Hiring cyber security professionals to fill current vacancies is one of the toughest and most important challenges we face when trying to build out a successful cybersecurity team. A strong team with a good bond is important and that can be hard to accomplish when supply is low and demand is high. The cybersecurity market quickly evolved into a global market over the pandemic and with work from home options available the competition for limited resources is fierce. This blog will look take a look at what you can do to stand out when trying to fill that vacancy and ways to think outside of the box to land that next hire.
The competition for professionals is real. ISACAs State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations survey of 2,000+ cybersecurity professionals found that 63% have unfilled cybersecurity positions while 62% have understaffed cybersecurity teams. 20% say it takes over six months to fill open cybersecurity positions while 60% report challenges retaining cybersecurity professionals.
I had the opportunity to bounce a few questions off my cybersecurity hiring resource (Pamela Menge from Fasken) to try and understand if this challenge was unique to cybersecurity and if so, why?
Pamela felt the challenge was a bit unique to cybersecurity due to the array of job opportunities within IT bringing forward many applicants that have a general IT background but lack the desired cybersecurity experience. This makes finding that perfect niche of education and skill set complicated, however a little less so if you’re looking to hire for a junior position.
In order to have the best chance at attracting top talent, you need to understand what motivates cybersecurity professionals, and what they’re looking for in an employer.
When it comes to hunting for a new career, training and professional development is a top priority. Being able to stay current, learn new technologies, attend conferences, network and obtain and maintain certifications are key factors to professionals when deciding what position is best for them.
One way to try and stand out from the competition is to offer Professional Development and Certification Opportunities. This could be onsite or offsite training opportunities, covering the cost of certification study materials, courses and exams and providing time for employees to learn, study and certify as part of their job.
Another opportunity to stand out from the others is to offer challenging work that aligns with their values and has brings a real-world impact.
Its very important to show how your position will challenge professionals and what complex problems they will be subject to. Think about including information around how their work will make a difference and a general overview of the problems they will be expected to solve. The pandemic seemed to heighten our sense of purpose and desire to make a difference and impact on society so highlight any areas where you feel your Environmental, Social and Governance (ESG) program stands out from the rest.
To have an effective and attractive job posting it needs to focus on the professionals needs. Focus on what they will get out of the position in addition to the duties and responsibilities. Put emphasis on where you feel you stand out, highlight your professional development opportunities, the complexity of the work, and how they will be able to make a difference.
Try and focus on the absolute basics of the job that must be done and not include a laundry list of dream tasks that could be done if the professional is bored one day. With this approach you can attract professionals that would pass on the position before as there was one or two duties listed that they’d never done before.
We all know that just having a great job posting isn’t enough. Wouldn’t that be nice. There are so many different ways to try to fill a position. Job posting sites, LinkedIn, recruitment agencies, conferences, word of mouth, networks, the list goes on.
Pamela makes sure that she utilizes all her available avenues when hiring. This includes posts to our company website, LinkedIn, and Indeed. Pamela will also utilize specialized IT recruitment agencies to help source professionals and always looks for employee referrals. The use of recruitment agencies has provided a lot of success due to the network of strong candidates they have at the ready.
One approach that seems to have success is working closely with local post secondary institutions. You can sponsor a program, provide scholarships, teach sessions or offer on-the-job training. Any extra effort you put in at the post secondary level is sure to provide visibility to your organization and hopefully increase your professional pipeline by providing the opportunity to identify early talents as they’re maturing.
Another option that shouldn’t be overlooked is hiring from your Internal IT team. This is a method I have found success with in the past. You can be proactive and implement training plans that help identify promising candidates that could make the move into security. Utilize mentoring and shadowing to trial the role and see if it works for both of you. This can allow you to fill positions quicker, allows you to know the professional and how they would fit with your team, brings a knowledge of the organization and a background to any processes and politics and also brings multidisciplinary skill sets into the team.
If your IT team doesn’t have the right resources available to offer you can consider removing any degree requirements and looking at experience that isn’t cyber specific. This expands your professional pool and attracts individuals with education and experience but no degrees which can often be better as they bring years of on-the-job insights.
If you are going to think outside of the box to fill that role and considering recruiting from IT, or hiring a professional without experience and education then ensuring a strong commitment to training and development is very important for the future success of your team.
Of course, bringing talent in the door is only half the equation; keeping cybersecurity workers is the other part, and it’s equally challenging and even more important. The last thing you want to do is go back out to market again. A recent study from Clearance Jobs looked at reasons why cybersecurity professionals stay in their current positions. They found the top reason to be that they feel a sense of accomplishment from their work. Their work provides them with a sense of purpose and matters to their organization. They’re enabled to make an impact on the organization’s cybersecurity posture and in turn the organizations success. These are all very similar to the key components required to get the hire in the door. As long as you are genuine in your posting, uphold your end of the agreement and offer a competitive benefits and bonus package you will make increase your odds of retaining your talent.
Hope this blog helps provide some guidance and useful tips for filling those cybersecurity positions. Happy hiring and all the best for 2023!#SecurityProfessionals#Security#ServerOperationsandSecurity#InformationGovernanceorCompliance#Firm