Have you heard about the workforce shortage in cybersecurity? Skilled cyber professionals are hard to find and desirable jobs at great companies are left unfilled for months. At least that’s what most tech staffing agencies will tell you. This mindset has infected too many companies, their HR departments, and the staffing agencies they hire, leaving cyber departments understaffed and companies at greater risk.
There is truth to the tight cyber labor market. The latest (ISC)2 report says global IT skills shortages have surpassed 4 million openings. But the lack of professionals is not the only reason companies are struggling to fill cybersecurity roles. The challenge has as much to do with the people doing the hiring as it does the people available for hire.
“I’m calling B.S. on the common belief that it’s a lack of security skills that’s causing these issues,” CyberSN President Mark Aiello wrote in Forbes. “From my professional experience, when I witness security people losing their jobs unexpectedly due to layoffs, restructuring or the like, it can take six months or more for C-level candidates to find a new position.”
In a market where cybersecurity expertise is in high demand, this doesn’t make any sense.
“These folks should be scooped up faster than an unencrypted database full of credit card numbers,” wrote Aiello.
The disconnect between hiring managers and skilled security professionals is at the core of most cybersecurity staffing challenges. The best way to bridge that disconnect is to work with a tech staffing agency that “speaks cyber” and understands the common problems that can derail the cyber hiring process to successfully fill your open positions.
Cybersecurity professionals are passionate about their work tracking down threats. They also know that most people have no idea what their job entails on a day-to-day basis. If you’re posting a job description that wasn’t written by someone within the cyber team, cybersecurity professionals can spot it from a mile away.
Bad job descriptions are not HR’s fault. Most people in human resources lack knowledge of cybersecurity roles and culture, so they use vague language or tech buzzwords that mean different things to different people. The result is a job description that’s nothing more than a long list of technical competencies, educational requirements, certifications, and job titles. When listed as iron-clad requirements, they unfortunately eliminate many talented candidates.
A cybersecurity staffing firm can quickly identify red flags within a job description and work with companies to define requirements, roles, and responsibilities that not only make sense to people in the cybersecurity industry, but also portray the job accurately.
Many IT or tech staffing agencies use the same tactics recruiters in other industries use, especially LinkedIn. They rely on generic IT searches to find cybersecurity specialists, not realizing there is a significant difference in knowledge base and skill set.
When it comes to finding great people, it can be difficult. Cybersecurity professionals are skeptical of social media and job search applications and their ability to protect personal information. When asked how to avoid risk when using social media, Ran Canetti, a Boston University College of Arts & Sciences professor of computer science and director of the BU Center for Reliable Information Systems and Cybersecurity said, the best solution is to not use them at all.
“This might cost a small price, but it’s more than worth it,” Canetti said.
If cyber professionals are not on LinkedIn or job search sites, recruiters who rely on these tools will never find them.
An agency that specializes in cybersecurity staffing knows the players throughout the industry, who is happy in their job and who is not. The recruiters put in the time networking, going to conferences and events, and making connections to develop a rich pool of connections they can tap when trying to fill positions for clients.
With 45 different different cybersecurity job categories, many more job titles, and no industry-accepted definition for any of them, general recruiters are already at a disadvantage before they get past the first line of the job description. Tech staffing agencies that lack cybersecurity industry know-how may not be able to identify talented people right for the role, but who have a slightly different job title elsewhere.
“Many companies get so hung up on finding the perfect candidate that they miss so many qualified individuals who might tick off five, seven or even eight out of the 10 skills listed as requirements for a position,” said Aiello. “In the time it takes to find these unicorn security professionals, a company could have hit the ground running by training someone who was 75% of the way there.”
Your company wants to fill open cybersecurity positions with less effort and in less time. If your internal team needs help and you want to take the search to a staffing agency, it will save your company time, effort and a lot of headaches if you choose a firm that knows the industry and can identify candidates that will fulfill your company’s most essential cybersecurity needs.
