How to hack your hiring

This article was originally written for the?CTT Magazine: Episode 001 // Launch.

Recruitment is easy, right?

Well, it's easy to get wrong if you don't plan it out, and it's easy to end up right back at the start of the process if you don't plan your onboarding (the bit after an offer) too.

Believe it or not, recruitment is also a helluva lot more than sticking an attractive job advert out and waiting for your dream hire to apply. So let's strip it back so I can share some insights into how to make your recruitment easy.

Your hiring strategy for a Junior Security role should be very different from your hiring strategy for a Principle Security Consultant or a Security Leader to join the business.

If you advertise a junior role in the right places you will get hundreds of applicants. Dependent on the base skills you need, chances are you need to find a way to assess that talent that is a little more scientific than a cv review, particularly for entry-level talent. You can assess technical knowledge with a platform like Capture the Talent, or you could set the applicant a task such as a report to write on the technical aspects of the latest breach report or their understanding of a risk framework.

This is a better and fairer way to assess knowledge and potential and how the applicant thinks, as typically you will be looking for potential ability in entry-level talent. You can see a great example of this in Steven Trippier's post here

If you look at the top 20 places from the CTT Advent challenges, 7 of those places were candidates not yet working in security. How confident are you that you would have spotted that talent from a CV review?

If you are hiring for experienced security talent, typically these candidates aren't sat waiting to apply for roles. You need a different strategy for hiring, which includes already being a part of the security communities where great talent hangs out to ensure potential hires know who you are, and you can therefore attract passive candidates. Spend time at conferences, invest time in discord and slack channels, and spend time building those networks, even when you're not hiring.

If you or your talent teams don't have time to do that, then do your recruitment partners do that for you? These are good questions to ask.

Experienced security professionals typically aren't on the market for long, so you need to have a slick hiring process that can fast track through interviews within 7-10 days.

When handling offers, are you confident you know what other offers the applicant has on the table?

Have their expectations changed during the recruitment process, especially with other competitors trying to attract them?

We regularly see that bad offer management is where the recruitment process can go south, so a pre-close approach and an open negotiation is always a good way to manage this well.

Once your new hire has accepted, communication shouldn't stop then. Weekly check-ins, updates with the company and team news, and invites to social events and team socials are a great way to ensure your new hire feels part of the team before the start date, meaning fewer dropouts prior to the start date.

These are just a handful of tips to hack your recruitment, but if you have questions, always feel free to reach out to me. You can see the types of candidates we work with, and the roles we fill for our clients here