Good IT talent is hard to find. You know whats even more difficult? Finding good cybersecurity talent. Demand for skilled cybersecurity professionals is growing at an astonishing rate — four times faster than the IT jobs market and 12 times faster than the overall labor market, according to research from Burning Glass Technologies.
Unfortunately, supply isnt keeping up with demand, according to online cybersecurity training and MOOC platform Cybrarys Cyber Security Job Trends Survey for 2016. Of the 435 senior-level technology professionals who completed the survey between October and December 2015, 68 percent affirmed that there is a global shortage of skilled cybersecurity professionals. Only 13 percent of companies said there was an abundance of cybersecurity talent in their local areas.
Using the same old sourcing and recruiting tactics isnt going to work — what you need are, well, hacks who can help you better attract and retain critical cybersecurity talent and skills. Here are eight approaches to finding cybersecurity talent.
1. Create and maintain an active social presence
Were all familiar with social and professional networks — LinkedIn, Twitter and Facebook are your big three. You want to be there, but you also want to find social professional networks that are focused on verticals, like cybersecurity. You want to find forums, web sites, discussion groups, even Reddit can be a great place to start conversations, says Trevor Halstead, product specialist in Talent Services, Cybrary.
Cybersecurity pros differ from other IT talent in that their online presence will be much more guarded, much more specific and much more secure, Halstead says. They know exactly how vulnerable humans are on the Internet, so theyll be more careful with their interactions. You have to go where they are, on their terms, to even begin a conversation, he says.
2. Engage young and entry-level talent
Chances are, youve got a stable of young, eager and energetic IT talent already working with your company. Dont miss out on the opportunity to mentor and grow those individuals with the company and develop them into seasoned cybersecurity pros, Halstead says.
Pique their interest early, and help them realize the potential to engage in challenging work, as well as growth and development. You can offer training, education and mentoring; you can partner with online and/or local cybersecurity training providers and send them to security-focused conferences and meetups, Halstead says. Youre going to pay for your talent to further their education and training anyway, right? Why not steer them toward security?
3. Consider not requiring a bachelors degree
Is a bachelors or masters degree really necessary for your talent? In some cases, the answer is no. If IT and security talent can prove they are proficient in the skillsets you are looking for, then whats holding you back from hiring them? Halstead says. This is where hackathons, bug bounties (offering prizes or other compensation to IT pros who identify and fix security flaws) and other competitions can be helpful in both attracting and screening potential cybersecurity talent.
Consider partnering with a site like online recruiting platform HackerRank, which allows companies to develop code challenges to test programmers skills. HackerRank recently launched a jobs platform with a limited number of companies to help connect developer talent with open roles; its a great way to gauge the skills you need against the talent pool available.
[ Related stories: Closing the cybersecurity talent gap, one woman at a time ]
4. Highlight your companys projects, tools amp; technologies
Your HR department should enlist the help of an unlikely ally in the search for cybersecurity talent — marketing, says Leela Srinivasan CMO at recruiting and applicant tracking system software company Lever.
Recruiting and marketing should be partners here, to make sure theyre standing out as a company and targeting the right people. There seems to be a huge awareness gap of the opportunities in the cybersecurity space, so make sure youre building your brand as an employer of choice for cybersecurity talent, she says.
That could mean emphasizing specific technology tools you use, blogging about how your team solved a security problem, or discussing how you integrated emerging security technologies, says Halstead.
5. Be a thought leader
Get your CIO, CSO and CISO (if you have them) to conferences, meetups and hackathons; blog regularly about cybersecurity issues and stay on top of the most pressing issues and vulnerabilities out there, says Halstead.
Position yourself and your company as a thought leader in this space. You can detail how these attacks might affect your industry, what kinds of skills and experience you need to defend against cybercriminals — start participating in these conversations, he says.
6. Dont rely on salary alone
Salary alone may not be enough to attract or keep the talent, but that doesnt mean you should be stingy, Halstead says. Cybrarys survey respondents revealed that 50 percent of companies pay their average cybersecurity worker $25,000-$50,000 per year, 21 percent said $50,000-$75,000 per year, 17 percent said $75,000-$100,000 per year, and 12 percent said that their average cybersecurity worker makes more than $100,000 per year.
Many cybersecurity pros want to be working in exciting and challenging areas of cybersecurity; most also know exactly how in-demand their skills are and know exactly what theyre worth, he says. It is well worth paying one and a half or even twice what you pay other IT roles to land talent thats critical for protecting data and defending against crippling attacks, he says.
[ Related stories: Dont overlook your biggest security flaw: your talent ]
7. Interact within the cyber security community on their terms
While you want to be involved with sites frequented by cybersecurity professionals, you want to do whatever you can to avoid heavy sales pitches, obvious marketing ploys or gimmicky actions — most IT professionals will see right through you, and you could end up getting blocked from forums or banned from certain sites. Engage with other security pros as a peer or, better yet, enlist security talent you already have to do some outreach. If you can offer a great place to work, autonomy, challenging problems and a decent salary, youll be ahead of the game, says Halstead.
You also can create company videos and virtual job listings; produce webinars highlighting your areas of expertise and your products; give talks at security meetups or participate in cybersecurity conferences — anywhere cybersecurity professionals go, you want to be there, he says.
8. Be patient and get creative
Finally, while the cybersecurity skills crunch is serious, its also a unique opportunity for companies to create fresh recruiting and hiring strategies, Halstead says. Be patient, and get creative. Remember, everyone is competing with one another and struggling to find the right fit from the same pool of available talent. Finding unique ways of getting in front of those people can be challenging, but it can also be energizing and even fun, he says.