Looking to Hire and Retain Cybersecurity Talent? Tips to Consider!

Hiring and retaining talent, especially in the cybersecurity field, can often be a challenge for all sorts of organizations. Up to this day, companies and governmental agencies have been struggling to find the cybersecurity talent they need to strengthen their cybersecurity teams as cyber threats keep increasing with enormous consequences, such as data leaks and theft. Moreover, the current talent gap, which has increased a 350% from 2013 to 2021 (Enterprise, 2022), has also pressured these institutions to find new ways to not only find, but also recruit and retain their cybersecurity talents.

Knowing that cyberattacks currently pose devastating threats to organizations in terms of economic costs and reputational damage, companies have started to increase the amount of budget invested in security practices to mitigate the risks of possible attacks and prepare to quickly respond in case of an actual threat exposure (AnalyticsInsight, 2022). One of the main strategies used to safeguard and protect their systems from attacks has been hiring qualified talent in different cybersecurity fields, such as pen testing, incident response and digital forensics. However, this process has been hard to achieve as not only the talent gap exists, but also the recruiting processes commonly known to companies, have made it difficult to find the cybersec talent required (Alina, 2022).

Ordinary recruiting processes often consist of having several filters in which candidates are analyzed and selected according to their bachelor’s degree or number of certificates, rather on whether the candidate has the skills and experience required for the job. Moreover, companies generally struggle to find a vast pool of talents, as these often live in closed communities where finding a job might be especially hard (Lake, 2022).

Below are some tips you might want to consider when seeking to successfully find, hire and retain cybersecurity talent:

1.       When looking for talent, try reaching out to cybersecurity communities (such as events, conferences, or hacking competitions) and talent platforms such as Seccuri.

2.       If you are looking to widen your pool of cybersecurity candidates, try searching for diverse groups, such as women,who are currently working in cybersecurity.

3.       Create clear job descriptions thatmatch the skills required by your organization.

4.       Be flexible regarding formalrequirements (bachelor’s degree, certifications, etc.). Many talent have hands-on experience or end up learning cybersecurity skills themselves.

5.       When reviewing a candidate, check their technical contributions in their previous jobs. Also check if they are involved in any cybersecurity community, as this might be an indicator that the talent is working towards building their cybersec career.

6.       Make sure you are enhancing your organization’s brand name. By having a strong and recognized brand in themarket, communicating your values, and highlighting the benefits it grants to employees, talents will be more attracted to applying to your job positions.

7.       Once the talents have been hired, invest in training and retention by providing them effective training programsto improve their current skills. Also try keeping them engaged by giving them career growth opportunities and offering attractive compensations.

In an interview conducted by Bessemer Venture Partners, Netflix’s former Info Sec leader, Jason Chan, layed out what he calls the six “green flags” to look out for when hiring your cybersecurity team leaders (Enterprise, 2022).

These greenflags include targeting candidates who:

1.       Can be a cross-functional team player: this person ideally has both soft and hard skills and can easily communicate with stakeholders.

2.       Are approachable and empathic: someone easily approachable to teams across the organization.

3.       Able to manage functional experts: a candidate who understands customer security (ie. cloud infrastructure) and company security (ie. sistems required for day-to-day operations).

4.       Drives proactive and reactive strategies: someone who can offer both proactive and reactive solutions to guarantee the required protection to the organizations’ assets.

5.       Has strong values and soft skills

6.       Operationalize transparency: a candidate who, through communication, prioritization and integrity can help develop an organizational culture based on transparency.

Try keeping in mind these suggestions when searching for the cybersecurity talents your organization needs and always remember to invest important efforts in their retention!

References:

Alina.Bolton. “5 Tips for Hiring and Retaining Top Cybersecurity Talent - Blog.”GlobalSign, 21 Oct. 2021,https://www.globalsign.com/en/blog/5-tips-hiring-and-retaining-top-cybersecurity-talent.

Analytics Insigth. You Are Being Redirected..., 2022,https://www.analyticsinsight.net/cybersecurity-hiring-tips-10-tips-to-hire-a-cybersecurity-professional/.

Enterprise.“How to Hire and Build Your Cybersecurity Team.” Bessemer Venture Partners, 9Jul.2022, https://www.bvp.com/atlas/how-to-hire-and-build-your-cybersecurity-team?utm_source=mailchimp&utm_medium=organic&utm_campaign=how-to-hire-and-build-your-cybersecurity-team.

Lake,Sydney. “Companies Are Desperate for Cybersecurity Workers-More than 700KPositions Need to Be Filled.” Fortune, Fortune, 30 June 2022, https://fortune.com/education/business/articles/2022/06/30/companies-are-desperate-for-cybersecurity-workers-more-than-700k-positions-need-to-be-filled/.