If you’re single—or remember the days when you were—you know how hard it can be to find the right person. Meeting people at work, the gym, or during happy hour might get you dates, but any initial chemistry you have can mask glaring incompatibilities. Online dating only began to gain popularity when the platforms provided information that different people looking for a relationship could use to better assess if the profile they were viewing was a good match for them.
Believe it or not, it’s been 25 years since Match.com began connecting people online, and the way online dating has evolved has not only revolutionized how people meet, fall in love, and hopefully maintain a lasting relationship, it has also revealed how important compatibility is to lasting happiness.
So what does this have to do with recruiting cybersecurity professionals? Same as dating, it’s about compatibility.
What Match.com, eharmony, and other similar online dating sites have in common is they let people view not just pictures of possible matches, but a whole menu of attributes, from where someone lives to interests.
Surveys of people who have used online dating apps reveal that this approach—searching based on metrics like location, career choice, and Zodiac sign (if that’s your thing)—works for the majority of them. A study by the Pew Research Center found that 64% thought dating apps made it easy for them to find someone who shares their hobbies and interests and that 61% easily found someone who was interested in the same kind of relationship.
The goal of the talent search should be to match skills and experience with your company’s needs. Resumes do a terrible job of showing employers what a person is really capable of. What’s worse, job descriptions often fail miserably at telling cybersecurity professionals what the organization is looking for.
Not only are organizations telling us they can’t find the right professionals using traditional HR recruiting methods, the cyber pros we know say it’s difficult for them to find a job that’s right for them! With a shortage of cybersecurity professionals, how could that be?
We asked ourselves the same question and believe it’s because the process is broken. There’s a disconnect between the way people are searching for work and the way organizations seek talent. We were tired of navigating around the problem, so we decided to do something about it. We created the platform KnowMore to let companies post jobs for free, as well as search cybersecurity professionals’ profiles based on the specific skills they need.
By taking the same approach that made dating apps successful, we knew we could make matching organizations and skilled cybersecurity professionals easier.
Diving deeper into how online dating could lead to better workplace happiness, we saw more advantages than just letting people search by attribute.
Back in the days when people asked each other out on dates in real life, choices were pretty limited. If the person didn’t live in your town or work with you, chances were you would never meet. Online dating opened a whole world of new potential mates but increasing the size of the pool from which you can search. You can chat with someone three towns over—or across the country—from the comfort of your couch.
Same goes for companies seeking talent. When you rely on the same local pool of candidates, you are limiting the possibilities. Even headhunting apps like Monster.com or LinkedIn are limiting, since many cybersecurity professionals stay clear of those sites. We liked the idea of having a platform that’s for cyber pros and those who have open cyber jobs, allowing them to connect wherever they are in the world.
When Gary Kremen first launched Match.com, he knew the key to the company’s success was getting women to adopt the platform. But as he gathered feedback from women about what metrics the site planned to gather, he found many of the questions and the way the answers would be displayed were concerning to women. It may seem quaint now in the era of social media influencers, but one of the biggest questions from potential users was privacy. They wanted to know, who would get to see my profile?
That’s something we hear all the time. Cyber pros who are thinking about making a change don’t because they fear the boss will find out about their job hunt. Having a platform that protects privacy encourages top talent to see what’s out there, but it also pushes organizations to look past more superficial aspects, like where someone went to school.
Because cybersecurity hiring is a competitive market, skilled cybersecurity professionals are looking for a job that’s going to be the right fit. This includes all aspects of the job, from the day-to-day work to length of commute, opportunity for growth, pay and stock options, and working remotely. KnowMore includes these key attributes, allowing job seekers to search jobs that offer the perks they’re looking for, and for organizations to attract top talent by including them in a job description.
Above all else, building a successful match-making platform—whether it be matching people looking for love or people looking for employees—relies on a sense of trust. Both parties must believe the platform will deliver a good match if it’s to work.
Companies searching for cybersecurity professionals have struggled in recent years because the platforms they use fail to deliver enough candidates that match what they’re looking for. They can no longer trust that the old way of doing things works when it comes to cyber hiring. We saw this as a big problem, holding back both organizations and professionals looking to advance their careers. We think we’ve come up with a better way, one that focuses on matching skills, needs, and work-life balance. Like we said, it’s about compatibility.
Have you heard about the workforce shortage in cybersecurity? Skilled cyber professionals are hard to find and desirable jobs at great companies are left unfilled for months. At least that’s what most tech staffing agencies will tell you. This mindset has infected too many companies, their HR departments, and the staffing agencies they hire, leaving cyber departments understaffed and companies at greater risk.
There is truth to the tight cyber labor market. The latest (ISC)2 report says global IT skills shortages have surpassed 4 million openings. But the lack of professionals is not the only reason companies are struggling to fill cybersecurity roles. The challenge has as much to do with the people doing the hiring as it does the people available for hire.
“I’m calling B.S. on the common belief that it’s a lack of security skills that’s causing these issues,” CyberSN President Mark Aiello wrote in Forbes. “From my professional experience, when I witness security people losing their jobs unexpectedly due to layoffs, restructuring or the like, it can take six months or more for C-level candidates to find a new position.”
In a market where cybersecurity expertise is in high demand, this doesn’t make any sense.
“These folks should be scooped up faster than an unencrypted database full of credit card numbers,” wrote Aiello.
The disconnect between hiring managers and skilled security professionals is at the core of most cybersecurity staffing challenges. The best way to bridge that disconnect is to work with a tech staffing agency that “speaks cyber” and understands the common problems that can derail the cyber hiring process to successfully fill your open positions.
Cybersecurity professionals are passionate about their work tracking down threats. They also know that most people have no idea what their job entails on a day-to-day basis. If you’re posting a job description that wasn’t written by someone within the cyber team, cybersecurity professionals can spot it from a mile away.
Bad job descriptions are not HR’s fault. Most people in human resources lack knowledge of cybersecurity roles and culture, so they use vague language or tech buzzwords that mean different things to different people. The result is a job description that’s nothing more than a long list of technical competencies, educational requirements, certifications, and job titles. When listed as iron-clad requirements, they unfortunately eliminate many talented candidates.
A cybersecurity staffing firm can quickly identify red flags within a job description and work with companies to define requirements, roles, and responsibilities that not only make sense to people in the cybersecurity industry, but also portray the job accurately.
Many IT or tech staffing agencies use the same tactics recruiters in other industries use, especially LinkedIn. They rely on generic IT searches to find cybersecurity specialists, not realizing there is a significant difference in knowledge base and skill set.
When it comes to finding great people, it can be difficult. Cybersecurity professionals are skeptical of social media and job search applications and their ability to protect personal information. When asked how to avoid risk when using social media, Ran Canetti, a Boston University College of Arts & Sciences professor of computer science and director of the BU Center for Reliable Information Systems and Cybersecurity said, the best solution is to not use them at all.
“This might cost a small price, but it’s more than worth it,” Canetti said.
If cyber professionals are not on LinkedIn or job search sites, recruiters who rely on these tools will never find them.
An agency that specializes in cybersecurity staffing knows the players throughout the industry, who is happy in their job and who is not. The recruiters put in the time networking, going to conferences and events, and making connections to develop a rich pool of connections they can tap when trying to fill positions for clients.
With 45 different different cybersecurity job categories, many more job titles, and no industry-accepted definition for any of them, general recruiters are already at a disadvantage before they get past the first line of the job description. Tech staffing agencies that lack cybersecurity industry know-how may not be able to identify talented people right for the role, but who have a slightly different job title elsewhere.
“Many companies get so hung up on finding the perfect candidate that they miss so many qualified individuals who might tick off five, seven or even eight out of the 10 skills listed as requirements for a position,” said Aiello. “In the time it takes to find these unicorn security professionals, a company could have hit the ground running by training someone who was 75% of the way there.”
Your company wants to fill open cybersecurity positions with less effort and in less time. If your internal team needs help and you want to take the search to a staffing agency, it will save your company time, effort and a lot of headaches if you choose a firm that knows the industry and can identify candidates that will fulfill your company’s most essential cybersecurity needs.
While demand for top flight cyber talent is hotter than ever, top line recruitment is often hindered by outdated and uninspired compensation planning. Let’s go inside the latest report findings from cybersecurity search firm CyberSN.
-This story was featured on HuntScanlon.com on January 3, 2018 –
Authors: Scott A. Scanlon Editor-in-Chief; Dale M. Zupsansky, Managing Editor; Stephen Sawicki, Managing Editor; and Will Schatz, Managing Editor – Hunt Scanlon Media with contributions from Deidre Diamond, Founder and CEO of CyberSN.com and #brainbabe and Veronica Mollica, VP of Cyber Staffing at CyberSN
In order to protect their companies, and in the bigger picture the nation’s national security, organizations must rethink – and raise – salary caps to hire top flight cybersecurity talent, according to a new report just released by CyberSN, a leading search firm in the field. Heightening the issue is an ever-growing threat of security breaches combined with a dearth of information about compensation for cyber roles, the firm reported in ‘The Cybersecurity Hiring Crisis.’
“What many organizations are failing to realize is that by not investing properly in cyber professionals, they’re sending the message that cybersecurity is not a priority,” said Deidre Diamond, founder and CEO of the international cybersecurity recruitment firm. This creates a retention and attrition problem that nearly eclipses the recruiting challenges faced by many companies seeking cyber talent.
“Organizations must be willing to invest in the critical roles that will keep their organizations up and running as the cyber industry continues to evolve,” said Ms. Diamond. “The best way to do this in a highly competitive market is to offer top compensation and benefits to attract and retain talent.”
As cyber threats change and become more complex, cybersecurity professionals are playing an increasingly vital role in their organizations. Their jobs, once considered optional, are now a mandatory part of ensuring that their companies’ critical data and processes are properly protected. Demand for such positions is at a record high – and keeping recruiters across the field loaded up with business. But talent supply lines have failed to keep up. There is, in fact, a projected workforce gap of 1.8 million cybersecurity positions, said CyberSN citing a recent (ISC)2 report.
For their study, CyberSN gathered information from across 53 organizations and 83 cybersecurity positions. The firm also conducted in-depth interviews with chief information security officers (CIOSs) and hiring managers responsible for recruiting cyber professionals into their organizations.
A Lack of Transparent Data
“Many of those we interviewed echoed a common theme – namely, there’s a gaping lack of security talent,” said Ms. Diamond. And, it is a problem that becomes more pronounced when organizations look to recruit more senior talent. “Now, more than ever,” said the report, “companies are competing against the likes of Netflix, Google and Facebook for high quality candidates.” The lack of transparent data around salaries is simply making it more difficult to compete with them. “In order to recruit more effectively for cybersecurity industry positions, there’s a clear demand for accurate information that includes real-time, market-driven compensation data,” according to the report.
A central issue is that many organizations equate cyber jobs to IT positions when it comes to compensation and benefits. Yet the roles are completely different. “Organizations look at cyber like they look at IT, yet cyber salaries are higher based on supply and demand,” said Veronica Mollica, vice president of cybersecurity staffing for CyberSN.
“Oftentimes, IT doesn’t want cyber making more because it becomes an uncomfortable conversation about why one person is worth more than another.” The result is a round and round discussion and no change in the status quo, she said. “The position can then sit open for six months or more before a search firm is engaged to help,” said Ms. Mollica.
In the end, according to CyberSN’s report, more than 50 percent of the companies polled had to increase their initial salary cap in order to hire cybersecurity talent.
Nor does it help that much of the information that companies use about cyber salaries is inaccurate or out of date. “Salaries change every day and HR leaders have had trouble staying current,” said Ms. Mollica. “We see quite often that cyber leaders don’t feel supported when they sit down to have these salary conversations with HR. It’s not a welcoming environment.”
Critical cybersecurity roles, meanwhile, go unfilled for too long. Organizations are reluctant to pay more and candidates tend to refuse to switch jobs for lateral compensation, let alone a lesser amount. “What we see happen is a job goes unfilled over a $10,000 difference,” said Ms. Diamond.
The truth is that money very much matters with these in-demand roles. Few companies outside of Google and Amazon can convince prospects to take a smaller salary by offering enticements like stock options, said Ms. Diamond. Most companies have no interest in paying up, but by denying that it’s a candidate’s market businesses are only hurting themselves, she said. “Why would you want to nickel and dime for the best talent?” she asked. “If candidates are interviewing with you, they are interviewing other places too.”
The cybersecurity salary cap issue is the result of both growth and the departure of employees, said Ms. Mollica, but less about what the previous person in a role was earning. “When somebody is in the seat, it’s a lot easier to get the cap raised by looking at similar roles in the organization,” she said, “but the people in the current positions aren’t earning market value. That’s a huge issue because HR sets salary by comparing the role to somebody who is being paid below market. Yet this is security.”
The Value of Breaches
Bad experiences, Ms. Diamond said, will ultimately be the key to change. More intrusions. More money lost. More corporate reputations damaged or destroyed. Sooner or later, businesses will learn that it is more cost effective to take preventive action than to suffer the consequences of a breach or a regulatory fine. “When I think about where we are today, it’s only the breaches that have gotten us the budgets,” she said.
Hunt Scanlon Media recently sat down with Ms. Diamond to talk about the challenges that her firm and its clients face in filling cybersecurity roles.
Deidre, why is recruiting cybersecurity executives so difficult?
Cybersecurity experts are incredibly busy. Not only are their departments frequently understaffed, but their jobs are mission-critical to the success or failure of their organizations. Their roles can often be more similar to that of an emergency first-responder than an IT professional. Because of the fast-paced and high-profile nature of their work, they don’t even have time to spare for recruiters. And that’s an important issue because we have found that HR generalists simply are not equipped to oversee the hiring process for such specialized, in-demand, hard-to-find talent.
“Cybersecurity is no longer just a technology issue. It is a business enabler, and cybersecurity professionals are the key to success.”
How can the search process be improved?
Executives in search of cyber talent need to use specialized cybersecurity staffing agents. Job seekers are looking for companies committed to a cyber budget, who value career growth and share in their cyber passion. Retention is just as important to hiring and if organizations don’t meet these needs, statistics show that cyber professionals will not hesitate to vote with their feet and change jobs.
Why is the cyber function so important?
Cybersecurity is no longer just a technology issue. It is a business enabler, and cybersecurity professionals are the key to success. Companies are depending on their cyber resources to detect, protect, innovate, automate and meet compliance standards. Security breaches have significant impact to a company’s reputation, customer confidence and sometimes unpredictable financial impacts. Companies with great hiring and retention plans attract and retain talented and passionate cyber professionals.
Hence the need to pay up for these professionals?
Yes. Our research and experience show us that companies underestimate what it takes to get the right talent in the door. In our research study, over 80 percent of the companies we looked at had to raise their salary cap in order to make the right hire. HR and staffing resources do not have real time salary data available and so they are often not prepared to pay what it takes to hire talent in this market. One thing we are beginning to see is that many companies are getting more creative with their total compensation packages. Equity, paid benefits, telecommuting, relocation assistance and other perks are often included to make offers more attractive to these highly sought after professionals. Often, that outside-the-box thinking pays off!