InfoSec Connect founder and cybersecurity recruiting expert Domini Clark weighed in on a recent San Diego Union-Tribune article about how the shortage of cyber workers is hurting the fight against hackers.
Excerpt from the article:
At the very moment hacking is expanding exponentially, analysts said, there are hundreds of thousands of cybersecurity jobs left unfilled in the U.S. The extent of this problem is the subject of debate; the estimated tally of vacancies ranges from 100,000 to 350,000, with as many as 45,000 in California.
While the staffing estimates vary, analysts agree on the huge need for qualified workers in the cyber industry.
Northeastern University’s Agarwal estimates there are 100,000 of these unfilled jobs nationwide. Peninsula Press, a journalism program at Stanford University, puts the figure at 209,000. Cyber Seek, an industry-government coalition, said the number could be about 350,000 when including positions that require at least some cyber abilities.
The job descriptions range from security analysts to network engineers to software developers to risk managers. Some lower-level positions pay as much as $70,000 per year, and management positions can hit $235,000 or higher.
Experts are eager to see the applicant pool widen, and they’re looking for specific types of candidates.
“The best cybersecurity professionals think like criminals,” said Domini Clark, an Idaho-based recruiter at the recruiting company Decision Toolbox. “The joke in the industry is that superstars have an ‘evil bit’ in the code of their personalities. They know better than to have a high-profile online presence. ‘Paranoid’ is too strong a word, but they tend to be hyper-cautious and some take pride in operating in ‘stealth mode.’”
Those people tend to be coveted, so low-ball employment offers just don’t work.
“(Some) companies are doing lip service, not willing to fund the important roles that are necessary for the growing security issues,” said Kirsten Bay, chief executive of the firm Cyber adAPT in Half Moon Bay. “There is a desperate need for technologists who can speak at both the engineering and board levels, candidates who can understand technology and yet speak to the business case for security.”
Clark at Decision Toolbox agrees, noting: “About half of cybersecurity professionals are contacted by a recruiter at least once a week. If you post a standard H.R. job description of duties and requirements, it will wash out among all the other background noise … (Candidates) want to do intriguing work that is varied and unique. Let them use their devious creativity to your company’s advantage.”