8 tips for recruiting cybersecurity talent

Finding cybersecurity talent isn't easy, but it's even harder if you use the same methods that work for other IT talent specialties. Here's how to get it right.

security trust
Credit: Thinkstock

Good IT talent is hard to find. You know what's even more difficult? Finding good cybersecurity talent. Demand for skilled cybersecurity professionals is growing at an astonishing rate -- four times faster than the IT jobs market and 12 times faster than the overall labor market, according to research from Burning Glass Technologies.

Unfortunately, supply isn't keeping up with demand, according to online cybersecurity training and MOOC platform Cybrary's Cyber Security Job Trends Survey for 2016. Of the 435 senior-level technology professionals who completed the survey between October and December 2015, 68 percent affirmed that there is a global shortage of skilled cybersecurity professionals. Only 13 percent of companies said there was an abundance of cybersecurity talent in their local areas.

Using the same old sourcing and recruiting tactics isn't going to work -- what you need are, well, hacks who can help you better attract and retain critical cybersecurity talent and skills. Here are eight approaches to finding cybersecurity talent.

1. Create and maintain an active social presence

"We're all familiar with social and professional networks -- LinkedIn, Twitter and Facebook are your big three. You want to be there, but you also want to find social professional networks that are focused on verticals, like cybersecurity. You want to find forums, web sites, discussion groups, even Reddit can be a great place to start conversations," says Trevor Halstead, product specialist in Talent Services, Cybrary. Cybersecurity pros differ from other IT talent in that their online presence will be much more guarded, much more specific and much more secure, Halstead says. They know exactly how vulnerable humans are on the Internet, so they'll be more careful with their interactions. You have to go where they are, on their terms, to even begin a conversation, he says.

2. Engage young and entry-level talent

Chances are, you've got a stable of young, eager and energetic IT talent already working with your company. Don't miss out on the opportunity to mentor and grow those individuals with the company and develop them into seasoned cybersecurity pros, Halstead says.

"Pique their interest early, and help them realize the potential to engage in challenging work, as well as growth and development. You can offer training, education and mentoring; you can partner with online and/or local cybersecurity training providers and send them to security-focused conferences and meetups," Halstead says. You're going to pay for your talent to further their education and training anyway, right? Why not steer them toward security?

3. Consider not requiring a bachelor's degree

Is a bachelor's or master's degree really necessary for your talent? In some cases, the answer is no. "If IT and security talent can prove they are proficient in the skillsets you are looking for, then what's holding you back from hiring them?" Halstead says. This is where hackathons, bug bounties (offering prizes or other compensation to IT pros who identify and fix security flaws) and other 'competitions' can be helpful in both attracting and screening potential cybersecurity talent.

Consider partnering with a site like online recruiting platform HackerRank, which allows companies to develop code challenges to test programmers' skills. HackerRank recently launched a jobs platform with a limited number of companies to help connect developer talent with open roles; it's a great way to gauge the skills you need against the talent pool available.

[ Related stories: Closing the cybersecurity talent gap, one woman at a time ]

4. Highlight your company's projects, tools & technologies

Your HR department should enlist the help of an unlikely ally in the search for cybersecurity talent -- marketing, says Leela Srinivasan CMO at recruiting and applicant tracking system software company Lever.

"Recruiting and marketing should be partners here, to make sure they're standing out as a company and targeting the right people. There seems to be a huge awareness gap of the opportunities in the cybersecurity space, so make sure you're building your brand as an employer of choice for cybersecurity talent," she says.

That could mean emphasizing specific technology tools you use, blogging about how your team solved a security problem, or discussing how you integrated emerging security technologies, says Halstead.

5. Be a thought leader

Get your CIO, CSO and CISO (if you have them) to conferences, meetups and hackathons; blog regularly about cybersecurity issues and stay on top of the most pressing issues and vulnerabilities out there, says Halstead.

"Position yourself and your company as a thought leader in this space. You can detail how these attacks might affect your industry, what kinds of skills and experience you need to defend against cybercriminals -- start participating in these conversations," he says.

6. Don't rely on salary alone

Salary alone may not be enough to attract or keep the talent, but that doesn't mean you should be stingy, Halstead says. Cybrary's survey respondents revealed that 50 percent of companies pay their average cybersecurity worker $25,000-$50,000 per year, 21 percent said $50,000-$75,000 per year, 17 percent said $75,000-$100,000 per year, and 12 percent said that their average cybersecurity worker makes more than $100,000 per year.

"Many cybersecurity pros want to be working in exciting and challenging areas of cybersecurity; most also know exactly how in-demand their skills are and know exactly what they're worth," he says. It is well worth paying one and a half or even twice what you pay other IT roles to land talent that's critical for protecting data and defending against crippling attacks, he says.

[ Related stories: Don't overlook your biggest security flaw: your talent ]

7. Interact within the cyber security community on their terms

While you want to be involved with sites frequented by cybersecurity professionals, you want to do whatever you can to avoid heavy sales pitches, obvious marketing ploys or gimmicky actions -- most IT professionals will see right through you, and you could end up getting blocked from forums or banned from certain sites. Engage with other security pros as a peer or, better yet, enlist security talent you already have to do some outreach. If you can offer a great place to work, autonomy, challenging problems and a decent salary, you'll be ahead of the game, says Halstead.

"You also can create company videos and virtual job listings; produce webinars highlighting your areas of expertise and your products; give talks at security meetups or participate in cybersecurity conferences -- anywhere cybersecurity professionals go, you want to be there," he says.

8. Be patient and get creative

Finally, while the cybersecurity skills crunch is serious, it's also a unique opportunity for companies to create fresh recruiting and hiring strategies, Halstead says. "Be patient, and get creative. Remember, everyone is competing with one another and struggling to find the right fit from the same pool of available talent. Finding unique ways of getting in front of those people can be challenging, but it can also be energizing and even fun," he says.

This story, "8 tips for recruiting cybersecurity talent" was originally published by CIO.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.