Most companies are aware of the cybersecurity “skills gap.” The demand for specialized cybersecurity expertise significantly exceeds the available supply. As a result, companies commonly struggle to find the talent they need to fill critical security roles, leaving them potentially more vulnerable to attack. This challenge is exacerbated by the fact that many companies are seeking specialized expertise or professionals in a particular phase of their career. Many organizations are looking for mid-level security professionals. These mid-career professionals can bring immediate value to an organization and grow with the company and provide a solid return on a company’s investment in them.
As cybercriminals amplify the volume and sophistication of their attacks, filling open cybersecurity positions must be a top priority for all organizations. However, attracting and retaining this talent can be difficult with stiff competition for a limited pool of security professionals. Overcoming the cybersecurity skills gap requires a different approach to recruiting. The following four best practices can help organizations fill crucial security roles.
Accommodate Reasonable Requests for Remote Work
The COVID-19 pandemic normalized remote work and demonstrated that many jobs could be performed remotely, even in the cybersecurity industry. While businesses are looking forward to the return to the office, employees and candidates are not always as keen. Enforcing on-site or hybrid work has a significant impact on the pool of candidates and talent that an organization can attract.
IT and security teams have the technical knowledge to communicate effectively using online tools and may prefer to do so even if they are all in the office. If a role doesn’t require physical access to on-site resources, posting it as hybrid or remote may attract a larger and more diverse pool of candidates.
Ensure that Job Postings Fit the Position
Often, the requirements in cybersecurity job posts are aspirational to the point of absurdity. The listed qualifications for a role may include the skill required by an entire IT or security team, not a single position. In some cases, postings may require more years of experience with a tool or technology than the time it has been available. These job postings make it more difficult for an organization to fill critical positions. Qualified candidates may not apply to a role where they lack all the required skills, and postings with unrealistic or impossible requirements may turn off candidates.
When developing a job posting, have it double-checked by the hiring manager and team members to ensure that it accurately describes the role. Recruiters should also keep job descriptions simple and focus on corporate culture and growth to help an organization’s postings hold candidates’ attention and stand out from the crowd.
Hire for the Network, Not the Role
Often, hiring processes are focused on filling a single requirement. The hiring team looks for a candidate that is the perfect fit for a particular role and then moves on to the next one. However, with the current state of the cybersecurity job market, many of the potential candidates that an organization most wants to attract aren’t actively looking for a new position, and likely aren’t seeing a company’s job posts.
Instead of trying to fill cybersecurity roles one at a time, corporate cybersecurity hiring should focus on future growth. Often, the types of cybersecurity professionals that an organization is looking for have connections within the industry. These connections can help the company grow and fill key roles in the future. An employee with a large following on LinkedIn and other social media sites who shares a job post can get it in front of qualified candidates who otherwise would not have seen it.
Referral programs work both ways, helping make matches between a company and a future employee well-suited to the role. Hiring a well-known and respected professional provides validation to potential candidates that a company is doing valuable work and worth working for.
Move Beyond “Spray and Pray” Recruiting
For some positions, creating a job posting and collecting several dozen applications nearly guarantees that an organization will find a qualified candidate. However, companies are commonly seeking a specific set of skills and levels of expertise for security roles. Recruiters must take a more active role in identifying potential candidates that fit the requirements for these specific positions. They also need to be able to run complex searches on job boards and in an applicant tracking system (ATS) to identify professionals that may be a good fit for the role.
A recent study by MorganFranklin Consulting and Vaco found that the biggest roadblock to success in 2022 for business leaders across multiple industries was a shortage of qualified resources. 49 percent of respondents corroborated this sentiment. A further 36 percent said their top strategy for growth in 2022 was around talent acquisition, recruiting strategies and employee training. Companies looking to find these highly sought-after skill sets will need to take a step back, and examining their operating procedures to ensure effectiveness for future success.
Beyond proper management around in-office expectations, culture, and value add, the desire for others’ success over one’s own must be a daily consideration to retain the talent that companies spend so much time, effort, and resources to obtain. In relation to specialized tech and cyber skill sets, companies must consider current economic and market conditions that may outweigh some of what is discussed. With proper management and executive support, these factors and best practices can help; but it will take a collective effort to ensure a bright future for an organization’s attraction, retention, and promotion efforts due to the complexity of today’s hiring journey.