Professional development

How to work with HR or recruiters to improve your cybersecurity hiring strategy

Daniel Brecht
April 9, 2020 by
Daniel Brecht

Is there a talent gap in your organization?

With the IT security industry’s skills shortage and the high demand for advanced cybersecurity pros, finding those who possess the traits of an “ideal candidate” has become a challenge for many companies and organizations. In fact, the ISACA State of Cybersecurity 2020 “shows little progress—and, in some cases, worse results—when it comes to cybersecurity hiring and retention.” 

According to ISACA, 57% of the surveyed professionals say they have unfilled cybersecurity positions on their team and 62% actually report being understaffed. 66% lament difficulties in retaining talents who are either recruited by other companies or leave because of the high-stress level that comes with the job or the lack of development opportunities, financial incentives and management support.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

When positions are open and applicants screened, companies are often faced with candidates that do not seem like a good fit for the vacancy. Lack of IT knowledge, business insight, technical experience or even the proper soft skills plague the pool of applicants. According to ISACA’s research, 70% of companies believe fewer than half of cybersecurity applicants are well qualified and 32% actually believe that it takes six months or more to fill an open cybersecurity position with a qualified candidate.

Creative ways to attract and engage potential candidates 

So, how can CISOs improve their recruiting strategy and find the right candidate to complement their existing cyber security team? Being creative in the search is obviously a bonus, with a number of initiatives that can help companies in the long run. Options include a partnership with schools and universities, widening the pool by improving diversity and hiring from within by developing internal talents.

Enhance your security department with an internship program

Structuring a successful internship program will not only give interested students much-needed on-the-job experience in a particular role, organization or industry sector, but can fill the gaps by having them work alongside IT security leaders. 

“Companies see this as an opportunity to hire low-cost, ambitious learners who also want to leave a great impression on the staff,” says Grant Collins, the author of Successful internship applicants will be able to demonstrate soft skills and hard skills in a proper manner; in some cases, the organization may offer them a job. 

Similarly, apprenticeship programs are also traditionally built by companies to train employees for critically-needed occupations. “The organization pays them to learn their systems, adapt their preferred skill sets, and in the end, employ a highly-skilled worker,” says Mandy Gilbert, chief executive of Creative Niche.

Consider recruiting on social media

In the search for the right resources, the internal HR department can also employ a number of tools in order to better target the search or widen the reach. In addition to advertising job openings on the company career webpage and using an applicant tracking system (ATS), a software application that organizes recruitment by allowing users to post jobs, screen resumes and track applicants, they can consider using social media recruitment “to advertise jobs, find talent, and communicate with potential recruits about company culture.” 

For example, it’s possible to create job postings with Facebook or use Twitter ads as part of a successful recruiting strategy. Social recruiting is becoming a key part of HR departments; according to a CareerBuilder national survey in 2017, 70 percent of employers already use social media to screen candidates before hiring. In addition, “employers who use social networking sites are looking for information that supports their qualifications for the job (61 percent) […] More than 4 in 10 employers (44 percent) have found content on a social networking site that caused them to hire the candidate.”

Most important: Make sure your recruitment plan is sound

The most important tool at the disposal of the HR teams and company management, however, is a sound recruitment plan that outlines a strategy for finding, screening and hiring new employees and provides a clear direction. 

However, according to a 2020 ISACA study, one of the issues that companies are facing when hiring cybersecurity personnel is their relationship with the internal HR team. 72% of surveyed companies indicated that the HR department does not regularly understand their needs. This is why it might be beneficial to rely on external HR recruiters.

How to hire the best candidate

When competing to find and attract highly developed talent, then the winning move might be to partner with HR recruiters. As Alex Holden, CISO at Hold Security LLC mentions, they “have connections and more access to the market to bring in those candidates […] He says recruiters are particularly valuable resources when looking for highly specialized talent or skills that are in exceedingly high demand.”

Using external, specialized recruiters might seem an unnecessary added expense, but a partnership with a recruiting agency might actually be cost-effective. Here are some key strategies that companies need to implement in order to make a partnership with recruiters more effective. 

Choose your recruiters wisely; make sure they can provide what you need

There are a large number of recruiters and headhunters available on the market, so it is important to choose not only according to the set budget, but also to the type of services that are offered. HR recruiters, in fact, have different approaches. Some have databases with large quantities of data and screen candidates using keywords; others target professionals through LinkedIn and similar professional sites; still, others have more personal relationships with professionals in certain fields and might be valuable when hiring for highly technical or senior positions.

Be clear about your security team’s needs

HR recruiters need to be treated like partners in the search for the right candidate. In order for them to assess who best suits the open role and might match the organization’s requirements, it is important that they are given plenty of information on the type of role the talent is expected to cover. For example, they need to know which soft skills and technical skills the company is looking for and whether he or she will be part of a larger team or working independently. 

All this information will be valuable in helping the recruiters target and focus their search so as to prevent delays and added costs.

Involve your HR team in the selection process

The best way to give clear guidelines to the external recruiters is actually involving the internal HR team. Not only can they offer precise information on compensation packages, development opportunities and career progression, but they can also provide invaluable insights into the company culture.

Establish long-term relationships with recruitersyou’ll likely use them more than once!

Knowing that cybersecurity professional retention is an issue, it is a great idea for companies to strengthen relationships with recruiters who worked well on previous projects. Having even more than one option is a good idea, especially for larger companies with several different roles to cover, as each agency can bring a different set of skills and a different type of applicant pool. 

It is important, then, to choose companies that not only help recruit the right talent but also follow up post-hiring to share lessons learned as well as successes and difficulties encountered during recruiting. This will enable the recruiters and company to fine-tune strategies for future occasions. 

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.


As organizations today compete fiercely for talented cybersecurity professionals with essential skills, they might find that partnering with HR recruiters could be a cost-effective option to keep their teams staffed and qualified.

Finding the right recruiting agencies, however, will require careful vetting and being very clear on the characteristics of the right employee that would best fit the organization and the vacancy. It is also important to involve the internal HR team so that they can clarify the essential qualities that a candidate will need to possess, the right set of skills, knowledge and qualifications, as well as personality traits to help the organization move forward and meet its objectives. These are all essential steps companies can take in order to arrive quicker at successful hiring.

Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.