Industry insights

5 tactics to improve cybersecurity hiring results

Drew Robb
April 10, 2022 by
Drew Robb

Hiring is certainly not as straightforward as it used to be. According to the Skillsoft IT Skills and Salary Report 2021, 76% of IT decision-makers experience critical skills gaps on their teams, a 145% increase since 2016.

The Infosec IT and Security Pipeline Study found that 92% of respondents reported challenges filling open cyber positions. And a Gartner survey found that nearly 60% of HR leaders reported that building critical skills and competencies will be their number one priority in 2022. 

Should you pay the ransom?

Should you pay the ransom?

Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.

Clearly, hiring is a major issue these days. But what should be done about it? Here are five hiring tactics that might help HR change the game.

1. Focus on cybersecurity skills, not roles 

Mark Whittle, an analyst at Gartner’s HR practice, suggested structuring talent management around skills, not roles. After all, almost half of HR managers admitted to not knowing what skills gaps existed among current employees. Another 40% said they could not develop skill development solutions fast enough to meet evolving skill needs. 

With Gartner data revealing that new skills are replacing old ones — nearly one in three skills needed for a job in 2018 will not be needed by 2022 — an understanding of skills may be one of the keys to solving the hiring problem. 

“Forward-thinking HR functions are closing development gaps and creating a more adaptable workforce by adopting a skills-centric approach to talent management,” said Whittle.

2. Devalue cybersecurity experience 

The Infosec report unearthed an interesting tactic used by successful hiring managers: 44% said they were more likely to consider candidates with no previous experience

A common gripe of the younger generation is that they struggle to find work as they have limited experience. Almost every position advertised carries with it a minimum amount of experience. Yet those with the requisite years of work are often unwilling to accept entry-level salaries. This Catch-22 can be unlocked by going against the grain of traditional hiring practices: Be willing to hire inexperienced people. 

This also ties into point one above. By identifying skill gaps within the organization, inexperienced new hires can be given training programs that set them up for career success.  

3. Take resume scanning off automatic 

Most positions receive a lot of resumes. HR typically scans them, looking for keywords and conditions. Those without experience are binned. The rest are scanned for buzzwords such as cybersecurity, artificial intelligence or specific programming languages or platforms. This approach could be missing great candidates. 

“Look outside the box and beyond buzzwords and trendy topics,” said Greg Schulz, an analyst with StorageIO Group. “You might find people with similar skill sets that have experience with the fundamental topics that used different terms.” 

He gave the example of a job offering for a new position related to the internet-of-things (IoT). There are relatively few people in the market that have such skills. HR might end up paying top dollar. However, Schulz suggested delving more closely into resumes. Older and more established skills such as Supervisory Control and Data Acquisition (SCADA) have many similarities to IoT. If HR included SCADA in their background, they might find an IoT position easier to fill and at a lower salary rate. 

 “HR needs to become ‘multilingual’ concerning technology, tools and the latest IT buzzword trends,” said Schulz. “There could be diamonds in the rough right under HR’s nose.”

4. Embrace the older workforce

Older workers are often neglected in the hiring process. Many in HR in their twenties and thirties think anyone over 40 is ancient. Consequently, those in their 50s and 60s might not find their resumes getting much response. 

Yet younger workers are far less loyal than they used to be. As one manager said the other day, “I’ve had to hire 25 young people for the same entry-level position over the past 25 years — they quickly move on to pastures new.” 

Therefore, those scanning resumes should be discouraged from ignoring anyone over a certain age. Older workers are likely to be more appreciative of a new position and be more likely to stay longer. 

5. Grow your own cybersecurity candidates

It is a lot cheaper to clean your own house, fix your plumbing and paint your own house than it is to hire someone else. Similarly, it is far more expensive to hire top talent than to grow your own. Taking on entry-level personnel and training them on desirable skills is a smart, long-term strategy. 

Similarly, partnering with local educational establishments is a good way to turbocharge the talent pipeline. Brian Murphy, CEO and Founder, ReliaQuest, cites meaningful skills initiatives like Microsoft’s work with community colleges and his own company’s work with 3DE high schoolers as examples of ways to be more proactive in creating new skills. 

“These education-based efforts aim to encourage the next generation of the workforce to take interest and gain critical skills to shape the future cyber workforce,” he said. 

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.


Drew Robb
Drew Robb

Drew Robb has been writing about IT, engineering and cybersecurity for more than 25 years. He's been published in numerous outlets and resides in Florida.