CIO

How to hire the best cybersecurity talent

Cybersecurity has one of the biggest skills deficits across all IT verticals meaning finding the right talent isn’t always easy. Here’s how to get it right.

The skills gap across the technology industry has already been widely reported on, with experts predicting the sector will be facing a global skills deficit of 4.3 million workers by 2030.

Of all IT verticals, cybersecurity is one of the worst affected by this lack of talent, with Cybersecurity Ventures reporting that there will be 3.5 million jobs left unfilled by 2021.

In Southeast Asia, job postings for cybersecurity roles has risen by around 500% but the comparable growth in people searching for those jobs is almost nil.

Singapore has a real shortage of skilled workers at the middle and senior tiers in the cybersecurity sector, due in part to insufficient training programs and entry routes for midcareer professionals.

In 2012, the city state had 144,300 ICT workers. Only 0.8% of them were considered IT security specialists.

So, with demand for cybersecurity workers at an all time high and a talent pool that is not growing fast enough to keep up with demands, how do you hire recruit the best cybersecurity talent available? Here are a number of best practices to help you get it right.

Identify your weak spots

What are your organisations strengths and weaknesses? Before you start hiring, you need to identify your vulnerabilities, so you can make sure any new talent can help plug those gaps.

This could mean recruiting specialists to help you strengthen specific areas of your security strategy or taking a long-term approach and hiring talent that can help you mitigate the risks of the future and remain one step ahead of the curve.

In order to make sure your security strategy is successful, it needs to be comprehensive.

One potential vulnerability is one too many so it’s vital you hire people with a wide-range of skills and expertise to make sure you’re not leaving your organisation open to a cyberattack.

Make sure you hire strategically, covering all your security bases rather than over-hiring in one area whilst leaving several others open to risk.

Look beyond traditional qualifications

Most organisations have qualification requirements for new employees and while there is a logic to this, maybe it’s time to broaden your recruitment horizons.

In an age of increased tuition fees, many young people are choosing to forgo studying for a traditional degree and instead gaining real-world experience through internships or apprenticeships. Should they really be left out of the running because they decided to take a non-traditional route into the world of work?

As far as cybersecurity is concerned, experience is often more valuable than qualifications alone.

When it comes to putting together a job specification you should therefore keep the amount of required skills or qualifications to only what is absolutely necessary. If not, talented people who have the skills and experience might be put off from applying because they lack formal qualifications.  

Embrace diversity

If your team isn’t diverse, your team will never be able to reach its full potential. If everyone comes from the same background, has taken the same career path, has the same lived experiences and thinks the same way; new and innovative ideas will never surface.

Women currently make up 11% of the cybersecurity workforce and while there is a smaller talent pool from which to recruit women, if you want a diverse team, you’ll make the effort to hire one.

The same applies when it comes to recruiting people from minority ethnic backgrounds, the talent is out there – you just have to be willing to find it.

Speak to your HR team about what you can do to improve your recruitment strategy, diversify your talent pipeline and remove implicit bias from hiring process. Not only will this improve the quality of your workforce, it will make your organisation more attractive to prospective employees and make finding new talent easier in the future.

Upskill your current employees

Additional training is one of the most valuable tools you can equip your employees with, helping them to develop their skills and advance their own career progression.

Employees are more likely to remain in the company if feel like the company is invested in their professional development. It also provides an alternative to hiring external, something that is not always easy in the talent-strapped industry of cybersecurity.

Cybersecurity certifications probably offer the greatest benefits for your staff – if you want to know where to start with those, we compiled a list earlier in the year. Not only do they allow your current employees to focus their specialisation, they’re a great way of helping IT generalists make the move into the world of cybersecurity.

Be flexible

The way people work is forever changing, especially as younger generations start to enter into the workforce.

While offering a competitive salary, good employee benefits and a happy work environment are all things potential employees look for in a new job, research has shown that the best places to work are those who understand the importance of a good work-life balance and offer their employees to flexibility necessary to facilitate this.

Generally, young people value job satisfaction over traditional linear career progression so offering a flexible working policy will help your company appeal to a wider pool of talent – graduates, working parents etc.