The shortage of cybersecurity professionals has been well studied, documented, and publicized. According to ESG Research, 51% of companies say their organization has a problematic shortage of cybersecurity skills. The most well cited study on the cyber workforce shortage, by (ISC)², estimates that an additional 4 million more cybersecurity professionals are needed to defend organizations above the 2.8 million professionals worldwide currently working in the field. It’s an issue we’ve even talked about on this blog. Even in this current economic climate where all industries are facing uncertainty, the need for more cybersecurity professionals still exists.
The painful reality is that companies need skilled cyber professionals to tackle emerging threats efficiently. Companies are planning to spend more in 2020 on cybersecurity than they did last year, according to a recent report from ESG Research.
“Many organizations are in the process of reengineering their entire cybersecurity infrastructure in an attempt to improve efficacy, streamline security operations, and support new technology-driven business processes,” the report said. If your company is investing in its cybersecurity operations, it’s likely you will need to hire more people.
Let’s dive into each step a little deeper.
It’s simple supply and demand. When there are more open positions than people who are able to fill them, professionals can demand higher pay. To get talented cybersecurity professionals to work for you, your company will likely have to pay more.
We understand raising salaries can be an uphill battle at some companies. Wage growth has been sluggish even when there was record unemployment, so why would a company think cybersecurity professionals are any different? Now that the economy is facing an uncertain road ahead, some organizations may falsely believe that they have the salary negotiation advantage.
The truth is, the majority of skilled cybersecurity professionals are currently employed and earning good pay. To get one of them to leave and come work for you, you must offer a better opportunity, and that almost always includes better pay.
Because there are so few cybersecurity professionals out of work, even in the current economic climate, your company must also recruit candidates who are passively looking—that is, currently employed but open to other opportunities. To search for passive job seekers successfully, your company will need help from someone with experience in the cyber industry.
Companies that use internal teams for recruiting and hiring all face the same problem; it hasn’t worked great in the past, yet they keep doing it. Few internal human resources or recruiting professionals know where to look to find those passive candidates. When they do, they approach prospects with poorly written job descriptions that indicate your company communicates poorly or is expecting a new hire to do the role of two or more people.
Hiring an outside recruiter is another option, but competition will remain high and success rates mixed. According to (ISC)², one out of five people surveyed said they receive at least one recruiting contact daily.
Hiring for cyber can be so tricky; you don’t so much need a recruiter as a matchmaker. Hiring a company that specializes in cybersecurity staffing, that speaks the language and understands what you and the job seeker are looking for ensures a swifter and more efficient hiring process.
For example, CyberSN’s Engaged Staffing solution does more of the work for the company—finding interested and qualified candidates, vetting them for skills and qualifications, and prepping them for interviews. We even work with companies pre-interview to help them present the best image of their organization possible, from writing the job descriptions to preparing the hiring team for the interview. Companies that are serious about filling their cyber teams with skilled professionals know it’s key not to waste time on their own and to call for help when needed.
Resume algorithms are killing cybersecurity hiring. Too often the human resources department cuts and pastes requirements into a job description, eliminating dozens of potential hires before the company even posts the job.
People who enter cybersecurity don’t always follow a straight path. Many gain skills beyond certifications and degrees through experience. If possible, look for ways to bypass any systems that cull resumes based on educational qualifications and years of experience. Instead search for essential skills and a record of success. If you need help getting around algorithms, our job searching platform KnowMore can help. By building a professional’s profile that’s better than a resume, it helps companies and job seekers thwart the algorithms.
Attackers are always evolving and so should your cyber team. Without professional development to sharpen skills and understand emerging threats, you are not only leaving your team vulnerable, you are also sending a bad signal to future employees.
Ambitious and hardworking people are always looking for ways to improve themselves and take that next step, whether it’s running one more mile, learning a new language, or moving ahead in their careers. You want those people at your company, but without the incentive of professional development opportunities these talented cyber professionals will look elsewhere.
The cybersecurity workforce shortage poses challenges for companies, but is not insurmountable. Knowing where to look, what cyber professionals are looking for, and how to present your company in the best light will improve success rates. Companies also have to admit when they’re in over their heads. Cybersecurity is an essential part of business. If you’re continuing to search for cyber professionals without success, it might be time to ask for help.