Veteran. Entrepreneur. Alpine Security Founder. Real Estate Investor. Author of “The Smartest Person in the Room.” 24x Ironman Athlete.
Is your organization looking for cybersecurity talent? Firms and companies from just about every industry are trying to attract them. They play a key role in the modern workplace, where digital transformation is the pursuit, and everything a company does is tied to technology. Of course, technology also brings risks and threats. Whatever valuable data you have, somebody else wants.
Building your talent pipeline may have very little fuel these days. Approaching this challenge isn’t easy, and some new data points clarify what’s going on from the State of Cybersecurity Report, which I’ll unpack in this article.
The State Of Cybersecurity Findings
Reviewing the study published by the ISACA revealed some interesting and expected findings and insights. Let’s look at the ones that likely have the biggest impact on recruiting cybersecurity talent.
The Pandemic’s Hangover On Staffing
The report cites the pandemic as a cause of staffing shortages. The pandemic forced many people to reconsider life and work and where the balance needed to be. Cycles of burnout and an uncertain world caused people to walk away, and they did during the Great Resignation. According to data, 1 in 4 workers quit their jobs in the U.S. in 2021. It affected every industry. Employees also became used to a more flexible schedule and remote work, and most don’t want to return to the office full-time.
All these changes, the report purports, have caused the talent pipeline to dry up. In fact, only 44% of respondents said they manage staff with less than three years of experience.
Qualified Candidates Seem Impossible To Find
Are new people coming into the field? Yes, it hasn’t lost all its allure since it’s an industry in demand where the opportunity to make a good living is likely. Yet those hiring have a lot to say about skills gaps. They list soft skills as the largest in the quantified bucket, followed by cloud computing, security controls and coding skills.
Soft skills being at the top of the list is very telling. It may demonstrate a shifting mindset of how important this is compared to actual technical skills. It would seem that those may be the most valuable in winning the cybersecurity war. But does anyone want to fight anymore?
Less Staff, More Work And Bigger Threats Aren’t Attractive
The study concluded that 62% of organizations were either significantly or somewhat understaffed. Additionally, 60% said that retention was difficult. If you have fewer people, they have to take on more things. If they do, they may burn out quickly and leave. The threat landscape is also wider than ever, with cybercriminals always opportunistic. The report acknowledges the correlation between staffing levels, retention and cyberattacks.
So, this may look different from a career that younger generations want. They are digital natives, with technology a part of their life since the beginning. They often have a high awareness of cybersecurity. What cybersecurity may need is a little bit of marketing.
The study has a lot of good data, and you should read it. It’s not all bad news, but there’s a pattern around a lack of pipeline and an inability to retain. So, it’s time to pivot.
Cybersecurity Talent Recruitment Strategies
To recruit and retain cybersecurity talent, you should change your approach with these six strategies.
1. Learn from past hirings, whether successful or not: Not every hire will turn out as expected, but you can learn from these previous decisions.
2. Remember, an interview is a conversation: You and the candidate have a lot to learn about each other. You could lose a good hire if interviews are tightly controlled and formal. In the “real world” of cybersecurity, communication and collaboration are critical, so that’s the type of environment you should create in the hiring process.
3. Don’t rush to hire: Even if you are understaffed and have vacancies open for some time, you’ll lose more time and money by hiring the wrong people. Be patient in the process.
4. Find someone who matches your culture: Someone can be a brilliant technical candidate but still be wrong for your organization. In many circumstances, culture fit means someone with soft skills and wants to grow and evolve.
5. Keep in mind that a highly motivated individual is teachable: They can develop their soft and technical skills under you. If you hire someone with the right mindset with foundational knowledge, they may be a better option than a seasoned applicant who has a fixed mindset and is unwilling to change.
6. Recruit early by partnering with educational institutions so that those coming into the field have exposure to your organization.
The market for cybersecurity talent will likely remain tight and candidate-driven. So, you have to make the role and company attractive. The best strategy is to hire those who are genuinely passionate about cybersecurity and willing to evolve. If you do this and welcome them into a healthy culture, you can be confident that these new employees will deliver value and be valued for their efforts.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?