Let’s talk about cybersecurity.
You probably know what it is by now; it’s had plenty of media coverage in recent years with many big companies, such as Equifax, Yahoo and Adobe, falling foul to breaches and attacks from ever-present hackers.
But in case you’re still unsure, cybersecurity - as defined by Digital Guardian - is “the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorised access.”
The global cybersecurity landscape
Cybersecurity is definitely an area of focus for most countries. Hackers are becoming smarter and more technologically advanced, meaning the threats they carry are developing at an alarming rate. And with many workforces around the world working from home more frequently, the greater range of technology and software used has resulted in organisations finding it harder to keep tabs of what their employees are using, meaning threats have become even more diverse.
In reaction to this, governments and countries have pledged to take action. For example, the U.S. under President Biden has allocated $9 billion for upgrades to technology and to boost cybersecurity recruiting.
This is all well and good, but setting aside money for hiring is only worthwhile if there is an abundance of people to hire...which, it seems, there isn’t.
After the high profile attacks that appear in the news, the next most reported aspect of the industry is the desperate shortage of skilled professionals available.
This scarcity of talent has negatively impacted global businesses in being able to keep their information secure (which is a serious concern with some hefty data breach fines waiting to be administered).
Despite more and more industries recognising the need for cybersecurity teams, there has been a lack of professional development opportunities for a number of years now. Add to that the numerous barriers surrounding diversity in the ‘cyber space’, and you have the perfect storm of monumental demand for miniscule supply - so to speak.
More often than not in cybersecurity recruiting, hiring someone purely on their technical abilities leaves a disconnect between the understanding of senior leaders and the actual capabilities of the business.
The leaders know that the organisation must be ‘compliant’ to avoid those hefty fines, but simply meeting the specifications for compliance does not guarantee appropriate levels of protection.
This is where having the right people (or person) is so pivotal.
If you hire someone who can communicate with leadership, display a solid technical understanding and think innovatively about security protection, then you’ve struck gold.
For example, a CISO who understands both sides of the story (executive and technical), should act as the seamless go-between for the cyber team and executive level leadership, accurately relaying where the most beneficial investments can be made.
Hiring and retaining cybersecurity talent
Whilst we have established that it’s a tricky market if you are hiring talent, it’s not impossible.
The obvious way to find this talent is to source those who are already fulfilling cybersecurity roles or by hiring graduates from specialist courses.
These are both valid options, but you can be sure that there are going to be numerous competitors vying for their attention as well. And after all, the candidate who is best on paper is not necessarily the best for the job…
So why not search in different areas? The access to remote talent means you can, in theory, hire someone who is based anywhere in the world. Look out for the key skills and traits such as:
- Secure software development skills
- Up to date knowledge of latest news and developments in cybersecurity
- Innovative and ability to attack problems from different angles
- Strong communication and collaboration skills
From a hiring perspective, are you unnecessarily restricting your talent pool by including excessive requirements when advertising a cybersecurity position? Especially at entry-level, these additional requirements will deter people who are suitably qualified for the job from applying.
Could you look to the freelance or contract market when hiring? CISSPs rank sixth out of the top 20 fastest-growing skills for freelancers.
By looking in the more underrepresented areas, you will not only find talented individuals, but you will also be contributing to building a diverse cybersecurity workforce - which will be an important part of the future safety of the world.
So you’ve found the person you want to hire. What now?
The first step is to ensure you are paying them in line with market expectations. If you’re unsure what salary (or daily/hourly rate if you’ve hired a contractor) should be, use our Salary Guide Calculator to find out what the industry benchmarks are for a range of cybersecurity roles.
You may also need to be flexible with the job requirements. Recruitment strategies have had to adapt over the past year, as job seekers have developed a desire to have more of a say over what their daily tasks entail. They have become accustomed to autonomy and flexibility, and you have to be able to offer an element of both if you are going to successfully hire talent.
In a candidate short market such as this, it’s all the more important to hang onto your talent once you’ve hired them. This is no mean feat as there will be plenty of other businesses looking for their skills and experience.
A recent survey by McAfee confirms this struggle for retention: Of 950 cybersecurity managers and professionals across the U.S., UK, Germany, France, Singapore, Australia, and Japan, 89% confirmed that they would leave their current role if a competitor came calling with the right incentive.
Alongside paying them appropriately and offering attractive benefits, investing in workforce training programs is probably the next most influential factor in terms of retaining your talent.
Upskilling is expensive for the individual to undertake on their own terms, so by pledging to their professional development and providing opportunities for them to improve their technical abilities over their career with you, you’re taking another long step towards keeping them on your team.
Do you need help with cybersecurity recruiting?
It is undoubtedly a challenging area for those looking to hire. That’s why expert insights and advice are all the more important.
With cybersecurity recruitment experts in many of our locations across EMEA and APAC, we are a global recruitment agency which means we are able to connect hiring organisations with a global talent pool.
Get in touch with us today, and we’ll figure out the best course of action for your hiring requirements.