Attract And Retain Cybersecurity Talents

Any employer that has tried to recruit cybersecurity talent in the recent past knows how big a challenge it is. The competition is fierce. Nearly half of cybersecurity professionals are contacted weekly by recruiters, regardless of whether they are actively looking for a job. For some of them, contact from recruiters is a daily occurrence.

What cybersecurity candidates want

When advertising a cybersecurity position, the job description is critical. Candidates draw inferences about the employer’s cybersecurity awareness from the job description. More than half say lack clarity in a description implies the organization doesn’t understand security. Vague language and descriptions that don’t seem to accurately reflect the job are definite turnoffs.

Whenever demand is high for talent, the natural inclination is to lure candidates with high salaries. But while salary does matter to cybersecurity jobseekers, it typically isn’t the deciding factor. Cybersecurity professionals get their cues about whether an employer suits them from things like the job description and whether the role for which they’re being recruited is clearly defined.?

Writing job descriptions to match required skills increases an employer’s chances of finding the right candidate. Not all candidates can deliver every skill, so avoid using a “kitchen sink” approach in job descriptions. It’s a turn-off to seasoned jobseekers. The key takeaway for employers is to recognize that they must be realistic about what a single candidate can bring to the table and be smart about building a well-rounded cybersecurity team across skillsets and disciplines.??

Retention is just as Important as attraction

To maintain momentum on security initiatives, firms must pursue new talent strategies, not only to woo in-demand professionals to work on their initiatives, but also to keep them engaged and satisfied once onboard.

Our clients have employed numerous strategies to build and buy loyalty. Some successful strategies include:

• Realigning salary bands to reflect current market ranges
• Paying sign-on and retention bonuses
• Sponsoring certifications (CISSP, CEH, CISM, CCSP, CISA, etc.)
• Create a mentorship program that pairs experienced cybersecurity professionals with less experienced employees to provide guidance and support.
• Encourage employees to attend industry conferences and networking events to stay informed about the latest trends and developments in the field.
• Encourage employees to take leadership roles in cybersecurity initiatives and projects.
• Outsourcing repetitive, trivial tasks to consulting and use exciting work to retain in-house staff

Five strategies to apply

1. Learn from past hirings, whether successful or not: Not every hire will turn out as expected, but you can learn from these previous decisions.
2. Remember, an interview is a conversation: You and the candidate have a lot to learn about each other. You could lose a good hire if interviews are tightly controlled and formal. In the “real world” of cybersecurity, communication and collaboration are critical, so that’s the type of environment you should create in the hiring process.
3. Don’t rush to hire: Even if you are understaffed and have vacancies open for some time, you’ll lose more time and money by hiring the wrong people. Be patient in the process.
4. Find someone who matches your culture: Someone can be a brilliant technical candidate but still be wrong for your organization. In many circumstances, culture fit means someone with soft skills and wants to grow and evolve.
5. Keep in mind that a highly motivated individual is teachable: They can develop their soft and technical skills under you. If you hire someone with the right mindset with foundational knowledge, they may be a better option than a seasoned applicant who has a fixed mindset and is unwilling to change.
6. Work with Cybersecurity recruitment and consulting agencies: Agencies like ours who have leaned into cyber security recruitment and consulting are investing time and energy to aggregate talent into a more consumable model. Economies of scale make us better at distinguishing the performers from the pretenders, which makes it easier for our clients to bring on fully qualified and vetted talent.

The market for cybersecurity talent will likely remain tight and candidate-driven. So, you have to make the role and company attractive. The best strategy is to hire those who are genuinely passionate about cybersecurity and willing to evolve. If you do this and welcome them into a healthy culture, you can be confident that these new employees will deliver value and be valued for their efforts.