As a company owner or a Head of Security of your organization, you certainly know how difficult it is to do professional, high-quality cybersecurity talent sourcing. At this moment, governments, major utilities, global businesses, and organizations of all sizes and industries are getting increasingly concerned with cybersecurity risks and how security failures can result in compliance violations, brand damage, and economic fallout.
A slew of cybersecurity attacks has captivated the world’s attention. The rise of attacks and their shocking success rate in infiltrating massive networks also highlights the current cybersecurity talent gap worldwide. According to one study, there are nearly 465,000 vacant cybersecurity jobs just in the US alone. Where can all of these cybersecurity professionals be found?
Another study confirms this on a global level. Done by ISACA, the State of Security 2019 report points out the following:
- 69% of polled cybersecurity professionals are significantly (21%) or somewhat (48%) understaffed;
- 58% of them stated that their organizations have unfilled cybersecurity roles;
- 32% said it takes at least six months if not more to fill those positions, which is up from 26% reported in the same survey the previous year; and
- 82% of cybersecurity professionals have cited better financial incentives, such as bigger salaries and bonuses, as reasons for leaving their employers.
So, what should you do to attract experienced, top talent cybersecurity professionals to your company? And once you hire them, how can you retain these high performers? It can be said that many of them are still in school, pursuing an advanced degree for a related industry, or are working in some other field that can readily translate to cybersecurity expertise with time and training.
What this industry needs is a strategy to educate and attract the next generation of cybersecurity professionals. Investing in this talent pipeline today will pay dividends tomorrow, as new candidates will not only support ongoing projects but will be creating the future of cybersecurity. Aside from this, how can you properly attract and retain cybersecurity talent? Let’s find out.
Ready to start? Contact CIBR Warriors for the fastest way to qualified employees!
Look Beyond the Common Places to Find Top Talent
Experts suggest that companies should break away from standard recruitment practices targeting graduates from a select group of schools having what would be considered relevant degrees. They also recommend searching for talent in-house. More often than not, there are employees who are not currently working in cybersecurity but have skills sets applicable for the vacant job position. Apprenticeship programs are also a valuable source of top talent, as well as Bug Bounty, Capture-the-Flag, and other skill-based events, which are excellent places to look.
Don’t Ask for Candidates to Have Designated Skills
There is a false perception in the cybersecurity industry that you need to have complex and niche skills in order to do this type of job. But, the reality is different. Cybersecurity skills are not much different from what is needed to work with any technology. Think of it like this: if companies would only recruit talent from the same programs or those with similar curriculum, they would put themselves at a serious strategic disadvantage. Why? Because cyber attackers are not one-dimensional, there is no reason for cybersecurity professionals to be that either.
Look for Skills Beyond the Formal Education
It is always good to have employees who have been taught how to problem solve most of the known threats, but every company can benefit from a fresh perspective. Cybersecurity issues evolve with time, so you need a security team that can solve not just the problems of today but also the ones we are yet to face.
A smart recruiter will know not just to look for a person who will fill the position but also know of the strengths and weaknesses of their existing workforce and how new hires can make the most impact in making that team a whole lot stronger.
Train People Even After You Hire Them
Cybersecurity is a very broad term and involves numerous skills, therefore you can probably find great talent, but it’s nearly impossible to find the exact fit. That is why you should avoid pigeonholing by insisting on very specific cybersecurity skills when seeking candidates. If you invest in in-house training or send employees to specialized cybersecurity training, eventually, you will turn the good candidate into the perfect fit.
Think of Diversity
Diversity as an issue has been plaguing the technology community for years, and cybersecurity is no exception. For instance, according to TechStudy, women make up only 11% of the global IT security workforce. There is simply no reason in 2021 that cybersecurity companies can’t solve this genuine business problem.
Military Veterans as New Cybersecurity Professionals
Did you know that the vocabulary used in cybersecurity is borrowed from military terminology? This means that military candidates have the language and training to lend themself to cybersecurity. Even cybersecurity incidents read like tactical handbooks – breach, reconnaissance, exfiltration, etc.
However, this goes deeper than just understanding the language. Military veterans also have the training and instincts to protect sensitive information. Hiring a couple of military types works well for the company brand too. Having them in executive roles can make your company more attractive to other cybersecurity professionals.
Don’t Be Stingy With Salary
Salary alone may not be the only reason for top talent to choose your company, but that doesn’t mean you should be stingy. A lot of cybersecurity professionals want to work in exciting and challenging companies, and most of them know how in-demand their skills are and are aware of their worth. It is wiser to pay one and a half, if not twice, what you pay other IT roles in your company to land a top talent who will be vital for protecting your data and defending it against crippling attacks.
Interact With Talent on Their Terms
While you want to be on websites frequented by cybersecurity talent, you also want to avoid heavy sales pitches, gimmicky actions, and obvious marketing ploys. Most of them will see right through you, and you can even risk getting blocked or banned from those sites or forums.
What you should do is engage with them as a peer or even enlist one of your existing employees to do some outreach. If you can offer a good place to work, challenging problems, autonomy, and a decent salary, you will attract the attention of the right people. You can also post company videos, job listings, and webinars that highlight your products and areas of expertise, or participate in cybersecurity conferences. Think of it like this, anywhere cybersecurity talent goes, you will want to be there.
Be a Thought Leader
Get your people to meetups, conferences, and hackathons and regularly blog about cybersecurity issues to stay on top of the most important and pressing industry issues and vulnerabilities. If you position yourself as a thought leader by sharing how attacks can affect the industry, what kind of skills and experience are needed to defend against cyber attackers, and more, you will start the conversation with other professionals and stay in touch with them.
Demand for skilled cybersecurity talent is growing every day at an astonishing rate, but the supply isn’t keeping up with it. That is why using the same old talent sourcing, and recruiting techniques will not work for your company. What you need are smart tactics that can help you better attract and retain critical cybersecurity talent and skills.
You can also rely on the expertise of recruitment firms, but you should choose the right agency that can attract prospective candidates. As cybersecurity is a relatively new industry, some recruiting agencies are not knowledgeable enough about the latest trends in this industry and are thus unable to provide the right talent. That’s why, instead of working with general recruitment firms, you should engage with agencies that are specialized in the IT, technology, and cybersecurity sector. These firms have the right contact network and are crucial in finding those candidates with the specialized skill sets required for cybersecurity.
Hundreds of new candidates are looking for job openings every day, and CIBR Warriors are there to help you find the right one for you. For more help on advancing your career or finding a perfect candidate in IT and Cybersecurity, contact us. We’d be happy to answer your questions and provide you with the best advice for getting started.