5 Hiring strategies to attract cybersecurity talent

A lot changed in the post-pandemic landscape as work-from-home and hybrid work forced organisations to upgrade their infrastructure. A Check Point Research data on cyberattack trends says global cyberattacks increased by 38% in 2022 compared to 2021. Further, it said, small and agile hackers who exploited vulnerabilities in work-from-home environments drove these numbers. The work-from-home option opens up a lot of challenges for organisations. However, when they try to plug these security issues by hiring cybersecurity professionals, they come up against another challenge - shortage of talent! 

Here are some interesting data points from Cybersecurity Workforce Study 2022 by the International Information System Security Certification Consortium (ISC)2:

• There is a shortage of 3.7 million cybersecurity professionals globally
• 70% of respondents felt their cybersecurity team is understaffed
• 54% said this shortage is putting their organisations at moderate risk of cyberattacks

This report found that organisations that implemented initiatives, such as rotating job assignments, mentorship programs, and encouraging employees outside of cybersecurity to join the field, were least likely to have staff shortages.

Here are five hiring strategies you can explore to attract cybersecurity talent:

1. Focus on the job description

An (ISC)2 report titled Cybersecurity Hiring Managers’ Guide states unrealistic job descriptions as a significant cause of entry-level cybersecurity staff shortage. The report urges hiring managers to create realistic, winning JDs in collaboration with HR for junior roles as a best practice. This step involves being flexible about non-negotiable skills, dropping unnecessary certifications, using inclusive language, and emphasising the work as exciting and diverse.

A McKinsey article suggests organisations apply a four-step process to hire cybersecurity professionals. Start by identifying prioritised activities that help arrive at priority roles. Further, you can create the JDs for these roles and decide whether to upskill internally or hire externally.

Prepare the JD with details of the role and tasks, knowledge, skills, etc., using the National Institute of Standards and Technology (NIST)/ National Initiative for Cybersecurity Education (NICE) guidebook. 

2. Streamline hiring process to hire for skills

When qualified talent is scarce, you must change tack to hire for skills over degrees. A survey titled State of Cybersecurity 2022: Cyber Workforce Challenges by the Information Systems Audit and Control Association (ISACA) mentions soft skills as the top skill gap identified by 54% of industry leaders. Gauge the critical thinking and problem-solving skills of candidates through customised assessments. Once hired, train and encourage them to take up necessary certifications through employee development programs. Such initiatives boost retention, which 60% of industry leaders felt was the top challenge in this field.

3. Innovate on sourcing techniques

To find qualified cybersecurity professionals, you must go where they are and create your talent pool. Sponsor or participate in cybersecurity events such as after-work meetups, webinars, podcasts, conferences, etc. Have your employees speak at such forums or as guests on podcasts. It helps build a cybersecurity talent community. You can source credible referrals from these cybersecurity communities.

Conduct exclusive diversity and inclusion fairs as hiring trends in the cybersecurity industry indicate it seeks to increase its diversity ratio by hiring women. The (ISC)2 report quoted above mentions that only 19% of organisations that implemented DEI initiatives had significant cybersecurity staff shortages as against 34% of those who hadn’t or don’t plan to do so.

4. Create an intriguing challenge

One way to attract top talent is by creating compelling cybersecurity puzzles or hackathons that challenge bright minds. Create a cybersecurity challenge using real-life issues, requesting people to submit solutions through social media or specific platforms such as MyCareernet. Filter the participants based on their problem-solving approach, innovative thinking, etc., and then complete the hiring process. This strategy can effectively shorten the hiring time and also reduce costs.

5. Explore internships and train and hire options

Many educational institutions and EdTechs offer cybersecurity courses and certifications. Organisations can tie-up with such entities to pick bright students as interns and hire them based on their performance. Many industry experts espouse the train-and-hire approach as a credible cybersecurity hiring option. An example is the initiative launched by Microsoft Security to train 250,000 from under represented groups to support the diversification of the US cybersecurity workforce. The (ISC)2 cybersecurity workforce study 2022 found that 64% of organisations plan to invest in training.

While the cybersecurity staff shortage is a reality, some innovative approaches can bring about impactful changes in the industry. Talent acquisition professionals must work with the leaders to shape these strategies to ensure they reap rich dividends. Some of these may become the industry best practices for the future. 

References:

• https://www.forbes.com/sites/forbestechcouncil/2022/12/22/six-ways-to-pivot-hiring-strategies-to-attract-cybersecurity-talent/?sh=4f4371df742e
• https://fortune.com/education/articles/the-cybersecurity-industry-is-short-3-4-million-workers-thats-good-news-for-cyber-wages/
• https://www.nist.gov/system/files/documents/2020/10/30/HR%20One%20Pager%20Final.pdf
• https://www.isc2.org//-/media/ISC2/Research/2022/ISC2-Cybersecurity-Hiring-Managers-Guide.ashx
• https://cy9.io/cybersecurity-hiring-challenges-and-how-to-overcome-them/
• https://www.techrepublic.com/article/experts-chime-in-on-how-to-fill-vacant-cybersecurity-positions/
• https://enterprisersproject.com/article/2023/4/cybersecurity-new-talent-pipelines
• https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/securing-your-organization-by-recruiting-hiring-and-retaining-cybersecurity-talent-to-reduce-cyberrisk
• https://www.isc2.org/-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx
• https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/
• https://www.isaca.org/-/media/files/isacadp/project/isaca/resources/infographics/state-of-cybersecurity-2022-part-1-infographic_0322.pdf
• https://www.whitehouse.gov/ostp/news-updates/2022/12/12/fact-sheet-biden-harris-administration-announces-bold-multi-sector-actions-to-eliminate-systemic-barriers-in-stemm/