty of information from their resume, hands-on skills could be more challenging to gauge from a verbal interview.

Therefore, using a cyber security assessment tool is a GREAT idea. These tools allow you to select candidates with the correct knowledge levels for the job (while whittling down an overwhelming pool of options!) and can take the guesswork out of the hiring process.

What exactly does a cyber security assessment DO?

A typical cyber security assessment tool tests a mixture of the following things:

  • Technical skills
  • Interpersonal skills (AKA: soft skills)
  • Logical reasoning skills
  • Real-world competency
  • Response times

Although this is all beneficial information to gather about a candidate, an assessment tool also helps to mitigate any bias that might crop up during the employment process.

At TryHackMe, we’re all about giving you the capacity to create on-demand attack scenarios that provide the perfect environment to assess candidates.

Using these scenarios, you can determine whether your candidate has the correct technical skills to succeed in their role long-term. Whether they’re a prospective Tier 2 Analyst or a Red Team Operative, tailor-made assessments will show exactly how candidates perform under pressure. By hiring team members who understand the current threat landscape (and can prove it!), you can relax knowing your business is in good hands.

Ways to assess cyber security candidates for your team

Now that we've covered why you should consider using a cyber security threat assessment, let’s discuss the different methods you can use (and how TryHackMe can help!).

Reporting

Reporting is an excellent way to keep track of progress, giving you the power to assess potential candidates and existing hires. These reports show time spent on tasks, activities completed, and overall efficiency.

This data is currently only available for custom learning paths and assignments. But we honestly think that's part of the charm. These custom learning paths directly apply to your business's needs!

Plus, you can filter your reports by time spent on specific content, room completion, or questions answered to get a decent overview of a candidate’s ability. To sweeten the deal, you’ll be able to track a user’s activity and track just how motivated they are to complete their tasks.

If that wasn’t enough reason to give things a whirl, being able to set specific assignments with accurate reporting lets you focus on current and rising issues. You can even create a custom room from scratch to set as an assignment, which can even be used as part of the interview phase or an assessment of skill!

What if I’m looking for a cyber security performance management system with a hint of fun?

If you want to motivate and manage existing hires, try Capture the Flag. Designed to strengthen collaboration and compare skills, our CTF builder lets you choose super-relevant challenges to test your team. Best of all, you can even handle this remotely if you're a hybrid team!

Creating a branded learning path

We’re not here to say that a general cyber security assessment won't do the trick when you're hiring. But if you're looking for a belt and braces approach, you should create a custom learning path to suit the team you're trying to assemble.

A custom path offers a training program tailored to your company’s systems, needs, and concerns. These branded learning paths also allow you to challenge existing hires with difficulty rooms that reach "insane-level". By challenging your team and creating the testing rooms yourself, you’ll be able to pinpoint weak spots in your current cyber security approach.

Although you can create a specific learning path from scratch, you can also utilise an existing TryHackMe learning path. This allows you to find the skills you're looking for without pouring time into creating and monitoring rooms.

And if you're looking to target specific candidates or skill sets? You can share carefully designed learning paths and assign them directly to users.

Top tip!

If you need more clarification on the technical side of setting things up, check out our handy guide on creating learning paths. The step-by-step approach lets you set up a path for an easy start with a custom design or a selection of tests from TryHackMe’s existing library.

Creating practical tasks

Although you can create branded learning paths that provide an excellent overview of someone’s general skills, TryHackMe's pre-designed, practical tasks let you assess interview candidates for specific skills. And when you’re dealing with the day-to-day running of your business, having an assessment ready to rumble is a huge aid.

We’ll preface this section by saying that most promising candidates will probably be reading up on the industry's latest info before the interview stage. So, they may check out resources like OWASP's Top Ten and the CVE database for publicly disclosed industry vulnerabilities that could impress you!

However, creating practical tasks with a cyber security assessment tests this knowledge. And that’s where the business side of TryHackMe comes into the picture. This customised training allows interviewees to practise their skills with hands-on exercises and realistic vulnerabilities.

Gone are the days of setting up a scenario in the interview room and asking how a candidate might solve the issue. These practical tasks allow candidates to show you how they’d tackle potential attacks. If the candidate proves promising, you can move them on to a branded model outlining company-specific threats.

What can my business tackle with practical tasks?

This list certainly isn’t exhaustive, but you can create practical tasks to test any of the following things:

  • Password attacks
  • Penetration testing
  • Offensive security measures
  • Evading security solutions
  • Exploiting active directories
  • Networking basics
  • Threat detection
  • Monitoring endpoints for threats
  • Incident response
  • Security operations
  • Malware analysis
  • Vulnerability management
  • Threat emulation

With learning paths stretching up to 64 hours and beyond, you'll get a comprehensive overview of any new (or existing!) hire’s skills. Oh, and did we mention that you'll have on-demand access to this expert content right at your fingertips? That's what we're talking about.

The main thing to remember here is that continuous learning is key in the cyber security industry. After all, there are approximately 2,200 cyberattacks daily, which will only become more sophisticated over time.

TryHackMe's practical tasks will give you indisputable proof that new hires can solve problems onsite, apply their skills, and tackle potential threats before they become an issue.

Using the Kirkpatrick Model

If you’re looking for an effective and efficient framework to assess your cyber security team, it's tough to beat the Kirkpatrick Evaluation Model. Professor Donald L. Kirkpatrick developed the model in 1959, and it remains a popular framework for evaluating training programs (and seeing how effective they are!).

For a bit of context, the model consists of four levels, each with a different part to play in the evaluation system.

Level 1: Reaction

This part of the model aims to determine how participants reacted to the training in place. As communication skills are essential in the cyber sphere, figuring out how engaged participants were can be extremely helpful. You can gather thoughts through direct questions or create surveys that cover everything from satisfaction levels to overall engagement.

You’ll be able to ask questions like this at the reaction stage:

·       How good/bad was the program?

·       How did you feel about it?

·       What did you learn?

·       Was it relevant to you?

·       Was the training worth your time?

·       What do you plan to apply to the job from the training?

·       Would you need any support at this stage?

Level 2: Learning

At the learning stage, you’ll create assessments or tests that will directly test the understanding of critical concepts. You'll also be able to work in best practices and specific technical skills if you use a customised, branded learning path with TryHackMe.

Level 2 is possibly the most critical stage, as it lets your candidates directly showcase their knowledge of modern cyber security techniques. You’ll also be able to better understand a candidate's short-term gains from any training processes.

During this point of the Kirkpatrick Model of Training Evaluation, you can also:

  • See how much your candidates got right or wrong
  • Directly track improvements and any new skills mastered
  • Measure progress using quizzes or post-module completion tests
  • Track improvements and achievements with achievement or training badges

Level 3: Behaviour

Once your candidates have started in their roles, you'll want to ensure your training processes reward positive behaviours. Beyond the initial reaction (Level 1) and learning stage (Level 2), it's essential to see whether skills have been retained. In short, can these candidates “apply” what they’re learning?

You can do this by:

  • Monitoring behaviour changes by checking adherence to in-house security policies
  • Checking threat response times
  • Uncovering how well they adopt data handling procedures

Although there are different ways to gather feedback at this level, observations, reports, and performance evaluations are most effective.

Level 4: Results

It's time for the moment you've all been waiting for – the results stage! At this point, you can fully evaluate whether your training model meets expectations or falls short.

Over time, you should be able to look at the following factors to assess HOW successful your training model is:

  • Reduction in security vulnerabilities
  • Improvement in the organisation’s overall security position
  • Fewer overall incidents
  • Less time taken to detect and respond to incidents that arise
  • Reduced dwelling time

If you compare pre-training and post-training data, you can accurately track employee (and candidate) improvements over time. You can use the training data you leverage to build a plan for the next, giving your company the power to measure what truly matters.

Oh, and by regularly running training programs, you’ll also ingrain the process into your organisation’s culture AND boost company-wide cyber security awareness!

What are the most important cyber security metrics for your business to track?

To round off our cyber security performance management rundown, let's cover critical metrics you may want to track. This is more relevant for training existing employees, but it's always worth being on the ball outside the hiring process.

The metrics to track will vary from business to business, but you can generally expect to track the following factors:

  • Level of preparedness
  • Mean Time to Detect
  • Mean Time to Resolve
  • Mean Time to Contain
  • First-Party Security Ratings
  • Access Management
  • Intrusion Attempts
  • Unidentified Devices on Internal Networks
  • Vulnerability Patching Rate
  • Security policy compliance
  • Non-human traffic
  • Phishing attack success

If you can boost security on these metrics, your chances of falling foul to a cyber attack significantly decrease. So, it can’t hurt!

Our final thoughts

We understand that hiring the correct candidates can be tricky for any business. But with adequate cyber security gap assessments in place, you can protect yourself against attacks.

While you can technically rely on internal security training, branching out with a branded learning path can save a lot of hassle. After all, a single team member is all it takes to circumvent (or cause!) a potentially detrimental situation. So, it doesn’t hurt to keep up to date with all the company-wide training options that are just a click away.

Did you know? There are currently over 570 organisations using TryHackMe to guide their cyber security training. Join our 2.6 million (and growing) platform users and get your team up to scratch with accessible, affordable, and engaging training that truly delivers.

Reach out to our team today!

authorBen Spring
Feb 19, 2024

Recommended

Get more insights, news, and assorted awesomeness around cyber training.

future-skills-for-cyber-practitioners-in-the-age-of-ai6 min read

The AI Shift: Skills SOC Analysts Need

introducing-the-new-tryhackme-management-dashboardBlog • 3 min read

Introducing the New TryHackMe Management Dashboard

soc-analyst-career-path-complete-beginners-guideBlog • 2 min read

SOC Analyst Career Path: Complete Beginner's Guide

Cybersecurity threats are growing, and Security Operations Centers (SOCs) are on the front line of defence. The people monitoring alerts, investigating incidents, and protecting networks are SOC analysts — one of the most in-demand roles in 2025.

Join over 640 organisations upskilling their
workforce with TryHackMe

TryHackMe for Business

We use cookies to ensure you get the best user experience. For more information contact us.

Read more