Five Secrets of Information Security Staffing

At a time when working remotely is challenging existing security practices, cybersecurity and information security staffing remains a priority for many companies. Hiring freezes are being lifted or never even applied to essential cybersecurity positions. As hiring managers look to fill their teams at this critical time, they report that there doesn’t seem to be enough cybersecurity professionals to go around and are struggling to find qualified people.

CyberSN has been solely focused on the information security and cybersecurity industry since 2014. Founder and CEO Deidre Diamond saw a disconnect between how companies were approaching cyber talent and what skilled cyber pros were looking for. The mission of CyberSN is to take a different approach to fix a broken system and offer a range of services that match companies with the right infosec professional.

While most companies approach hiring the same way they’ve been doing it for the past decade or more, scrapping the old system to try something new has paid off—we can fill cybersecurity positions in under 39 days, compared to the many months it can take recruiters and internal human resources teams. Here’s how we did it.

Secrets of Information Security Hiring

  1. Posting Jobs Where the Cyber Pros Are
  2. Write Better Job Descriptions
  3. Know Where to Look for Infosec Pros
  4. Use Cybersecurity Experts to Find Them
  5. Refine the Infosec Hiring Process

Posting Jobs Where the Cyber Pros Are

Too often companies think they can throw a job description on LinkedIn, Monster, and Indeed and the resumes will roll in. Unfortunately, information security professionals aren’t always on these channels because they are suspicious of their ability to protect personal information. So then, where can you look?

What if there was a job board that was only for cybersecurity professionals? It’s a question we asked ourselves after hearing from companies about their struggle to staff their cybersecurity teams using traditional channels.

From our experience, we knew any job board would need to be:

  • Only for cyber and infosec jobs.
  • Focused on skills and experience.
  • Comprehensive, including desired salary and work location.
  • Anonymous to protect the well-guarded privacy of cyber professionals.
  • Free to use.

Using these requirements as a guide, we created the KnowMore job search platform. Today, it has profiles from thousands of information security professionals who are seeking work. Some are actively looking for a job, while others may be passively looking for a different opportunity, such as relocating or more pay.

We know how critical it is for companies to fill their cyber teams, especially today with so many emerging threats. To help companies connect with qualified cyber professionals, we recently launched KnowMore Community Edition as a free service, allowing them to not only search, but also post jobs for free.

How It Works

On KnowMore Community Edition, each professional fills out a profile based on the skills they have to offer. The profile also includes those “deal-breaker” aspects of the job that can derail hiring late in the process, like desired salary and work-life balance benefits. The profiles are confidential, stripping away the fluff that comes with a traditional resume to the most important metrics.

When you find a profile that sparks your interest, you reach out through KnowMore. The person behind the profile can opt to keep the conversation going, drop the anonymity, and connect via email or phone.

Write Better Job Descriptions

What if we told you there are information security professionals out there actively looking and the reason your company is struggling to hire them is because they look at your job postings and don’t like what they see?

The unfortunate truth is that many companies don’t know how to write a job description for cyber. They cut and paste requirements and responsibilities from old job descriptions that may not even fit the role. Other times they throw every possible dream attribute into the description as if they were looking for some unicorn cyber pro. When qualified people look at these kinds of job descriptions, they react with a hard pass.

We started looking for an efficient way for companies to build a better job description and stop disqualifying themselves the second they post an open role. The job description builder tool in our KnowMore platform asks questions about the role you are trying to fill and the skills needed to succeed. In under 10 minutes, you can build a job description that’s straightforward and speaks directly to cyber professionals using their language. The method gets companies beyond the buzzwords and breaks them free of the cut-and-paste job descriptions that are holding them back.

Know Where to Look for InfoSec Pros

Because many information security professionals stay clear of social media and mega job search sites because of concerns about privacy, companies are forced to get innovative when it comes to cyber staffing. Attending industry events, building a network in the industry, keeping up-to-date on emerging threats, and knowing how to “speak the language” are the best ways to recruit talented people.

But what if you don’t have the time for that?

In developing CyberSN’s menu of services, we saw that companies need insider knowledge in the cyber industry to recruit, but that few had someone internally who could offer that. In response, we developed Talent Scout, a staffing service that does the searching for you and provides a list of vetted candidates.

What you get with Talent Scout

  • A selection of professionals interested in your position.
  • Vetting of the professionals’ qualifications.
  • CyberSN’s insider access to the cyber industry.
  • Time saved searching job boards .

For companies that have a strong internal hiring process, but are struggling to identify interested cyber professionals, using Talent Scout can really expedite the information security staffing process.

Use Cybersecurity Experts to Find Them for You

The goal of any company should be to hire people who are not only qualified, but also love their job. It’s our goal too. But there are some factors that prevent companies from achieving it when it comes to information security staffing:

  • Companies can’t find cyber professionals that are both qualified and interested.
  • They find and hire someone qualified, but the person leaves in under six months because some aspect of the job isn’t the right fit.

Both of these problems indicate something broken within your cybersecurity hiring process. If this is the case, your company is not alone. Turning to outside help can not only help you fill the position, but also shift your hiring process so that you’re more successful in the future.

CyberSN developed our Engaged Staffing service to help cyber professionals find jobs they love and to make the talent search for companies easier. We’ve refined the process since 2014 and are now able to deliver professionals to you ready for in-person interviews in under 39 days. By getting to know your company and its needs, we can find skilled cyber professionals who also understand your company and are eager to work there.

Because cyber is a job seeker’s market, we also show your company how to present itself in the best light, from helping write a better job description to making a job offer.

Refine Your Infosec Hiring Process

For companies with a well-established hiring process in place, it can be difficult to make changes, let alone hire an outside recruiter. But there are ways to shift the information security process to get better results.

Seeking expert advice is the fastest way to improve hiring outcomes. A better understanding of the cybersecurity industry, cyber culture, and salary expectations give companies the advantage.

But how do you get that knowledge?

CyberSN’s expertise is one of our top features, relying on our team’s experience working in the industry. We saw that companies wanted to mine that knowledge to improve hiring at their own companies, so we made it a part of our services.

Our Strategy Consultation provides you with insights on building better job descriptions, right-sizing compensation packages, developing organizational charts, and understanding not just your company’s cyber needs, but also job seeker expectations in the workplace. A consultation includes talking with two of our subject matter experts—one specializing in cybersecurity and the other in cybersecurity staffing—about the problem areas in your current hiring process. You’ll walk away with a new hiring strategy targeted specifically at filling cyber teams.

As the only company focused solely on cybersecurity staffing, we know there are problems with the job search and hiring process that need addressing, but at the end of the day, it all comes down to people. Matching qualifications, certifications, and requirements is something anyone can do, but finding a professional with the right skills for the role, as well as the interest to invest themselves in your company, that takes a willingness to understand what motivates people in the industry. If your company is struggling to thoroughly address the challenges in information security staffing, it must be willing to do things differently.

If you want to know more about our innovative approach and the secrets to finding successful matches, reach out and talk to us.