Cybersecurity is under pressure. There are an increasing number of attacks, an increasing amount of regulation and a predicted skills shortage of 1.8 million workers by 2022. A key element to protection relies on hiring cybersecurity professionals. The war for talent in this space is intense, and there are some unique difference within cybersecurity recruitment that companies and recruiters need to consider.

Candidates expect knowledgeable recruiters.

While we all expect our recruiters to know about their industry, cybersecurity candidates expect the next level. Just knowing about the job or the client is not enough; they expect their recruitment partner to know details about a huge number of qualifications and different security tools. There are hundreds of different job types within cybersecurity, and candidates will expect you to understand the differences. Candidates are vocal about companies or recruiters who have not demonstrated a reasonable amount of knowledge and passion about the industry, and they will make their feelings public. Claiming to be an expert when you have only been recruiting in this industry for a few weeks could even find you blacklisted.

Unemployment doesn’t exist.

Unemployment within cybersecurity is effectively zero, according to our research. Candidates can obtain job offers very quickly, and there is a gap between the number of vacancies and the number of skilled people available. Companies have to work hard to attract candidates out of their current roles, and hiring managers have to convince candidates that their organizations are the best places to work. Keeping in mind that candidates need to be sold to can be a new concept for some, but one that will help your organization stand out.

The industry is making moves on diversifying.

Diversity — particularly gender diversity — has been a big topic within cybersecurity for at least the last five years. As with many industries, companies are committed to improving their diversity wherever they can. Some companies have implemented return-to-work programs, and some regions offer apprenticeships for those starting in the industry. What is different for cybersecurity is that this desire to improve has provided results. We discovered that the number of women in cybersecurity has increased from 11% to 18% since 2011.

Compensation is key.

Our research shows that salaries in cybersecurity, for certain roles, are increasing year on year. Chief information security officers (CISOs) can earn up to $1 million in basic salary alone. Paying the right amount for the role shows candidates that you understand their industry, which is very important to them. It also shows that you value the people in your security team. This goes above the normal requirement to make employees feel valued. Cybersecurity professionals are used to fighting for budget, for buy-in and to be taken seriously. They have a number of opportunities available to them, and demonstrating early on that they will have the required backing can be the difference between securing the candidate and losing them. In 2018, participants in our annual said that getting a salary increase was the No. 1 reason they would move jobs. Paying them appropriately stops your role from staying vacant longer than necessary.

Timing is essential.

Candidates can obtain multiple job offers within weeks of applying for a job. At the senior end of the market, this takes a little longer due to the number of roles available. They will still most likely have several opportunities tracking. While landing the right role with the right team and opportunity to learn is important, candidates are unlikely to wait when they have so many options. A timely recruiting process also tells them how easy they are going to find it to get decisions made when working for the company. With buy-in being an important element of their role, demonstrating they can expect this from the company could make the difference in securing your preferred candidate.

Weigh interim versus permanent.

For some roles, taking an interim role can be much more lucrative. Penetration testers are a good example of this: They can earn 50% more by taking a contract role over a permanent position. Keeping this in mind can help you secure talent more quickly. There are a few other areas of IT where contract roles dominate, but this is a key feature for a number of positions within cybersecurity. Knowing whether to make a role interim or permanent is a business decision, but considering the caliber of talent and overall cost is an important factor.

Knowing what makes cybersecurity recruitment different can help make the difference between securing the best talent and having a role vacant for longer than needed. With so much demand for talent, and that talent being so crucial to the success of the cybersecurity program, getting this right becomes strategically important to the business.

Sending
User Review
0 (0 votes)