Every business is concerned about cybersecurity these days. That’s because every business uses technology in multiple ways which means they are open to security breaches of all kinds. Whether it’s a simple backup of data and critical information in case of power loss or system failure, or hacking, malware, viruses, or other deliberate attacks, every business must protect itself and its customers from these threats.
As the importance of cybersecurity has grown, the need for skilled professionals is increasing. For now, and the foreseeable future, demand outpaces supply. You may already know this if you’ve tried to fill a security position. The labor pool is tight and it’s a real challenge to find and hire the people you need. It’s probably only going to get worse. Traditional recruiting isn’t going to fill all those open positions. For those in need of different strategies for success, there are several things you can do that will help.
Hire and develop young, emerging talent. Recruiting at colleges and universities is a standard practice. Make sure that you are looking for those graduates who are already interested in cybersecurity. More and more students are focusing on this area as the career opportunities have increased. Once you hire them, make sure that you are nurturing their interest and helping them grow as cybersecurity professionals. Developing your own talent can be one of the best ways to ensure you have the cybersecurity personnel you need for the future.
Highlight your company culture and the work they will do. People want to work on interesting projects and do meaningful work. Make sure that you are showcasing these things. Tell potential employees about the kind of cybersecurity projects they will be working on. Show them how their work will impact the company, customer, and community. Highlight cutting edge technology or frontline threats. Show the importance of their work. Making this kind of connection can help you recruit the talent you need.
Consider not requiring a bachelor’s degree. Relaxing requirements to capture those with experience but not education can expand the available talent pool. It’s long been true that there are many people who take non-traditional paths to IT knowledge and experience. Not all talented people go the traditional 4-year degree route but their real-world job experience often makes them equally knowledgeable. A robust interview process will allow you to evaluate a candidate and should provide data to make good decisions. A degree, which measures a certain kind of knowledge and achievement, is not always a good predictor of on-the-job success.
Invest in training your current employees. Look to your existing staff and turn them into cybersecurity experts. They already know your company and you know that they are a good worker and worth investing in. Not only does that make it worth the effort but it can actually be a real advantage to move into cybersecurity after working in another sector. For example, data analysts often make excellent security professionals since data plays an important role in recognizing certain threats or weaknesses. For many industries it may be better to find someone with deep healthcare or manufacturing experience who has the potential to grow in a cybersecurity role.
Expand the talent pipeline. Look outside of traditional tech and hire people from other backgrounds. Again, this experience can actually contribute to them being a better security professional. Recruit at colleges but in this case look to the many new programs that are designed to give people basic security knowledge to build on their existing experience and education. These programs can take a successful worker from another industry or tech area and transform them pretty quickly. Again, significant industry or other specialized sector knowledge may be more difficult to replicate or train for than cybersecurity skills. Remember, it may be better to train someone who knows your industry than vice versa.
Be a thought leader on cybersecurity. Attend conferences, write blogs on the topic, join industry groups, and participate in hackathons. Be a leader AND interact on their terms and locations. Some may be more traditional, others may require thinking outside of the box, but “walking the walk” can help you find and attract security professionals and position your company as a place where they want to work.
No one thing is going to magically make enough cybersecurity professionals appear and solve all our problems, but doing nothing won’t get your position filled either. Taking steps on a number of fronts can help increase your ability to attract those that are out there and help you train and create the next generation of cyber professionals.
Looking for a staffing firm that understands how to find hard-to-source candidates? Contact us.