Many of the challenges firms face when filling cybersecurity positions can be traced back to the job description. Cybersecurity job descriptions are notoriously difficult to write, yet they’re often the first impression a potential hire has of what it’s like to work for your company. With a lack of industry-accepted terms for jobs and roles, writing a clear and comprehensive job description can feel like stumbling in the dark.

The tight cybersecurity job market and well-publicized skills gap certainly make cybersecurity hiring more difficult, however, there are small steps companies can make to improve job descriptions and hiring success.

1. Get the Right Title

Say for instance your company is looking for a security engineer. Here are some of the subcategories that land within that title.

You can see the difficult situation many managers and HR departments find themselves in when crafting a cybersecurity job description. If you can’t settle on whether you need a security architect, cloud security architect, or information security architect how are you going to find a candidate?

When deciding on a job title, do some research within the local cyber community. What other titles are companies using for similar jobs and responsibilities? Is your company committed to having unique job titles? It might be time to compromise and use a job title that more accurately portrays the role

2. Communicate a Realistic Understanding of the Role

Ascribing to a common language is the foundation of all human relationships. To reach the best candidates and easily communicate your position requires you use the language people within the cyber community are speaking. You’d be surprised how many HR recruiters and hiring managers have no idea what some of the terms in their cybersecurity job descriptions mean, even though they wrote them!

Experienced cyber professionals also know enough to steer clear of poorly conceived job descriptions, especially those in which job requirements don’t track to the title or are a laundry list of job requirements, clearly indicating the new hire will be asked to do two or more jobs. Knowing what you are asking for and having an understanding of the terms being used in the job description will elevate your cybersecurity job description and show your company is serious about cyber.

3. Emphasize the Benefits

With so many open positions in today’s job market, the best candidates are oftentimes people who are already employed, but open to a change in employment. These passive job seekers are skilled, but also savvy. If they are going to make the effort to change jobs, there must be benefits, such as higher pay, more remote work from home, or a shorter commute. Here are some ways you can quickly communicate why your job is better than theirs.

4. Don’t Go It Alone

We get it. It’s not always easy to ask for help, but when a position has gone unfilled for six, seven, eight months on end, the problem might require outside expertise. 

Staffing agencies are a common solution for companies who need to fill a position fast, but this has its drawbacks. Recruiters may return a list of candidates we would categorize as “warm bodies.” Instead of truly talented cybersecurity personnel, they show you resumes from people who are under-qualified or work in an unrelated area of cyber. Many staffing agencies are generalists and have a lack of understanding of the industry. Using a firm without expertise in cybersecurity won’t get you good candidates either. 

Look for a history of experience filling cybersecurity positions in your industry. These agencies not only understand the language, but also have developed connections that allow them to locate talented passive job seekers. Understanding the current cybersecurity landscape, which companies are flourishing, who’s happy and who is not is essential. 

Another advantage agencies that specialize in cybersecurity bring are tools that help HR personnel and hiring managers find the right match without a recruiter. Programs like CyberSN’s cybersecurity jobs platform offer tools and templates to build job descriptions specifically targeted toward people in the cybersecurity industry for free.

Bottom line: an agency that has expertise in cyber can communicate your job more effectively, resulting in a better slate of candidates and ultimately filling that position faster.

There’s been a lot of buzz in the media in recent years about a cybersecurity staffing shortage. While it has certainly been a challenge for some companies to fill their cyber teams with great talent, CyberSN President Mark Aiello points out in his recent piece in Forbes,Four (Self-Inflicted) Roadblocks To Finding Quality Cyber Professionals,” some of the struggles companies have could be of their own making.

“As a longtime veteran in the security recruiting game, I witness the perceived cybersecurity talent shortage affecting the industry broadly,” write Aiello. “At the same time, I also know that many of the biggest hardships organizations experience in building security teams are self-inflicted. There are many leaders who manage to attract and maintain stellar teams year in and year out in spite of the perceived shortage, and it's not due to sorcery.”

In his piece, Aiello discusses four common roadblocks and provides a clear fix for companies who are looking for a clear path to filling their cybersecurity roles. You can read Aiello’s full article in Forbes here and get more tips on how to ace cybersecurity recruitment on the CyberSN blog.

At CyberSN, helping executive and cybersecurity leadership build their security and sales teams is all we do. We’ve created an exceptional reputation for serving the cybersecurity community, and have earned the respect of hiring organizations and job seekers by delivering results that exceed their wildest expectations.

Cybersecurity professionals are not responding to job postings. Companies who are hiring in this area need a trusted expert to engage and attract high value candidates to your opportunity. It’s nothing personal to IT Generalist firms and internal

Talent Acquisition teams – they simply don’t have the network, expertise, or bandwidth to engage, attract, and secure passive security talent that a specialized niche expert has. It’s not possible!

Niche cybersecurity recruiting firms already have existing relationships in place with the talent you want to hire. And if we are not a 1st level connection to the candidate who is a dead ringer for you job, we almost always know someone who is! As an example, if I go to any Cybersecurity professional’s LinkedIn page, we generally have anywhere between 20-500 connections in common. This means that there is never a time where we are not able to get a personal introduction to, and have a live conversation with, anyone who is a potential fit for a hiring organization’s opening. Even if that person is not looking or hiring, at some point they will be, so there is value in them taking the time to build a relationship with us.


As we know, not all security professionals have a LinkedIn profile or care to be on social media, so our Founder and CEO, Deidre Diamond, has invested significant time, money, and resources to build a credible, high integrity brand in order to build the largest network of security professionals worldwide. As we scale our CyberSN organization and our vast Recruiting Partner Channel, we are building an army of talented search professionals dedicated all day, every day, to building real relationships, one person at a time, with security pros.

We are 100% dedicated to disrupting our antiquated recruiting profession, seeking to add immense value to the cybersecurity community, and changing the rules of our industry. Here are some ways we are serving the cybersecurity community:

  • We built JobBuilder™ a proprietary software product, created by security SME’s. This “job description creation and posting service” allows hiring managers and HR professionals to “speak the language of cybersecurity” when creating their job ads. This results in more candidates to each job, faster search cycles, and more accepted offers.
  • We have created strategic partnerships with all the major cybersecurity professional associations. CyberSN is a Certified (ISC)2 CPE provider and has partnered with ISSA, OWASP, ISACA, EC-Council, SANS, and many others for events and education.
  • Our company leadership is constantly speaking at industry events including: RSAC, (ISC)2 Security Congress, ISSA International, SecureWorld (several cities), AppSec USA, Cyber Security Summit USA events, IoT Symposiums, Women in Cybersecurity (WiCys), Hacker Halted, and various BSides chapters, along with many regional and local events.
  • We continue to create research studies and white papers that speak to the critical challenges in our industry, such as our 2017 study “The Cybersecurity Hiring Crisis: A Research Study”
  • We are developing a real-time salary calculator tool that will be available to the community in 2019!
  • We contribute to leading cybersecurity industry publications like: ITSP Magazine, Dark Reading, CISOMag, CXO Magazine, as well as other books, blogs, and publications.
  • We participate in countless security podcasts and webinars.
  • Deidre has established the non-profit, #brainbabe, to address the shortage of women in cybersecurity and the number of open jobs in our industry. #brainbabe also organizes events like the Day of Shecurity Conference series, and provide services to the community such as the STEAM-Conference Connection, which staffed booths with student at RSAC.

By continually investing in ways to bring value to the cybersecurity community, passive candidates reach out to us so they are on our radar when that “ideal” position comes up, and because we take the time to get to know them in advance and actually understand that that means to them, we can do exactly that!

Based on Chenxi Wang’s “The Cybersecurity Hiring Crisis: A Research Study”, the average length of time a job remains open before engaging an external firm is between 4-9 months. CyberSN’s average time to fill from intake to offer is 1.5 months. Thus, my next article will explore the question “How much money are you saving by not engaging an expert?!”