Security Staff Acquisition & Development, Leadership

Key Questions to Ask Your Cybersecurity Recruiter

By Katherine Teitler

In any given month, how many of your security colleagues leave their current company to go work for another? In any given week, how many calls/emails/social media requests do you, personally, receive from recruiters wanting to know if you’re looking for “a better opportunity”? If you’re a hiring manager, how many jobs on your team do you currently have open? How many do you expect to have open in the next 6-12 months?

There is no question that the cybersecurity job market is hot. Experienced practitioners are in high demand, leaving recruiters and HR professionals clamoring for top talent. While it may be tempting (and flattering) as a job seeker to prospect every opportunity, you’re probably currently employed and therefore must choose wisely between invitations for exploratory calls. If you’re a hiring manager trying to fill roles on your team, you’re likely already strapped with additional responsibilities—those which would be assigned to the now-vacant position—and thus don’t have much time for the groundwork required to identify standout candidates.

Recruiters seem to be a dime a dozen, and every practitioner has received out-of-the-blue requests to speak about a job that nowhere approximates their current skill set or interests. Take, for example, this email that was sent to a security colleague who is a penetration tester living in Southern California:

Unfortunately, the desperate measures of a few give a bad name to the lot. That said, a recruiter can be your best resource if you’re looking for a new job or if you have positions to fill. You just have to find the right person/firm to represent you.

To help sort the wheat from the chaff, Infosec Insider spoke to Deidre Diamond, Founder of, a cybersecurity-specific staffing firm, and brainbabe, a platform for empowering women in security, to learn her recommendations for hiring a superstar cybersecurity recruiter.

What are the top reasons a company would use your services to recruit cybersecurity talent?

Diamond says that the network she and her team have built, coupled with their dedicated expertise in cybersecurity, are the biggest reasons firms turn to them for help. Because the CyberSN team specializes in cybersecurity recruiting, every recruiter in the company speaks the language of security—they understand common terms, the idiosyncrasies, and the demands of working in cybersecurity.

Internal HR and recruiting teams or generalist recruiting firms, on the other hand, need to understand a little bit about a lot of job categories, which spreads thinly over time. Security has “a unique language that is difficult because it is both technical and business,” says Diamond, and security hiring managers and candidates can become frustrated if a recruiter can’t relate or approaches the position with a checkbox-like mentality.

To help their team be more successful, CyberSN built a software product they call (unambiguously) Job Builder. It walks recruiters through all the technical and non-technical questions pertinent to security professionals’ job requirements so they can be sure they understand the complexities of the field.

One of the keys to a productive relationship with a recruiter is knowing that the recruiter understands your needs, whether you’re a job seeker or a hiring organization, so find someone who spends time in the community learning about the field.

{tweetme}One of the keys to a productive relationship with a recruiter is knowing that the recruit understands your needs, whether you're a job seeker or a hiring organization. #InfoSecInsider #infosec{/tweetme}

Why don’t companies use an agency for hiring?

It’s exactly what you would expect, says Diamond: Money. Companies look at the sticker tag and think they’ll save money by trying to hire using internal resources. Especially in smaller companies with fewer resources—including a dedicated HR and/or recruiting department—cost “savings” can be grossly miscalculated.

On average, says Diamond, once a company approaches her firm, a role is filled within 42 days—just slightly more than one month. In contrast, companies that hire recruiting agencies do so having spent an average of six months trying to fill the role internally. The cost of having a role open for an extended period is difficult to calculate (as compared to a defined cost that can be negotiated with an agency), but in addition to the monetary outlay, “undervaluing what it means from a productivity and culture perspective,” says Diamond “stresses your organization, puts the company in a position where you risk losing other valuable employees who are overworked and not compensated for doing so, and sends a message that you are not committed to filling that position.”

However you look at it, unless the company already has a candidate in queue, who has been vetted, and is prepared to accept a position if it’s offered (e.g., an internal hire or someone known to the hiring team/manager), enlisting a staffing firm will typically yield higher ROI and happier employees.

What are the most important questions to ask of a potential recruiting partner?

Not surprisingly, Diamond says to look for firms that specialize—those with individual recruiters who are part of the community, already have success stories with notable individuals in the field, and can speak the language and understand the peculiarities of security job requirements. Ask potential partners which local and national conferences and gatherings they participate in as speakers, sponsors, and attendees. Find out what percentage of their client base is outside the security field. Learn what they know about the industry, specifically, to determine if they’re going to prospect based on certifications versus true hard and soft skills.

“People are overloaded by email and social channels. If a recruiter doesn’t have a better way to cut through the noise,” warns Diamond, “their chances of success will be reduced.”

Another important criterion to investigate is whether the firm’s staffing agents share candidates. “A lot of firms are set up so that their staff competes internally,” says Diamond, and while this might motivate some recruiters to work harder, there is no upside for the hiring company or the individual job seeker. Recruiters should be doing all they can to find and place candidates, which often means working with colleagues and sharing information about a role or an individual. If a recruiter is going to hoard a candidate or job position because she/he thinks they could lose commission, the candidate/company is going to lose out on potential opportunities for placement. Look for firms that play as a team.

Finally, Diamond suggests working with agencies that aren’t only working on a contingency basis. Going the “retained route,” she says, allows her and her staff to gain a greater understanding of the company and its needs, and ultimately serve them better over the long term.  Create a fee structure that holds the agency accountable and keeps them looking out for your company even during down periods. Though you might not need a hiring partner 100% of the time, once you need that person/firm to hit “go” you’ll save a lot of time and effort by working with someone who has been engaged the entire time.

Don't forget to join us at InfoSec World 2018, March 19-21, 2018, to learn more about topics that will help you run the business of security.

Photo Credit:LinkedIn Sales Navigator

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.