This week, October 18-23, is Cybersecurity Career Awareness Week! At CyberSN, we’re using this week to help open up the conversation around the broken career and hiring system within the cybersecurity industry. A huge part of improving cybersecurity hiring and bringing attention to cyber careers is making sure that professionals in the industry, and those who are looking to join it, have access to comprehensive, easy-to-use career planning tools.Planning your career path
However, the industry is relatively new and constantly evolving, so planning a cybersecurity career path can be a challenge The increase in frequency and complexity of cyber threats has forced cybersecurity organizations to change their business offerings and their teams regularly. Consequently, many jobs, such as DevSecOps and Cloud Security roles, simply did not exist ten years ago, so we have little data about common next career moves.
There is also very little common language used across roles and job descriptions in cybersecurity. Organizations often use vague titles that merge several roles, either because the detail of what’s needed for the role is unclear, or, faced with a severe talent shortage, they’re looking for one person to cover multiple roles. The industry also suffers from a lack of succession planning, insufficient budgets, and overtaxed teams due to its tight labor market; cybersecurity job postings now account for 20% of IT job postings, up 18% from 2020.
A lack of career planning resources means that many highly-specialized cybersecurity professionals have no information about careers they can pivot to, what training they need to progress, and how they can navigate career transitions or hybrid roles.
CyberSN enables all cybersecurity professionals to plan their career path efficiently and easily in our Career Center. At CyberSN, we address the lack of language standardization with our exclusive Job Taxonomy of 45 defined cybersecurity roles. All 45 roles are featured in our Career Center, mapped into a variety of career paths by our team of cyber and recruitment experts. For example, a Security Analyst can move on to become a Cloud Security Engineer, who can then pursue a Cybersecurity Project Manager role.
Cloud Security Engineer Career Path
Our Career Center also specifies the average salary to expect from each role and how this salary will increase, enabling cyber professionals to truly know their worth and plan their salary negotiation points. CyberSN identifies the best certifications and training courses to pursue for each role, providing the clarification that cyber staff need to embark on new pursuits and feel comfortable at work.
Only by developing a clear cyber career plan can professionals figure out the areas of expertise they’re lacking in, the experience they require, and their eventual career and life goals.
This year’s NIST Cybersecurity Career Awareness Week is calling attention to the contributions to society that cybersecurity professionals make, and the innovations they produce. The three goals of Cybersecurity Career Awareness Week align closely with our own: to inspire, engage, and inform society on cybersecurity careers, to demystify cybersecurity careers, and to develop a highly skilled and diverse workforce.
We’re encouraging everyone to participate in Cybersecurity Career Awareness Week and the CyberSN team are here to help with any mentoring opportunities, certification guidance, DEI support, or career planning.
You can visit the NIST website for more information on getting involved in Cybersecurity Career Awareness Week, or get in touch with CyberSN for more information on our cybersecurity career resources.
Visit our Career Center and explore the career pathing tool for yourself.
In this blog - the third in our series addressing the cybersecurity career and hiring crisis - we introduce the CyberSN marketplace, the one-stop destination for all cybersecurity career and staffing needs. To learn more about the cybersecurity career crisis and how to solve it, check out our previous blogs.
At CyberSN we recognize that both individuals and organizations need to be matched with the roles and professionals that best fit them, which is why we’ve developed a brand new solution. The CyberSN Marketplace unites confidential public profiles and organizations looking to hire cybersecurity professionals under one platform, providing them with no-cost access to the jobs, tools, information, and professional connections they need.
In the Career Center, professionals create a confidential public profile rather than just uploading a resume, with their critical task and project experience as the main focus. Employers can then find them without the need for any individual to share their identity on a public platform. This allows professionals to connect with their choice of best-fit jobs without fear of reprisal or unconscious hiring biases, helping to promote diversity and inclusive behaviors within the hiring process.
Using their confidential public profiles, professionals can search and apply to jobs on the CyberSN platform, share jobs with their network, and ultimately let jobs apply to them. Employers are able to source individuals based on the unique task and project information in their job description, giving them the opportunity to reach out even to passive job seekers.
As well as increasing the chances of finding a best-fit job, the CyberSN profile is an effective way of assessing: skills to develop, past projects worked on, and potential training opportunities. Professionals can streamline their career development by using their profile for performance reviews, mapping which certifications they require, and negotiating salary increases. By empowering individuals to know their worth, CyberSN profiles give professionals more control over their career development.
The CyberSN Career Center also allows professionals to browse CyberSN’s exclusive Job Taxonomy consisting of ten job categories and 45 functional cybersecurity roles, from executive management to analyst and everything in between. By using this Job Taxonomy, we provide easily searchable access to every cybersecurity job currently posted in the United States (at date of publication, this number was over 65,000 postings), streamlining the job search process for the professional. Our taxonomy also provides us with a common language of role titles to be used across the platform, allowing us to effectively match professionals with roles and streamline communications.
The CyberSN Marketplace enhances CyberSN’s established agency staffing services. From our free job description builder to our full-service staffing offerings, our Hiring Center provides a better way to find and retain the right professionals for every role.
Tailored toward SEO and applicant tracking systems, our free job description builder uses the same common language as our CyberSN professionals’ profiles, categorized within our 10 role categories and 45 functionals roles to ensure quick and easy matching. Organizations can either create and export job descriptions for free or engage with CyberSN’s pool of engaged professionals by posting their jobs to our Marketplace. Professional profiles are then matched to the job based on the tasks and projects that they have completed and those that the role requires.
Our Hiring Center is one of the only providers of comparable cybersecurity salary information, offering up-to-date data that helps organizations understand the market, craft better job descriptions, and communicate successfully with new hires. Certification mapping and career pathing provides the professional development tools needed to carry out annual reviews with existing staff and identify skills gaps within teams. By leveraging the Hiring Center’s resources, organizations are equipped to hire staff that love their job, improving retention and inspiring long-term changes to company culture.
The CyberSN Provider Exchange, part of our Marketplace, offers a directory of relevant training, products, and event resources for both cyber professionals and organizations. Products and services featured on the Provider Exchange range from diversity & inclusion solutions to hands-on training, penetration testing, professional services organizations, and more. Our entire community of cybersecurity professionals and organizations can access CyberSN’s Provider Exchange for free, making it a go-to catalog for any and all cybersecurity career needs.
Joining the Provider Exchange puts your products and services in front of our ecosystem of engaged cybersecurity professionals, allowing us to come together in support of the industry with the resources required to collectively achieve success. You can find more information on joining the provider exchange here.
The crown jewel of the new CyberSN Marketplace is the cybersecurity industry’s first ‘Deep Job Platform’. Our platform goes beyond simple job listings, providing products and features that complement all posted jobs and speak the language of cybersecurity. The platform organizes our 66,000+ jobs and 28,000+ professional profiles based on tasks and projects, classifying them into the ten job categories and 45 functional cybersecurity roles that make up our Job Taxonomy.
As well as making our jobs easily searchable and understandable, using the common language of our Job Taxonomy means that communication is smoother and more accessible. This is particularly important within cybersecurity, as it is a complex and ever-changing field. The CyberSN platform matches professionals to jobs based on their confidential public profile, so individuals are matched to roles based on what really matters - their task and project experience - and nothing else.
Our Marketplace is now the go-to network for jobs, career expertise, and resources for the cybersecurity industry. We see the cybersecurity hiring crisis as a matter of national security and consider it our mission to fix the broken job searching system that exists today.
With the launch of the Marketplace, CyberSN is providing all the tools and connections that are needed for any type of cyber professional to Pwn Their Career and for hiring firms to build their teams fast and to last. This means matching individuals with organizations effectively, ultimately boosting career satisfaction and improving employee retention.
We’re facing a cybersecurity career crisis. Cybersecurity professionals are feeling underutilized, underheard, and overworked, with resumes and job descriptions lacking the information professionals need to find jobs and fill roles successfully. Following on from the challenges outlined in our last blog, how can we eliminate settling within the cybersecurity industry and ensure that both individuals and organizations are matched with their best fit?
By using a standardized taxonomy of roles and job functions within cybersecurity, we can make sure that job descriptions and profiles, (aka resumes), are understood across the board. With a shared understanding of role names and their relation to one another, one can easily browse and search for the jobs or cyber professionals they need. By focusing on tasks and projects, professionals can easily deduce what is expected of them from our job descriptions. This also allows hiring teams to effectively communicate the industry experience needed for new hires, saving them time and money in the process.
As a result of using a common language and standardized role descriptions, 53% of professionals that were placed by CyberSN over the past 4.5 years are still working for the same company. This means that CyberSN candidates are staying far longer in their roles than the national average. Within the federal government, 27% of all cybersecurity staff hired over the past five years left within a year.
When matching professionals with roles based on tasks and projects alone, we don’t need to know personal information like gender, age, or race. By creating and using confidential public profiles, professionals can find and be found by jobs that match based purely on their unique experience, eliminating unconscious biases and fear of reprisal. When these profiles use a common language that makes sense to the employer, job seekers can effectively communicate the value of their experience and what they have to offer, giving them an effective tool for evaluations and salary reviews.
Existing job boards and public social networks lack the resources that cybersecurity professionals really need. Cybersecurity professionals are empowered to know their worth and plan their next move thanks to CyberSN’s salary information, career pathing, and certification planning, available in our Career Center. Employers are able to use these resources to educate their hiring teams, improve their job descriptions, and find matches fast.
By using a common language to describe job responsibilities, and with access to confidential public profile creation and unified career resources, cybersecurity professionals are equipped to Pwn Their Career. This means professionals can find jobs that truly fit their criteria while having access to the career support they need. This sets professionals up for a career where they are judged on their merit, not their personal information.
Equally, organizations and hiring teams can build teams faster and to last, resulting in retention that far surpasses industry averages. In an era of individualism, coming together to understand and communicate our worth and seek education on diversity, inclusion, and emotional intelligence is the only way to achieve workplace happiness and personal success, while addressing our national cybersecurity crisis.
Once we realized this at CyberSN, we knew we had to design a new system. This meant developing a brand new, dedicated resource that provides no-cost access to the resources that a cybersecurity professional needs to Pwn Their Career. The CyberSN Marketplace is now the cybersecurity industry’s first ‘deep’ job platform. Between self-service options in the Marketplace, and full-service staffing offerings, CyberSN is now the premier one-stop-destination for all cybersecurity career and staffing needs.
Find out more about the brand new CyberSN marketplace with a breakdown of the key features in our next blog.
As we get into the swing of 2021, we thought it would be pertinent to dig in a little bit and figure out what the top cybersecurity jobs are in the current industry landscape that can lead to a prosperous cybersecurity career. As we all well know, cybersecurity careers are very much on the rise as the demand for skilled cybersecurity professionals continues to outpace the available workforce. This is a strange reality, and with it comes the potential for great opportunity.
Today, there are over 521,600 open cybersecurity jobs nationwide. You read that correctly. Over a half-million available positions… For those already working as a cybersecurity professional, the opportunity for job advancement has never been better. The question is, what is the best line from point A to point B as it relates to your success in a cybersecurity career?
To help facilitate that answer, CyberSN has uncovered the top five cybersecurity jobs in 2021 that are both in-demand and present a great path for a highly-successful career in cybersecurity. As you read on, we will detail the top jobs in the cybersecurity marketplace and where they can take you as your cybersecurity career moves forward.
Open Nationwide Jobs: 18,400+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. See CrowdStrike for more information.
Currently, there are over 18,000 Threat Hunter jobs open in the US alone. As more and more systems and businesses become fully digital, the potential for security flaws increases. These systems, both in the private sector and public sector, need skilled Threat Hunters to uncover threats and monitor adversary techniques to avoid data breaches and successful attacks.
Cyber Threat Hunters can expect to advance their careers through a number of paths, many becoming Cybersecurity Engineers creating frameworks to solve for the latest security threats. Others will move past the engineering stage into leadership roles such as Information Security Managers, Information Security Officers, or even a Chief Information Security Officers (CISO).
Open Nationwide Jobs: 57,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A Cloud Security Analyst has detailed knowledge of common security threats, security controls, and associated technologies and practices related to securing cloud platforms, cloud services, and associated IT resources based on typical cloud technologies. They monitor and maintain existing cloud security environments, security performance, security testing, and setup.
Cloud Security Analysts generally feature educational backgrounds such as a bachelor’s degree in IT, computer science, or a related field. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role. Employers are often looking for 2-4 years of applicable experience in a similar cybersecurity working environment.
Currently, there are in excess of 57,000 Cloud Security Analyst jobs available throughout the United States. Given the times, many organizations have either made the switch, or are in the process of making the switch to a more comprehensive cloud based environment for their core business operations.
A Cloud Security Analyst is a great position to advance your career in cybersecurity with further growth opportunities. Cloud Security Analysts can expect to advance their careers through a number of paths which offer broader security reporting and threat monitoring. Others will move past the engineering stage into leadership roles such as Security Directors and, Chief Information Security Officers (CISO).
Open Nationwide Jobs: 6,200+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A DevSecOps engineer has involvement in and appreciation of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. In a continuous integration/continuous delivery (CI/CD) environment. DevSecOps engineers are responsible for securing software deployment, identifying security threats, and the configuration of network infrastructure. DevSecOps engineers must have some knowledge in network protocols like HTTP, DNS, and FTP. They also need to know how to implement threat intelligence and risk assessment techniques and be up to date with the latest security best practices. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role.
There are currently over 6,000 DevSecOps Engineer positions open in the United States. Companies with a solid foundation of preventative thinking are employing more DevSecOps Engineers to help assess cybersecurity risk at the beginning stages of launching cyber based initiatives rather than implementing a solution and addressing system threats as they happen.
A DevSecOps Engineer position can move rather quickly through the cybersecurity career ranks and might expect to further their career by becoming an Application Security Engineer who works to combat cybersecurity threats pre and post system initiation. From that post, one can expect to move further up into a role such as a Security Director or Security Product Manager.
Open Nationwide Jobs: 1,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From the BMC Blogs: a SecOps engineer is a security professional who is responsible for securing and protecting network systems, applications, and data. In short, a SecOps engineer supports enterprise security operations. SecOps engineers help to design and build all of these different computer networks and put tools into place to secure and protect them. These systems typically require regular maintenance, so SecOps engineers must update, tuning and return operations issues arise. Security engineers are also responsible for deploying new security software and hardware.
There are currently over 1,100 vacancies for applicable SecOps Engineer positions throughout the country. This number is likely one that will continue to grow due in part to the number of different applications organizations are designing and integrating to fulfill unique mission tasks. Thus, there will be an increased interest in having a cybersecurity professional like an SecOps Engineer to “own” these vital application environments and protect them from threats.
A SecOps Engineer can expect to experience cybersecurity career growth by taking the next step and becoming the organization’s pointed Security Engineer who would oversee the tasks and goals of an applicable team. From there, it’s realistic to expect to become a Security Director or Security Product Manager down the line.
Open Nationwide Jobs: 29,000+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From Cybrary: A Security Engineer is tasked with the role of protecting the networks and computer systems of a company from any security threats or attacks. A Security Engineer is responsible for establishing and implementing security solutions that can defend a company and its networking assets. This can be accomplished through a variety of ways. Just a few of the essential duties of a Security Engineer include: establishing security standards and best practices that an organization should follow, evaluating an organization’s systems, networks, and data to determine what types of security protocols are necessary, developing proper security measures to meet an organization’s needs, implementing security controls to protect an organization’s infrastructure and digital files, monitoring and upgrading security measures as necessary, and responding to any security breaches or intrusions that may occur
At this moment there are in excess of 29,000 open Security Engineer positions. This is an area that is ripe with opportunity as businesses everywhere move to employ Security Engineers with the skills necessary to design and maintain stout cybersecurity architectures that facilitate business operations without fear of costly data breaches. System Engineers will often be employed to manage and oversee a team of cybersecurity professionals to see to it that the overall digital architecture is armed and operating effectively to diffuse disruption.
As a Security Engineer, you can expect in due time to have a great shot at becoming a Security Director who would oversee the cybersecurity efforts of an organization.
We’ll end this conversation the same way we started it… There’s A LOT of opportunity in the cybersecurity marketplace right now. With over 521,600 open cybersecurity jobs nationwide, there’s no shortage of positions to be had, and if you’re a cyber professional your path to continued or bolstered success in advancing your cybersecurity career is yours to choose. On the flipside, if you’re a hiring manager looking to solicit the help of a qualified cybersecurity professional, you likely already know that the competition is fierce, so consider your pitch, and put some time and energy into making sure it’s worth the pursuit. If you need help, we’re here for you. Programs like CyberSN’s KnowMore platform offer tools and templates to build job descriptions specifically targeted toward people in the cybersecurity industry for free.
We talk to a lot of people who want to know how to make their next career move. People are looking for not just better pay, they are looking for opportunities for professional development, better work-life balance, and permanent remote offices. Covid-19 has brought some changes to the workplace and the way we interview for jobs, but one thing remains the same—there is still a shortage of qualified cybersecurity professionals.
Here, we’ll talk about advancing your cybersecurity career, whether you are looking for work or are thinking about changing companies, and ways to find a job you’ll love.
With many roles and responsibilities in the cybersecurity field, there are numerous ways for someone in infosec to work their way from entry-level to a more advanced cyber career. For example, starting as an IT auditor or security analyst can give you the experience needed as a penetration tester. From there, roles like security architect and security engineer can take you on to a management role like information security manager.
As you consider your cybersecurity career pathway, it certainly helps to understand the skills and certifications that will position you for advancement into these roles. But, almost as important is understanding where you want to go and what kind of role you want to play.
Talk to the people on your team, and within the cybersecurity industry, about how they got to where they are. Did they start on the help desk? Did they focus on honing specific skills? What are the attributes they consider valuable to advancement? This knowledge will not only show you what to do to land the role you want, but also help you discern which jobs provide the most opportunity for career advancement.
Unfortunately, the economic downturn brought about by Covid-19 has led to downsizing in all industries, even vital roles in cybersecurity. That’s the position Stefan Rajaram, now a global information security assurance analyst at Crane Co., found himself in earlier this year.
“The roles that are out there right now are mainly senior roles and required a lot more years of experience than I already had,” said Rajaram in an interview with CyberSN Founder and CEO Deidre Diamond.
Instead of fixating only on the job hunt itself, Rajaram said he treated getting a new job like a job, spending eight hours a day applying to positions, and also doing online training and advancing his skills. As a pen tester, he focused on red teaming, a skill he later heard from a recruiter was a must for a position he was applying for.
Hear more of what Rajaram learned during his job hunt here
Opportunities for advancement often present themselves when you’ve already got a job, sometimes when you weren’t even looking. Chad Fame started his job hunt when he was approached by a CyberSN recruiter. Although he had been approached by a recruiter before and found that job was not a good fit, the option presented by CyberSN “was a good opportunity to explore.”
“I was coming from a place where I had a job, I was comfortable, I knew where everything was,” he told Diamond. “Coming in to look for a new job, or interview for one, is kind of daunting.”
Among the things to consider is whether the company where Fame was interviewing would be doing well six months down the road. He said if a company is putting the effort into hiring now, “they have the work that needs to be done now and in the future.” However, he still wanted to ask the right questions about where the company was going, including if there were cuts planned.
Asking the hiring manager the right questions is especially important during today’s job climate to ensure the move will be the right fit, including whether the team can remain fully remote, if there is opportunity for training and mentoring, and availability for other benefits that can drive a cybersecurity career in the right direction.
Getting to this stage of career development for Fame was the result of working in a number of different industries, including legal, pharmaceutical, and healthcare. Fame said he gained cybersecurity experience by working on audits and compliance. From there he moved into risk management. Having a variety of experience can give cyber professionals more options when seeking the next opportunity, and helps when negotiating compensations with a new employer during the hiring process.
When leaving his old position, Fame told Diamond he got a counter offer from his previous employer and that anyone looking should be prepared for that conversation too. Companies want to retain their talent and could offer you what you’re looking for if they’re at risk of losing you.
Hear more about Fame’s interviewing experience >> “Career Advancement During Covid”
With career advancement comes increased challenges and responsibility, but also greater compensation. Diamond said in the “Career Advancement During Covid” interview that cybersecurity professionals should be ready to negotiate.
“Compensation is more than just salary,” said Diamond. “When you’re in the conversation of salary, make sure you’re in the conversation of total compensation at the same time.”
Salaries may differ depending on the company’s compensation structure, including bonuses, stock options, benefit plans, vacation time, how often you have to be in the office, the cost of living in that region, and many other factors. Once an offer has been made, professionals should evaluate the opportunity based on the whole package.
“It is ok to keep talking if you don’t have what you want,” she said.
Even with some uncertainty in the job market, there are still many opportunities at leading companies, and it’s clear that organizations are willing to negotiate to get the right person for the position. Building your skills, knowing your worth, and having a great resume to show it off can help any cyber pro make the next move in his or her cybersecurity career.
Today’s cybersecurity teams need all the help they can get to keep up with a breakneck pace of work. Threat Actors barrage corporate systems with new and inventive attacks by the minute. And Cybersecurity professionals are committed to protecting information, privacy, and maintaining regulatory compliance. Unfortunately, security hiring managers struggle to hire talent fast enough to fill their needs.
Some claim that it’s a market shortage of security skills that is keeping companies from filling positions in a timely manner. But there’s actually a lot more going on than a simple constraint of skilled labor that’s contributing to today’s cybersecurity staffing crisis.
The uncomfortable truth is that cybersecurity
recruiting today is very broken.
A disconnect exists where even as hiring managers are complaining that there aren’t enough skilled security professionals to go around, the veteran cybersecurity job recruits that are out there are unable to land great jobs in eight months or less. That doesn’t make logical sense from a pure supply-and-demand perspective.
It’s happening because there are a lot of dysfunctional dynamics at play in the security job market today.
As a longtime cybersecurity staffing specialist, I see every stakeholder in the cybersecurity ecosystem contributing to the problem. Here are the many broken faces of the cybersecurity job market.
A recent study from Enterprise Strategy Group found that some 53 percent of security hiring managers today report experiencing a ‘problematic shortage of cybersecurity skills.’
And yet if you dig deeper into the issue you’ll find that many of these same hiring managers are doing very little to proactively develop those skills in-house.
They’re not hiring creatively at the entry level or near entry level. They’re not bringing in new blood with great problem-solving skills or relevant technical skills that can be built upon with the right mix of on-the-job training and professional development classes. That’s probably because they’re also not sending staff to conferences or paying for training to help them learn new skills—or even just to keep up with the latest trends and technologies. Furthermore, they’re not pairing junior staffers with senior staffers, or doing any kind of strategic succession planning.
Instead, they seek to hit the lottery by trying to attract unicorn candidates. They look for impossible candidates who possess an unrealistic combination and depth of experience who’d also be willing to do the work of multiple specialists for a single person’s salary. They tentatively post these nightmare jobs to ‘see what happens’ in lieu of putting a comprehensive team-building strategy in place. Meantime the backlog builds and the overworked staffers already on the team grow more frustrated and discontented by the day.
Now, I don’t want to beat up on security hiring managers too much because their actions (or failure to act) are often a reflection of circumstances completely out of their control. For example, in many larger organizations corporate policy dictates that human resources will take it upon themselves to write job descriptions and market the open role to available candidates.
The trouble is that they don’t ‘speak’ cybersecurity and they’re often intimidated by the technical elements of the job.
So they resort to cutting and pasting job descriptions from ill-advised sources. Completely disconnected from cybersecurity culture or knowledge, HR may do some cursory investigation and utilize vague skills keywords that may mean different things to different organizations or candidates. Or they’ll overly rely on requiring certifications requirements with only passing relevance to the job at hand. Similarly, they might take a wish list of technical competencies from a hiring manager and translate it into an iron-clad requirements checklist for which every box needs to be ticked to even consider someone for an interview
What companies get out of the process is job descriptions and candidate requirements that are unreasonable and inflexible. These are the types of openings that throw up all sorts of red flags to longtime security pros. And so the rock star candidates keep walking, never throwing their hat in the ring.
On top of all of this, overloaded HR departments typically don’t have many resources to actively recruit and even when they do they don’t have deep ties into the very insular cybersecurity community. Most organizations are passively seeking to fill roles in a specialized job market where candidates don’t always openly market themselves (more on that in a moment.)
Disconcertingly, some of the most systemic problems that are causing today’s cybersecurity staffing crisis come from the very top of the corporate food chain. True, many in the C-suite would tout to regulators and customers that they’ve made the commitment to open up a plethora of new security roles in order to bolster their cyber capabilities. What they don’t say is that they’re not providing the necessary support or logistics to reasonably fill those roles.
Hiring managers frequently don’t offer training, can’t send people to conferences, don’t offer flexible work schedules or dress codes, and can’t budge on salary caps because the C-suite won’t approve those necessary enticements. What’s more, neither will the top brass approve outside recruiting support as a matter of course. In many instances I run across organizations where a position must remain open a minimum of six months before they even allow an outside agency to help fill it.
Even when companies do turn to technical recruiters and staffing agencies, many a pitfall lies ahead. Too many organizations rely on general purpose technical recruiters with very little expertise in the cybersecurity market. As a result, even though they’re more aggressive about going out to find potential candidates they still have a difficult time effectively matching the right skilled candidates to the appropriate role. These generalists often run a volume game, and will do anything to bring in anybody that breathes to consider an interview in order to make their numbers—sometimes to the point of outright dishonesty to job candidates. What’s more, these generalists are usually still armed with poorly written job descriptions that are still based on free text writing and keywords, never really controlled with the taxonomy or structured language that breaks down specific cybersecurity professional tasks or projects and matches them to candidates with those experiences. And so there’s lots of room for misinterpretation during the recruitment process.
The final difficulty is not necessarily the fault of job seekers, but just a byproduct of the cybersecurity profession. It’s the fact that by necessity and experience, security people are skeptical about sharing information about themselves that can be used against them by cybercriminals. As a result, there’s only a small percentage of security pros that are on LinkedIn and many of them are leery of putting themselves out there for passive job searching. Thus, when they’re let go due to an unexpected layoff or merger or some other event like that they’re left flat-footed—even though there are plenty of companies that would love to have their expertise to fill an open role.
All of these factors contribute to a broken security job market. Organizations are not able to effectively match up with the talent they need. Skilled security job seekers have no visibility into the opportunities afforded to them. And teams are left outgunned and overworked as a result.
There’s no magic wand that will fix all of these dysfunctional dynamics, but my team at CyberSN has been working hard to help bridge some of the gaps that currently exist. In particular, we’re working on rolling out the structured platform we use internally to match recruits to job openings. Both passive and active job seekers will be able to anonymously create and update profiles using a standardized taxonomy of skills and experiences that hiring companies can use to match candidates to their jobs. If you are curious about how we are solving the cybersecurity hiring crisis, check out KnowMore at www.CyberSN.com. KnowMore is drastically altering the way cybersecurity professionals and employers find each other.
