How to Recruit and Retain Cybersecurity Talent?
Technology has found its way into every aspect of a company and, resultantly, every company is in some way a technology company. Every point of use of such technology, whether it be working remote from home, or cloud services, presents an opportunity for data security breaches and threat to company data. Cybercrime is on the rise and as such, companies are scrambling to recruit cybersecurity talent. These jobs are very difficult to fill and there is a shortage of talent available. Network security engineers, cybersecurity architects and data security analysts are in high demand and are suffering talent shortage. Cybersecurity risks are very challenging and result in reputational damage, economic fallout and compliance violations.
Table of Contents
There is credible data that cybersecurity jobs take 21% longer to fill than IT jobs. Clearly, companies are struggling to fill the cybersecurity skills gap in their organizations.
Recruiting and retaining cybersecurity talent
Look for potential rather than just credentials
While credentials such as certified information systems security professional (CISSP), certified ethical hacker (CEH) and CompTIA Security+ are genuine markers for expertise in cybersecurity, employers must recognise that skills and experience can trump these. This view must be kept in mind while hiring talent. Strong candidates sometimes get deterred when they see a list of required credentials in the job posting. In order to attract people who have the experience and skills, and not necessarily the certifications, what you could do is have a list of credentials under the “must have” header and the rest under “nice to have” header. Emphasize in the job posting that skills, experience, a learning mindset and an interest in the field are most important.
Explore new talent pools
Employers can bring in more talent pools by using language that is inclusive in the job postings. No need to talk about attacks and warfare as if you were recruiting ninjas and warriors! People from under-represented groups can have all the qualifications or skills required to fill the job vacancy. So make your job descriptions inclusive by using gender-neutral language and inviting people from marginalized groups
Also Read: Cybersecurity: Skills & Opportunity Roundup
Good salary and flexibility
Since vacancies for cybersecurity experts are not being filled easily, many companies are willing to offer a higher salary considering that security, privacy and compliance are involved. Therefore, it is necessary that the compensation package that you offer must be competitive. Apart from salary, there are other issues like flexible work schedules, remote working options and the payment of stipends for home-offices that can act as perks for such roles. Apart from looking at salary, many candidates look for such preferred working arrangements. Contract and interim workers are also a possibility to fill such vacancies quickly.
Encourage upskilling and professional development
While hiring talent is challenging and important, it is also key to retain such employees. Retention of employees is as critical as recruiting new talent. It is good to encourage and promote talent from within the organisation to keep them motivated, challenged and satisfied with their roles. Internal promotions encourage good retention rates. Also upskilling current employees and encouraging their professional development can go a long way in retaining them. Upskilling can be done by getting to participate in programs offered by third parties and subsidizing cost for training and IT certifications.
Apart from this, listening to the career goals of the employees, matching them to the upskilling initiatives of the organization that will add value to the operations will motivate employees and build morale. Understand your team members as humans, what motivates them, what are they working on, what barriers do they face when getting work done and help them overcome those barriers.
Also Read: The Importance Of Cybersecurity In Fintech
Keeping your cybersecurity team updated on the latest happenings in real-time and equipping them with proper tools is very important. Unless they are aware and equipped, they can do precious little to evolve quickly and respond to risk. The right tools can help the cybersecurity team to deploy the right controls in time to protect your digital assets.
Cybersecurity must be brought out of the silo of IT and under the CEO and their peers. For instance, a CFO must know the financial impacts of a data breach. The CTO must know how to ensure and build security into the product and the COO must understand how data breaches can impact and jeopardize operations. Leaders must see strategic value in cybersecurity experts and invest in developing and growing this team to better deal with data breaches and other risks involved. Senior leadership must be well educated on how to prioritize risk mitigation, governance and compliance. The market for cybersecurity talent is hot and by positioning yourself right, you can easily emerge as an employer of choice in a competitive talent market.