5 tactics to improve cybersecurity hiring results
Hiring is certainly not as straightforward as it used to be. According to the Skillsoft IT Skills and Salary Report 2021, 76% of IT decision-makers experience critical skills gaps on their teams, a 145% increase since 2016.
The Infosec IT and Security Pipeline Study found that 92% of respondents reported challenges filling open cyber positions. And a Gartner survey found that nearly 60% of HR leaders reported that building critical skills and competencies will be their number one priority in 2022.
Phishing simulations & training
Clearly, hiring is a major issue these days. But what should be done about it? Here are five hiring tactics that might help HR change the game.
1. Focus on cybersecurity skills, not roles
Mark Whittle, an analyst at Gartner’s HR practice, suggested structuring talent management around skills, not roles. After all, almost half of HR managers admitted to not knowing what skills gaps existed among current employees. Another 40% said they could not develop skill development solutions fast enough to meet evolving skill needs.
With Gartner data revealing that new skills are replacing old ones — nearly one in three skills needed for a job in 2018 will not be needed by 2022 — an understanding of skills may be one of the keys to solving the hiring problem.
“Forward-thinking HR functions are closing development gaps and creating a more adaptable workforce by adopting a skills-centric approach to talent management,” said Whittle.
2. Devalue cybersecurity experience
The Infosec report unearthed an interesting tactic used by successful hiring managers: 44% said they were more likely to consider candidates with no previous experience.
A common gripe of the younger generation is that they struggle to find work as they have limited experience. Almost every position advertised carries with it a minimum amount of experience. Yet those with the requisite years of work are often unwilling to accept entry-level salaries. This Catch-22 can be unlocked by going against the grain of traditional hiring practices: Be willing to hire inexperienced people.
This also ties into point one above. By identifying skill gaps within the organization, inexperienced new hires can be given training programs that set them up for career success.
3. Take resume scanning off automatic
Most positions receive a lot of resumes. HR typically scans them, looking for keywords and conditions. Those without experience are binned. The rest are scanned for buzzwords such as cybersecurity, artificial intelligence or specific programming languages or platforms. This approach could be missing great candidates.
“Look outside the box and beyond buzzwords and trendy topics,” said Greg Schulz, an analyst with StorageIO Group. “You might find people with similar skill sets that have experience with the fundamental topics that used different terms.”
He gave the example of a job offering for a new position related to the internet-of-things (IoT). There are relatively few people in the market that have such skills. HR might end up paying top dollar. However, Schulz suggested delving more closely into resumes. Older and more established skills such as Supervisory Control and Data Acquisition (SCADA) have many similarities to IoT. If HR included SCADA in their background, they might find an IoT position easier to fill and at a lower salary rate.
“HR needs to become ‘multilingual’ concerning technology, tools and the latest IT buzzword trends,” said Schulz. “There could be diamonds in the rough right under HR’s nose.”
4. Embrace the older workforce
Older workers are often neglected in the hiring process. Many in HR in their twenties and thirties think anyone over 40 is ancient. Consequently, those in their 50s and 60s might not find their resumes getting much response.
Yet younger workers are far less loyal than they used to be. As one manager said the other day, “I’ve had to hire 25 young people for the same entry-level position over the past 25 years — they quickly move on to pastures new.”
Therefore, those scanning resumes should be discouraged from ignoring anyone over a certain age. Older workers are likely to be more appreciative of a new position and be more likely to stay longer.
5. Grow your own cybersecurity candidates
It is a lot cheaper to clean your own house, fix your plumbing and paint your own house than it is to hire someone else. Similarly, it is far more expensive to hire top talent than to grow your own. Taking on entry-level personnel and training them on desirable skills is a smart, long-term strategy.
Similarly, partnering with local educational establishments is a good way to turbocharge the talent pipeline. Brian Murphy, CEO and Founder, ReliaQuest, cites meaningful skills initiatives like Microsoft’s work with community colleges and his own company’s work with 3DE high schoolers as examples of ways to be more proactive in creating new skills.
“These education-based efforts aim to encourage the next generation of the workforce to take interest and gain critical skills to shape the future cyber workforce,” he said.
Phishing simulations & training
Sources
- Skillsoft IT Skills and Salary Report 2021, Global Knowledge
- Top 5 HR Trends and Priorities for 2022, Gartner
- ReliaQuest, ReliaQuest
- America faces a cybersecurity skills crisis, Microsoft
ChatGPT training
In this Series
- 5 tactics to improve cybersecurity hiring results
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization