It’s reasonable to correlate the quality of the talent acquisition process to the quality of employees in the company– which is tied to the success of the company. Yet, there is currently a shortage of qualified experts in field of cybersecurity and there has been for quite some time. And while tech companies have pulled back the reins on hiring tech talent due to the economic consequences of the coronavirus outbreak, reports CBNC , more emphasis is being placed on preserving team member jobs and revitalizing the hiring process as we all prepare to re-open and heal. Out of the chaos of recent events comes opportunity and tech companies are showing more resilience than ever as tech leaders identify pragmatic ways to staff up. We’ve got three foundational tips to help hiring managers and senior cybersecurity / IT leaders fill their cyber talent and candidate pools with qualified professionals who not only look good on paper, but can demonstrate their qualifications.
But before we dig into those recommendations, let’s establish some context first.
State of the cybersecurity talent in the tech sector
The role of the cybersecurity professional continues to develop and gain more authority and responsibility as the security landscape and the integration of business and technology evolves.
When we look at the current climate of cybersecurity jobs in the U.S., we see bleak yet in-demand overtones. Finding qualified cyber talent and candidates is very much like searching for a needle in a haystack for hiring managers and recruiters.
- It takes an average of 3-6 months to fill a cybersecurity job position (Dark Reading )
- In 2019, there were over 700,000 unfilled IT jobs in the U.S. (CNBC )
- Employment of computer and information technology occupations is projected to grow 12 percent from 2018 to 2028 (Bureau of Labor Statistics )
While all companies likely struggle to find qualified cyber talent, the technology sector has its own unique set of challenges that are important to discuss and be aware of. Emerging technology, disruptive tech, the sheer evolution and the fast-paced nature of the industry make it hard to find candidates who have experience and knowledge in specialized areas of technology–many of which are just now becoming adopted into businesses.
- Systems and cybersecurity analysts are the leading tech occupation jobs in the U.S. today, sitting at over 740,000 (U.S. Bureau of Labor Statistics, EMSI, and CompTIA; estimates for 2019 ).
- The skills gap for cyber professionals is most clear in the technology sector, reports Forbes .
- IT employment dropped 5,300,000 jobs, the single largest month drop since March 2009 (TechServe Alliance ).
IT, security managers, operators and human resource leaders realize that:
- they need to focus on filling positions with quality candidates who can demonstrate their skills in a skills-deprived landscape
- to achieve that objective, more can be done in the recruitment and hiring phase.
Okay, let’s talk about those recommendations now. And if you have more suggestions based on what’s worked with your company, let us know!
Promote from within
The first logical step in filling a cyber position is to promote from within the company. It saves on time and cost to recruit. There may be IT generalists in your company who desire to take their career to a new level in cybersecurity and you’re just not aware of it (…and may have the aptitude and willingness to learn).
If an IT generalist is interested in filling a needed cybersecurity position (e.g. information security engineer, network architect, systems analyst), consider giving them a project to test their skills and ambition and see how they do. More on this in a second.
To promote from within, ensure you’ve communicated the requirements of the position clearly to the company across all departments. People in cybersecurity positions come from all walks of life: computer science, history, military, political science, yes, even fields like philosophy. Yet they all have one thing in common: They share a deep and abiding interest in how technology works, notes Cyber Degrees .
So find those individuals who are looking to grow into a new position within the company and interview them. You may be surprised to learn there are passionate people willing to learn and grow, right in your own company ‘backyard.’
Test skills during the interview process
Allow candidates the opportunity to demonstrate what’s on their resumé. Online cyber training platforms like Project Ares can help HR managers and decision makers ‘see’ how a prospect might tackle a realistic cybersecurity issue.
· Evaluate candidate skills in real-time against resumé credentials
· Assess cyber competencies against other candidates and co-workers
· Identify strengths in cyber technique, tactics, and procedures
By completing a set of tasks or activities that put skills like digital forensics, Linux skills, ports and protocols, and regular expressions work, candidates can show employers what they know and how they work before they even move on to a second or third interview. It’s one thing to talk about your experience, it’s another to actually apply it in a realistic setting.
Use Project Ares to support internal hiring processes
Circadence’s Project Ares platform helps HR decision makers assess candidate skills and competencies in various aspect of cybersecurity. And the platform can work for both internal recruitment and external recruitment. If promoting from within and you identify interested candidates who may or may not have a rich cyber background, you can use the platform’s cyber learning games and foundational scenarios to learn aspects of cybersecurity and security operations in ‘safe’ cyber range environments. If candidates demonstrate a willingness to learn in the platform, that is a good sign. If they are able to follow the guidance and instructions and apply critical thinking to complete the scenarios in the platform, even better. Hiring mangers can literally ‘see’ how an internal candidate responds to the act of learning and one can glean a lot about a candidate’s fit for the position simply through this effort of cyber aptitude testing.
Use Project Ares to support external hiring processes
The same applies for external hiring of cybersecurity professionals. Hiring managers and cybersecurity leaders can use Project Ares foundational and specialized scenarios to teach certain cyber skills they are looking for. If you’re looking to fill a position that aligns to a NIST/NICE work role, several exercises in the platform can address those specific skill sets. Further, the Assessment Reports can help HR professionals evaluate candidate strengths and compare those results against other candidates who have engaged in the platform to identify the best company cultural fit and skills fit.
· Nurture qualified candidates in the platform
· Retain top talent with professional skills development efforts in the platform
A Wall Street Journal article , sums up the ‘what’s next?’ to these challenges, succinctly:
Tom Gimbel, CEO of LaSalle Network Inc., a technology staffing and recruiting firm, said that once the crisis fades he expects a rebound in tech hiring as businesses seek out technology tools to cut costs and eke out efficiencies during a prolonged economic recovery.
“While new product implementations will slow down, we will see strong hiring of corporate IT, infrastructure, development and security roles,” Mr. Gimbel said.