Is your company in the 74%?

In a recent poll I conducted, a staggering 74% of respondents cited unrealistic expectations as the primary reason businesses struggle to consistently attract top Cyber Security talent.

With nearly two decades of experience in the Cyber Security industry, I've seen first-hand the challenges companies face when it comes to attracting the right talent. Over the coming months I will be shedding some light on some of these issues—many of which are widely recognised, yet few are actively addressing in the hope of helping make a positive impact.

Organisations are often looking for the ‘unicorn’ aka "purple squirrel"— professionals who check every box on an impossible list of requirements, who if found are then often offered below-market compensation.

Here are some of they key examples that illustrate the disconnect between hiring expectations and reality in today’s market.

• Over-reliance on Certifications: Many companies place too much emphasis on certifications as an initial filter, which can exclude highly experienced professionals who have developed hands-on skills over years but lack a long list of qualifications. These individuals are often better equipped to handle real-world security challenges but are overlooked early on in the recruitment process.
• Unrealistic Job Descriptions: Job adverts often feature an exhaustive list of responsibilities and required skills, seeking candidates who are experts in multiple fields (e.g., network security, compliance, risk management). This makes it nearly impossible to find someone who meets every want, especially when the salary being offered is well below market standards.
• Ineffective Interview Techniques: Candidates are frequently assessed on their ability to recall trivial information, such as port numbers or specific configurations, rather than on their problem-solving skills, critical thinking, or communication abilities. These are the competencies that are more valuable in real-world security scenarios.
• Inflexible Candidate Requirements: Many businesses attempt to hire individuals who mirror previous employees, not accounting for changes in the market or understanding that each candidate may bring a different but equally valuable skill set. This rigidity creates unnecessary obstacles in the hiring process.
• Below-Market Compensation: While many organisations expect candidates to possess an extensive skillset, they offer compensation that falls far below industry standards. This results in either prolonged vacancies or hiring underqualified individuals, which in turn increases the risk to the business.
• Lack of Clear Role Expectations: Candidates are often met with vague answers when asked how success in the role is measured. This ambiguity not only deters strong candidates but also makes it difficult for companies to hire someone who will truly meet their needs.

By realigning expectations, businesses can open the door to a much larger pool of capable talent. Assuming that the talent you are so eagerly looking for is actively looking and applying to jobs on the market....

I would welcome to hear your views / experiences - please leave any comments below.

If you are part of a business who is looking to improve the way it attracts its Cyber Talent please do reach out on +447884666351 for an old school phone call.

Or pop me an email.

Either way, have a good day.

Chris