Our country faces a cybersecurity jobs crisis. Today, employed cyber professionals are unhappy and overworked, and turnover rates are high.
CISOs last only 18-24 months on the job and 41% of workers in all fields globally are now looking to change jobs.
Despite this job dissatisfaction and so many professionals looking for new opportunities, it still takes an average of eight months to fill an open cyber position. It’s clear that something’s not right with the cybersecurity job search and hiring system. Here are five ways cyber hiring managers can improve the hiring process and more quickly find the talent their company needs:
Most cybersecurity job descriptions are written by copying and pasting prior roles or details and rarely reflect a job’s real tasks and projects. The end results are vague job descriptions that are difficult to understand and unattractive to candidates. Resist the temptation to combine multiple roles into a Frankenstein job. Instead, take the time to draft the job description from scratch, making sure it’s an honest and accurate assessment of the position. Only list the experience that’s absolutely required and avoid a long wish list of skills. In doing so, the company will receive the largest pool of qualified candidates.
This may seem obvious, but make sure to include the salary in the job description, or at least a range. People don’t want to waste their time applying for a job only to find out they are under or overqualified based on compensation, and company hiring managers don’t want to waste their time either.
Highlight the company’s official work-from-home policy. Most cyber professionals worked successfully from home during the pandemic, so remote work has become expected. Take an inventory of all the other advantages and flexible benefits the company has to offer and promote them from the very beginning.
We still have an immature hiring process in the cybersecurity industry. If HR teams don’t understand cybersecurity, they can’t possibly screen potential candidates. As the hiring cyber manager, sit down with the HR team to discuss the open positions and hiring goals. Agree on the specific ways that HR will support the security team, and what the cyber hiring manager will do.
Resumes are still the primary way that people present themselves to prospective employers, but unfortunately resume screening software has become a huge contributor to today’s cybersecurity career problems. This software uses keyword matches and other proprietary formulas to filter job applicants, and it’s often inaccurate. New research by Harvard Business School found that 90% of companies believe highly-skilled prospects are being weeded out because they don’t meet all the criteria listed in their job description. This has become a real challenge, especially for an industry suffering from an extreme skills shortage.
Discuss with HR the search keywords, and minimal experience required. Make sure they understand the language in the job description and how to evaluate the incoming resumes. With a shared understanding of role names and their relation to one another, HR and hiring teams can more effectively communicate and screen new hires for the right skills and industry experience, saving time and money in the process.
Even with the right job description and language, companies still can’t just rely on people finding them. Companies must also make the effort to find people. Take advantage of social networks to seek out professionals whose backgrounds look interesting and discuss available jobs with them. Craft a compelling story and see where it leads, qualified candidates may emerge.
Networking has become so much easier today. We no longer have to jump in a car, train, or plane to attend events. There are lots of cyber organizations and events throughout the U.S. and abroad. Join the local ISSA or ISC2 chapter. Look into ISACA or InfraGard. Get involved. Every cybersecurity group or event needs help. Getting the CISO to volunteer or speak on a topic they are passionate about will elevate the company’s voice, stature, and credibility, making the company a much more attractive employer. Consider this a way to meet a lot of interesting people and hopefully some potential candidates.
In the cybersecurity job market, we’ve found that retaining cybersecurity talent is actually more difficult than finding good people. Companies don’t want to spend significant time and resources training a new hire only to watch them leave after six months.
To help retain employees at your organization, consider the following best practices: Lay out and define career advancement paths for each position and employee; promote work-life balance including remote working options; embrace inclusivity as part of the company’s culture; empower employees to make their own decisions and share ideas; invest in cyber specific training and allow workers to explore their specific areas of interest; and invest in training (especially EQ skills) for all cyber employees, especially managers.
Stay proactive and talk about these opportunities during the interview. Describe how the candidate can take advantage of these opportunities to learn and advance in their career. Get them to visualize long term growth and success with your company, and then work hard to make that a reality once they come onboard.
With a lack of qualified professionals to address unfilled positions, many organizations make poor hiring decisions out of desperation. Don’t let that happen. Communicate clearly and take advantage of all the company’s resources both inside and outside the company. It’s not easy, but talented people are out there looking for the right opportunity.
Mark Aiello, President, CyberSN