A 0% unemployment rate for the cybersecurity industry is a huge success. There’s an abundance of cyber jobs for everyone. When glancing at the state of the cybersecurity job market, you’d expect that everyone would be extremely happy with the way things are going. It’s a wonderful problem. The problem is that with full employment the challenge is finding people for open cyber positions. This is the exact issue cybersecurity hiring managers are faced with.
Demand is something that the cybersecurity industry has been experiencing a gross surplus for years. A 0% unemployment rate isn't always as great as it sounds. With more open positions than available qualified cyber pros, hiring managers need to think long and hard about their recruiting tactics to engage the right candidates for open cyber jobs. The industry is in dire need of cyber analysts to implement, tune, and monitor cyber solution systems. There’s a need for more DevSecOps professionals to facilitate the strengthening of CI/CD pipeline security. And perhaps the most alarming deficiency within the cybersecurity industry is the existence of more advanced (and continually advancing) adversaries and attackers than security engineers, threat hunters, cyber researchers, pentesters, and leadership to combat them.
The market for qualified cybersecurity professionals is at peak competitiveness. Great for the cyberpro on the hunt, difficult for the hiring manager who is in dire need of cybersecurity skill sets. So how do we best leverage a 0% unemployment rate within the cybersecurity industry where it seems there exists no qualified help in sight?
Last year, Cybersecurity Ventures reported that there will be 3.5 million unfilled cybersecurity jobs globally by the end of 2021. Combine that with a workforce that’s already reached its maximum occupancy and you can see how problems would start to develop.
To help your organization prepare for hiring challenges in the year ahead, let’s discuss the implications that a 0% unemployment rate has on the cybersecurity job market, while also laying out some strategies for how your company can combat them.
With today’s current economic uncertainty, raising salaries can be a daunting step to take for many organizations. And, if we’re being frank, there seems to be a fundamental issue with companies not budgeting the salaries required to attract a qualified cybersecurity professional. Further, there’s a stark underestimation of the effort that it takes to attract, nurture, and bring a prospective cyber pro through your doors in such a high demand / highly competitive environment. There exists some concern over the economy which has led some firms into believing that they have the upper hand in salary negotiations. This oversight couldn’t be further from the truth. Even in today’s climate, the demand for cybersecurity professionals has never been higher and the vast majority of skilled cyber pros are employed and many are well compensated. In order to persuade them to leave their current situation to come work for you, you must offer them better benefits than they currently receive, with compensation typically being a primary motivator.
With an average of two job openings for every one qualified candidate, cybersecurity professionals have significant leverage when it comes to negotiating salaries. How can employers combat this? Well, the simple answer is to pay more. That’s not the only answer.
While considering the cybersecurity salary ranges you’re currently offering, consider everything else you can offer. Do you have a great healthcare plan? Flexible working hours or generous PTO allotments? Like all workers, cybersecurity professionals negotiate for the best benefits plan that they can obtain and benefits in addition to compensation can provide significant value. Currently, one of the best add-ons to any benefits package is flexible remote work options. The pandemic has shifted to a remote workforce and professionals want to know your company's plan on returning to the office environment. Be transparent with your full remote or transition to office plans in the offer.
There’s a lot to think about here, and honestly, the effort and time needed to recruit qualified cyber professionals to fill your cyber solution needs can be a quite daunting task. You might want to consider the help of KnowMore, which can do a lot of the legwork for you and put you in front of the exact pool of cyber professionals you’re looking to attract. That’s a key differentiator when it comes to the hiring process. It takes a great deal of resources to vet those that do, don’t, and may fit. So why not cut out one or two of those right at the outset?
With a lack of qualified professionals to address unfilled positions, many organizations make poor hiring decisions out of desperation. It’s commonplace to see companies get obsessed with trying to find a perfect fit while wasting months overlooking decent-fit candidates. As time goes on, the need to fill the position only grows stronger and many can end up hiring someone unsuited for the role just to get it filled.
To avoid this situation, the best thing to invest in is training. With 0% unemployment, finding the perfect cyber pro for your open position may not be feasible depending on what you’re offering. CyberSN President, Mark Aiello, addressed this issue in a recent article for Forbes and was quoted saying: “Many companies get so hung up on finding the perfect candidate that they miss so many qualified individuals who might tick off five, seven, or even eight out of the 10 skills listed as requirements for a position. In the time it takes to find these unicorn security professionals, a company could have hit the ground running by training someone who was 75% of the way there.”
Another major challenge accelerated by a 0% unemployment rate is retention difficulties. With so many open positions, cyber professionals are bombarded by new job opportunities. You cannot fault them if they occasionally take a peek. And once this happens, many are exposed to some “too good to be true” opportunities that catch their interest. A recent study done by ISACA polled companies across the country and found that “...64% of respondents indicated that they have trouble retaining qualified cybersecurity professionals.”
In the cybersecurity job market, hiring an employee is only half the battle. In our experience as the leading cybersecurity staffing firm in North America, CyberSN has consistently found that retaining cybersecurity talent is actually more difficult than finding it. You don’t want to be in a situation where you spend significant time and resources training your new hire only to watch them leave after six months.
To help enhance employee retention at your organization, consider the following best practices:
Another significant driver of the 0% unemployment rate is the increase in cybercrime. In fact, the FBI reported in May of last year that cybercrime appears to have jumped by as much as 300 percent since the start of the COVID-19 pandemic.
This increase in cyber attacks will cost the world around $6 trillion annually by 2021, as reported by CSO Online. These frightening statistics will only lead to more unfilled jobs and extreme pressure on employers to hire for them. The cybersecurity personnel shortage doesn’t just serve as a detriment to individual employers, it represents a nationwide security threat. In the years ahead, employers will have to work even harder to hire and retain their cyber pros to ensure they don’t leave their operations vulnerable to attack.
With so few unemployed cybersecurity professionals to choose from, filling cyber jobs has become notoriously difficult. Given the current shortage, companies would be wise to recruit active job seekers and also cyber pros who are passively looking—i.e. those who are actively employed but could be open to new opportunities if the offer was right. Unfortunately, the disclaimer here is that these passive candidates are even harder to find and persuade.
To truly be successful in finding qualified cybersecurity professionals in a 0% unemployment job market, it’s best to seek help from those with experience and specialization in the cybersecurity industry. Companies who utilize internal hiring and recruiting teams, always fall into the same pitfalls of not knowing where to look, crafting less than enticing job descriptions, and not speaking the same language as job seekers.
Hiring a company that specializes in cybersecurity recruiting and who truly understands the motivations behind both parties, ensures a quicker and more effective hiring process. For example, with CyberSN’s Engaged Staffing service, we take the work of finding interested and qualified candidates and scoping their qualifications off the plate of the employer. We can also work with the employer to do pre-interview prep to make sure they present the optimal image of their organization and benefits package.
To fill your open cybersecurity roles, engaging with cybersecurity specialists with a proven track record of hiring success should be a logical next step. By leaving it to the cybersecurity recruiting pros, you will save valuable time and money while also saving your organization from the inherent risks of leaving important roles on your cybersecurity team vacant.