Building our unique security team

Not a unique challenge out of context of course, as scale is so often an integral part of recruitment. However, Form3 are building a sizeable security function relative to the size of the business, currently sitting at almost 9% and still growing! This is a real testament to the impetus that we put on security here. 

One of the ways I approached the challenge of bringing in so many talented security professionals was by cross-training some of our engineering recruiters, as there’s a significant overlap between the core technologies used across both functions. This enabled us to scale at pace and removed the stigma surrounding how “hard” security recruitment can be. I was also able to position our scale as a rather unique selling point, with most businesses our size having far fewer people in security! 

Here at Form3 our Security Team is split into 4 sub-teams, the largest of which is our Cloud Security Engineering Team. In most businesses, this team would be split across Application Security and Infrastructure Security, however up to this point Form3 have chosen to maintain a single team covering both areas and significant other ground too!  

Whilst this can often make searching for talent challenging, with a very broad set of skills and experiences to draw on, it has also provided an awesome selling point for those joining Form3 as there’s often a chance for them to remain engaged across the team’s wider responsibilities. Breaking the core role in the team (Senior Cloud Security Engineer) down into the key components of SSDLC, Cloud Security and Container Security has really helped to manage the complexity of searching for such a diverse skillset. 

This is a massive draw for candidates, so in some ways this wasn’t a challenge at all. But, as someone who previously did lots of work with large-scale organisations across the public and private sector, our use of such a modern tech stack (multi-cloud, K8s, Go) has been a huge learning curve for me when it comes to truly understanding this selling point and how to make the most of it. A real personal challenge! 

I’ve spent lots of time talking with stakeholders, as well as researching the technologies and how they interact. Being able to “talk technical” has always been an integral part of my identity as a recruiter and this challenge really gave me the opportunity to learn and expand my knowledge in one of my favourite areas.  

It’s also great to work with a hiring team who can appreciate the limited pool of talent with experience across our exact technical stack. Thanks to this, we’ve been able to create assessment processes that not only put emphasis on existing technical knowledge, but also on a candidate’s ability to adapt & learn which is something we consider equally as important! 

Overall, I’ve relished the opportunity and the challenges that building such a unique security team has provided. I’ve had the opportunity to work with some fantastic stakeholders and to deal with some of the best security talent out there, all thanks to Form3’s continued investment in putting security at the heart of what we do!