With more than 3.5 million cybersecurity jobs unfilled this year, it’s more vital than ever to recruit and retain information security professionals. That’s why knowing where to look for talent, how to evaluate it, and how to retain it is so important. Several variables, including how the business fills jobs and external events beyond the industry’s control, are contributing to the skill gap. In addition, there are holes in the talent pipeline. Every corporation is now a technology company, according to the new reality. With that comes the risk of ransomware and phishing attacks, as well as the requirement for security professionals to deal with them. Top cybersecurity professionals offer what you need to know about recruiting for your modern cybersecurity team, as well as advice on how to put together a strong team.
In today’s remote work cybersecurity recruiting, there are a few key factors I have written in this article for every hiring agency to consider.
Get Serious About Training
Employers are searching for people who have technical abilities that are either not taught in higher education or are not taught at all. Many high school programs exist to encourage young people to pursue careers in the sector, but they are not linked. There’s a disconnect between those programs and colleges and universities. Furthermore, there is a misunderstanding between schools and universities that produce students and employers who hire them.
Look for Talent in Places Other Than the Typical Prospects
Recruiters must move away from recruitment practices that consistently target graduates of a finite number of institutions with a finite number of majors. Capture the flag, bug bounties, and other skill-based activities are also ideal places to look for top-notch security candidates. These are the areas where recruiters should look for people with the talents, agility, and perseverance. Organizations should also not be afraid to recruit talent from larger competitors. Red Canary for example has had a lot of success hiring analysts and senior analysts from larger organizations, where they learned best practices, for operations roles like detection engineering and incident handling.
Require Candidates to Have a Broad Range of Abilities Rather than Specific Ones
The industry has a perception that cybersecurity is difficult and necessitates specialized knowledge. The skills required for cybersecurity are used in all interactions between humans and technology, as well as between technology and technology. Due to preexisting notions about what constituted a security professional, security teams have resembled each other for years.
Look for Abilities That are Relevant Outside of Formal Education
Some of the finest cybersecurity specialists lack formal cybersecurity schooling and what they excel at is innovative problem solving. They approach problems with fresh eyes. Soft skills are also vital for a candidate to possess, but they are unlikely to have been learned during their academic education. There’s essentially nothing given in soft skills like communications, business writing, leadership and critical thinking. It also helps if a job seeker has a mindset of a hacker. This is a way of thinking that believes any structure may be hacked. They understand that opponents have an infinite amount of time to find vulnerabilities in one’s defenses. According to Niggel of Okta, a clever security analyst enjoys disassembling things to figure out how they work, or can look at a technology and wonder how it could be attacked or subverted to accomplish something it wasn’t planned to do.
Be Willing to Train New Hires Once They’ve Been Hired
It can be a fool’s errand to try to locate the ideal applicant for a position. The perfect individual isn’t actually looking for work and in reality they could be non-existent. The willingness to train is critical, whether dealing with new workers in-house or sending them to external specialist security training.
Use Certificates to Provide Context For a Candidate
Certifications reveal what a candidate has learnt and how much time they’ve invested in self-education. That is valuable but needs to match with the complete story of the candidate. “A certification may not always be as valuable as the candidate’s experience.” Certifications demonstrate that a candidate was able to study for and pass a test of his or her ability and knowledge, according to Saryu Nayyar, CEO of Gurucul, a threat intelligence firm.
Make an Effort to Sell Your Job
Selling a job is crucial in a buyer’s market to satisfy manpower needs. That implies you must understand what attracts candidates and ensure that you can provide it to them. Cybersecurity professionals seek high-impact work and a commitment to ongoing training. “Once you have enough money, it’s all about challenging the job and investing in the candidate’s skills.
You need a strong leader and a mission that people want to follow to attract the greatest security professionals. Reduce hiring friction and broaden the pool of prospective candidates by allowing employees to work remotely or establishing a security center of excellence in a place with a large security workforce. Ensure that your company culture will reflect your hiring process. Overall, you must be willing to pay more for top individuals due to supply and demand.