Cybersecurity is facing a recruitment crisis. There are currently 2.8 million professionals working in the field – far from sufficient given the ever-expanding cyber threat landscape. To meet the market’s true needs, ISC2 believes the cybersecurity workforce will need to more than double.
Companies have a number of options to overcome the cyber talent crunch, including integrating external providers who can provide specialist support. For those looking to boost recruitment in the new year, here are several tips to help attract skilled professionals, better manage existing talent and stand out in a job-seeker’s market.
1. Appeal to professionals’ sense of mission
Positions in cybersecurity are typically touted with high salaries, job security and career growth. While these are no doubt attractive, research shows that what is in fact more important to many is that their jobs are meaningful. According to studies, people are more likely to stay in their role if they feel they are making a significant impact.
Cybersecurity offers a world of opportunities to do just that. As headlines attest, public safety, national economic performance, data integrity, and even democracy itself increasingly depend on robust cybersecurity protection. Companies should consider what makes their particular niche valuable – whether it’s protecting sensitive personal information, maintaining privacy or ensuring safety on public transportation, for example – and highlight the individual impact a new recruit to your company can have.
2. Highlight new challenges
Cybersecurity professionals are by and large curious individuals who seek intellectual challenges. The most exciting job opportunities are those which offer the chance to trailblaze and to tackle difficult problems. Because today’s world is growing ever-more connected and because cybercriminals are growing more and more sophisticated in an effort to stay a step ahead, the field offers recruits plenty of opportunities to delve into new and complex challenges.
Though some areas of cybersecurity may seem more innovative than others, each company has its unique strengths. For those in relatively new areas like rail and automotive cybersecurity, the opportunities to innovate are clear, and recruits have the opportunity not only to apply their cyber know-how, but to learn about the unique needs of different industries. Companies in more established areas can emphasize the importance of finding new solutions for existing problems. By offering professionals the chance to be part of groundbreaking work, cyber companies show their talent that they aren’t just valued experts, but true pioneers.
3. Find creative talent sources
Some of the best talent can be sourced from the most unexpected places. It’s important not to bypass potential recruits simply because their background is not from traditional academic pipelines. At Cylus, for example, we often recruit from the Israel Defense Forces’ elite technology and cybersecurity units, where prospective recruits are trained in skills that can be applied to our business. Militaries throughout the world have veterans graduating from similar units.
But professionals can also be sought from a range of IT service industries and later trained to specialize, which is why employers should cast their recruitment nets as widely as possible. Those who have acquired certification on their own, for example, are a source of untapped talent. Ethical hackers could be offered training to focus on a new specialization. Employers should also consider opening up opportunities for jobseekers from other cities or even abroad. The short-term cost of relocation may well be worth the long-term benefits of landing the very best person for the job.
Additionally, networking and fostering strong relationships in the cyber community can be a powerful way of identifying top talent and finding new recruits.
4. Maximize internal talent
When recruitment is proving difficult, it can be beneficial to look within the organization and maximize existing employees’ untapped potential. For example, it could be worthwhile retraining people whose positions are becoming obsolete or offering new opportunities for progressive development to those looking to grow.
While this may not solve the skills gap at every level, it is likely to be suitable for many positions in cyber. This has the potential to not only fill gaps in the organization, but also to reinvigorate an existing workforce – encouraging staff retention in the process.
5. Integrate external service providers
Even when a company’s primary focus isn’t cyber, it still needs to recruit cyber experts to deal with the new security challenges facing that particular industry. In such cases, external service providers can be used to bolster an organization’s cyber capacity. Employees within the organization who are already adept at using the company’s cybersecurity platforms and who are familiar with wider internal operations can leverage their expertise to help integrate such external providers. This enables providers to quickly adapt to the specific needs of the company with minimal investment – thereby expanding the workforce beyond the office walls.
A New Year’s resolution: Acquiring cyber talent
Cybersecurity has the potential to make an enormous impact on almost every aspect of our lives. As companies vie for new recruits within a limited talent pool, they should lean into their advantages and highlight their unique selling points. 2020 is the year companies should resolve to expand their talent pool in order to take on the world’s next big challenges and help make it a safer place.