A Guide to Recruiting and Hiring Cybersecurity Professionals
Businesses can no longer ignore the very real need for cybersecurity in what has become a complicated digital landscape with a seemingly never-ending stream of attacks and threats. Piecing together a strategy will no longer do. You need a well-developed security strategy – and that starts with onboarding the right cybersecurity talent into your organization.
The Need for Cybersecurity Expertise
Unless you’ve sheltered yourself from the news over the past few years, you know about the rapid increase in cyber threats. In 2015, 112 million healthcare records were breached. In 2016, the FBI received more than 2,600 official complaints about ransomware. By 2020, the average cost of a data breach will exceed $150 million. And with hacker attacks occurring every 39 seconds, the stakes couldn’t be higher for businesses.
The problem is there’s a huge gap between the need for cybersecurity expertise and those who actually have the skills, experience, and qualifications to meet these needs.
As Arctic Wolf Networks co-founder and CEO Brian NeSmith says, “This puts many organizations in a tight spot, as security engineers are hard to find and command top salary figures when available. Cybercriminals, of course, aren’t complaining. They’re doing everything they can to take advantage of understaffed firms that have little ability to prevent, detect and responds to attacks. These companies are at high risk of suffering a data breach that may take years to recover from.”
If you’re going to stand any chance of protecting your business, you have to think about recruiting and hiring cybersecurity talent. It won’t be easy, but it’s necessary.
5 Tips for Hiring Top Cybersecurity Talent
The bad news is there’s a serious shortage of cybersecurity talent. The good news is that most businesses don’t know what to look for. If you do your research and learn about the ins and outs of hiring cybersecurity professionals, you can gain a huge leg up on the competition.
Here are some helpful tips and pointers:
1. Know What Traits to Look For
Because it’s a unique position that most businesses have little or no experience filling, there isn’t always a clear understanding of what traits a cybersecurity professional should possess. Though there is some room for flexibility, David Jarvis, security and CIO lead of IBM’s (News - Alert) Institute for Business Value, believes there are five aptitudes employers should look for:
- An explorer – curious and investigative
- A problem solver – analytical and methodical
- A student of discipline – lifelong student within the ever-changing tech world
- A guardian – ethical and reliable
- A consultant – flexible and communicative
As you search for talent, you’ll be able to pull back the layers and identify the presence of these traits (or lack thereof). They can be used as a measuring stick in your evaluations.
2. Look for Real World Experience
As a leading intelligence firm explains, “A cybersecurity expert today needs to be schooled in both theory and best practices as they evolve. We also need to consider that there is value in multi-disciplinary backgrounds in the field of cybersecurity.”
Though you may prefer to hire someone who has a bachelor’s degree in cyber security, it can be really difficult to find this sort of resume. Instead, it would be wise to relax your educational requirements and tap into candidates who have real-world experience and skills that easily adapt to cyber security. For example, people with backgrounds in military, law enforcement, forensic science, and forensic accounting are often able to transfer their skillsets over to this field without much learning curve.
3. Be Prepared to Pay Up
Because it’s a relatively new position, there isn’t necessarily a concrete or uniform pay scale. You’ll find a huge disparity in what people pay from company to company. However, one thing is for sure: the talent shortage means you can’t skimp on salary and benefits.
Do some research and find out what some other companies are paying for similar positions. You’ll also have to do some cost analysis on your end to determine what it would cost you not to hire someone. If you can’t compete on salary alone, consider upping your benefits package as a way of luring people in and providing them with the perks today’s professionals are looking for.
4. Be Willing to Train
With so few talented candidates actively seeking employment, it can be difficult to find candidates who are already qualified. You might have to hire people with the goal of training and grooming them for their new positions.
While there are certain personality traits and innate skills that must be present already, some companies have found it helpful to send qualified people through intensive “boot camp” type classes that give candidaets and new hires the technical skills they need to succeed on the job.
This obvsiously won’t be possible in every situation, but it’s an option when you really need employees, yet there’s a gap in the employment market. A willingness to train and equip people will open you up to an entirely new set of candidates.
5. Focus on Retention
Once you have a cybersecurity professional onboard, you must shift your attention towards retention. In such a competitive field, top talent will continue to receive offers from other companies. And unless you want to constantly compete on salary (a battle you’ll inevitably lose to the bigger organizations), you have to develop a thorough retention strategy.
“Automating routine tasks can help prevent burnout and free staff members for work that they will find more interesting, less annoying and more challenging,” explains Demisto, a leading security orchestration, automation, and response platform. “Mentor youthful employees to ensure that they receive the training that they need. Advise employees on the career paths from which they can choose within your organization.”
Think About the Future
It’s possible that you haven’t experienced a data breach or attack yet. But as much as you may like to think you’re insulated from malicious threats and outsider attacks, the reality is that no business is immune. Small or large, hackers and cybercriminals will eventually pursue you.
By onboarding qualified cybersecurity talent, you can develop a proactive plan that mitigates risk and gives your business the best chance of being successful for years to come.