RECRUITING IN CYBER SECURITY: HOW BAD DO YOU WANT IT?
I am 6’4, 240 pounds – a big guy. I played football, spent my share of time in the weight room and have a messed up lower back and a brutal rotator cuff surgery to show for it. Plus, I like to eat. I’m at a stage with my current weight that I like to call “Not Fat”. That’s the area between not skinny, but not really overweight. The reason for my current state is a choice between Aspiration and Conviction. Currently, I choose Aspiration. I’d like to drop 10 pounds and if I dropped 20 it would be amazing. But I know what it takes to do that and I’m simply not passing up a plate of chicken and waffles (I live in the South). If I had Conviction, I’d eat some celery. A Conviction would lead me to go through the three months of pain and hunger it would take to drop 10-20 pounds. Right now, I’m at Aspiration – with a side of mac and cheese.
If you are losing the talent battle in your Cybersecurity Program, it’s probably because you aspire to top talent, but you don’t have the conviction to get that talent. You can turn it around, but it’s going to take some pain. Here’s how to get it done:
- Understand what you are up against. There is 0% unemployment in Cybersecurity. In IT, 10% of all job postings are in cyber, and the growth rate is 2x faster than other IT jobs. There will be 1.5 – 2 million unfilled cyber jobs by 2019. Currently, cyber job postings take 24% longer to fill than other IT jobs and 35% longer to fill than all job postings. In a time when your company needs to balance speed with the right hires, the market is brutal and the competition fierce.
- Your Security Department should be responsible for hiring. Recruiting an accountant is a walk in the park compared to what you are trying to accomplish. Security positions are highly specialized, somewhat new, and oftentimes exceeds the time limits of internal HR. Plus, Security Programs are notoriously tribal. You know your culture, so it’s on you to find the right personality and skill set. Also, it’s important to understand the competitive landscape, salaries, and what you can get for your money.
- Clearly define the role upfront. This goes a long way toward good candidates knowing immediately whether you are competent or not. A job description should read more like a story than a checklist of demands. As a Security department, you know that the top qualifications you’re seeking is passion and an innovative mindset, so try not to constrain the roll too much with an exhaustive laundry list of certs and pie-in-the-sky experience expectations. If you do this well, you might interview a candidate that’s not right for the immediate posting, but would be a great fit elsewhere.
- Focus on the candidate experience. The competition for good candidates is relentless. 77% of candidates believe that the interview experience is very important. Roll out the red carpet and be fast. If you wait a week or two to interview because you’re trying to line up interviewer’s schedules, you are dead. Build in the time, put the right interviewers in place and provide them with clear metrics. Candidates can sense a “loose” interview process and it reflects poorly. Evaluate in detail, but be ready to pull the trigger. If you don’t, someone else will.
- Prove your commitment to training and leadership development. You know how fast the cyber game moves. Good candidates with Security experience crave learning and opportunities to interact with their tribe. Learning opportunities and conferences are critical. Show good candidates that you are committed to enhancing their careers by spelling out a dollar amount and the time they can use to enhance their education. It buys loyalty.
- Onboard like a champ. Did you know that 80% of new hires decide within the first six months whether they will stay at a company? Plus, it’s estimated that replacing an executive or serious tech employee can run to 215% of their salary. Understand that you did not win the battle the morning that new hire walks in the door. This is the worst place to lose a candidate because you’ve invested so much time. Give new hires a defined runway instead of throwing them to the wolves. Mentors and sponsors are a huge help in this area.
Show good candidates that you have the conviction to build a top notch Security program and they will want to work for you.