The cybersecurity skills gap. Is your HR helping or preventing your acquiring new talent

The cybersecurity skills gap is real and well documented. If you have been following the buzz you have no doubt noticed there are some who make the case there is no problem. While universities make claims they will solve a problem that developed on their watch. One thing you can count on is that those who seek to profit, or maintain relevance, will be the loudest voices.

Not long ago, I posted a scathing article on HR, their dependency on Applicant Tracking Systems (ATS) technology, and their inability to understand/recognize cybersecurity skills. I figured it was my career doom. Instead, I received many invitations to speak to HR groups. Truth is stranger than fiction.

I have been talking about the cybersecurity skills gap for quite a while. I also founded The Arizona Cyber Warfare Range (https://azcwr.org) and the National Cyber Warfare Foundation (https://cwr.dev) to address the skills gap problems.

Whereas, I stand by my previous posts and arguments, there is something else an organization must evaluate: Is my HR department the cause of my inability to acquire critical talent for my organization's future?

Here are some things to consider;

1) Do my published job descriptions tell smart talent "avoid me, I am a terrible company"? I post jobs for the Tech Data Security Solutions team often. I am always delighted to see the amazing quality and amount of candidates that apply. We are typically filling published job positions within one (1) week. We typically find qualified candidates within one (1) day. This is clearly an exceptional case. There are several factors leading to our success at Tech Data, however, one thing I consistently hear when I interview prospective candidates is "I applied because I could tell from the job description you guys knew what you were doing".

When you publish job positions that look like several jobs combined into one position it tells the candidates either you are looking for a unicorn or you are trying to save money by making the poor victim who is your new employee miserable with a job who's requirements can never be actually met.

Either HR is an intelligent entity that understands talent and how to acquire/retain it, or it is a group of phonies who are little more than disconnected paper pushers? If your HR department is not advising you when job requirements make no sense, when salaries make no sense, or when they see other red flags, do yourself a favor and make your next intelligent business move to fire the phony HR people.

2) Do you have unrealistic expectations? Publishing a job requirement for an "entry level" position that require previous experience is a serious red flag and a logical impossibility. Either the job is entry level or it isn't. There is no grey area here. Does your HR ever push back and tell your hiring managers their expectations are unreasonable? If they do not, who will? Why are you paying for professionals that do not serve you professionally?

3) Does your inability/unwillingness to pay a normal salary guarantee your job will remain unfilled, be filled by someone who will leave in 6 months or less, or by a phony/deceptive candidate? In a competitive market, you have to pay the market price. The very act of not paying market price drives up market costs. You heard that right, bad HR may be the primary cause of runaway costs. Do the maths, thousands of unfilled positions and a shortage of talent combine to guarantee higher market costs. If you hire and fill your job positions the "apparent demand" goes down and so do salaries. Does HR even know what cybersecurity positions are paid? Do they advise your hiring managers? Is it possible the HR and hiring managers point at each other as their excuse leaving an intractable problem that costs your organization money?

4) Are you fishing in a desert? Colleges and universities have been very good at raising tuition, harpooning state governments for more subsidies, and our federal government for more grants. They have done so while getting much worse at producing employable talent. Let's face it, business is not their customer. Their customers are either students that are desperate to be considered for a job, cronies too dumb to understand how to invest (legislatures), or agencies trying to create productivity inception by throwing cash in the form of grants (federal agencies). One thing is for sure, trying to find experts where there never will be any makes no sense. Does your HR department have "good relationships" with colleges and universities? Do they suggest finding new talent there? Why would colleges and universities suddenly gain competency in solving a problem they themselves are responsible for? "Insanity: doing the same thing over and over again and expecting different results." - Albert Einstein.

Bring sanity to your job requisitions. Find your talent using different methods than "traditional". Stop making the problem worse by being bad at acquiring talent. Remove bad HR and get in touch with the things that are preventing you from finding the right talent.

The Cyber Warfare Range has partnered with Pima Community College and Tech Data to form a suite of solutions to make a real difference in cybersecurity and the actual skills gap.