BY: WILLIAM CHALK
Good cybersecurity talent is hard to find. With cybercrime damages expected to reach $6 trillion annually by 2021, the increased demand for qualified workers is putting pressure on an already tight talent market. As it stands, the lack of labor power in this sector may be the biggest cybersecurity risk of all.
It is estimated there will be upwards of 3.5 million unfilled cybersecurity roles by 2021, and 51 percent of companies currently reporta “problematic shortage of cybersecurity skills.” Finding experienced professionals with both the soft skills and technical knowledge to excel in cybersecurity is difficult, but actually retaining this top talent may be even harder.
Companies need talented cybersecurity officers to fight the rising threat of cyberattacks, so it’s understandable that organizations are concerned their technical skills gaps may leave them exposed. As the demand for cybersecurity talent soars and the supply dwindles, recruiters are discovering that the tried and true methods of filling other IT roles just don’t carry over into this field. To successfully attract and retain cybersecurity professionals, try these tactics:
1. Pay More
When recruiting experienced talent, marketing a position based on compensation alone is unlikely to draw reliable candidates. Given the number of opportunities out there, many professionals in advanced stages of their career will be more drawn to opportunities for exciting and challenging work.
While salary alone might not be enough to attract the right candidate, it is important to be realistic about compensation. Most workers in cybersecurity know exactly how in demand their skill sets are and exactly how much they’re worth. Be prepared to pay up to double what you might pay other IT roles for talent that is paramount to the business’s continued success and survival.
2. Keep Entry Requirements Flexible
Many employers won’t consider hiring a candidate without a bachelor’s or master’s degree. In cybersecurity, however, it’s important to determine whether these credentials are actually necessary. If a potential candidate can prove they are proficient in the skill sets your business lacks, they should enter the running regardless of formal education. Competitions like bug bounties and hackathons can be useful in identifying talent based on ability rather than institutional success.
3. Market Your Company or Client Effectively
In a saturated job market, you need to make sure your company or client stands out as an employer of choice for cybersecurity workers. Whether you’re recruiting for your own company or for a client, you must know the organization well enough to sell its unique features to cybersecurity talent. This might involve emphasizing specific tools or new technologies being used, explaining how the team has solved a particular security problem, or discussing how emerging security technologies are being integrated into the organization’s operations. If the company’s security team is in its infancy, pitch the challenge of building a system from the ground up.
If you need help sending the most powerful messaging, you might consider enlisting the marketing team’s aid.
4. Interact With the Community
When sourcing top-tier talent, it’s important to interact with the cybersecurity community on its terms. You want to be present on sites frequented by cybersecurity professionals, but you should avoid heavy sales pitches on those sites. Candidates in this sector differ from other IT talent in that their online presences tend to be much more cautious, more specific, and more secure. It is best to use the security professionals in your own network — such as your company’s team or your previously placed candidates — to do some outreach or put in a good word on your behalf.
If you’re focused on recruiting for the cybersecurity sector in the long run, it is sensible to attend talks, meetups, hackathons, and relevant conferences. Anywhere the leading professionals go, you should follow. Stay on top of the most pressing issues in the field so you can relate better to your candidates and establish more trusting relationships with them.
5. Engage Young or Entry-Level Talent
You may already have a wealth of fresh, eager, and intelligent IT talent working within your company. Don’t disregard the value of training and developing these individuals internally. Not only does this ease the burden of sourcing appropriate candidates, but these workers already know your systems inside and out. Partner with online or local cybersecurity training providers and send employees to relevant seminars and conferences in order to facilitate skill development.
It’s also sensible to reach out to individuals in other professions who could easily migrate to cybersecurity work. This could include law enforcement, communications, and accounting professionals. Looking at talent in adjacent industries is a great way to expand your available resources and source from less competitive markets.
While the cybersecurity talent crunch is a serious problem, it’s also a fantastic opportunity for employers and recruiters to refine their hiring strategies.
A key component of the battle will be defining, articulating, and marketing cybersecurity roles better. This will help attract the attention of both those who are new to the field and those who currently work in relevant adjacent industries. More investment in training for existing employees is also critical.
When hiring for cybersecurity roles, patience and creativity are key. Everyone is competing for the same pool of talent. Finding unique ways to catch the attention of cybersecurity professionals can be challenging, but the effort is well worth it.