This blog series on recruiting cybersecurity professionals kicked off in Part 1 with some sobering facts about the frequency and cost of cyber-attacks in the U.S., underscoring the urgency of recruiting talent in this space. You probably know that demand far outweighs supply. In that post I shared some tips for recruiting cybersecurity professionals, and here I’ll share even more. Then stay tuned for Part 3, where I’ll explore a resource pool with rich promise: women and other groups — more than half the population — are sorely underrepresented in the cyberspace professions.
Invest or Be Hacked
Many executives still clench at the idea of throwing more money at a “cost center” like IT, but the threat of cyber-attacks is very real. The 2016 Ponemon Institute Cost of Data Breach Study recommends treating the cost of data breaches as a permanent cost, and budgeting accordingly. They also claim that the average cost of a single data breach in 2015 was $7 million, across all businesses, small to enterprise. If it saves you $7 million, the ROI on paying a couple of cybersecurity professionals turns this investment from a drainer to a no-brainer.
Keep those unclenching exercises handy, as you’ll also need to be prepared to pay premium. Cybersecurity professionals know what they’re worth, and it’s pretty high in the IT pay bands. The gap between supply and demand is daunting; according to Cisco’s 2014 Annual Security Report, there are between 500,000 to 1 million unfilled cybersecurity positions in the U.S., and that gap is expected to grow. You may be reluctant to pay market value, but if your competitors will pony up, you’ll be stuck on the wrong side of the firewall.
While the purse strings are loose, be sure to include professional development opportunities, such as ongoing training and conference attendance. Not only will it give you an edge in the talent market, but it also will ensure you cybersecurity staff stays current. Threats are constantly evolving and what your people learned last year is already outdated. Can you afford to leave your company’s assets vulnerable?
If you’re still with me after that dose of dire reality, you’ve earned a reward: more tips for recruiting cybersecurity professionals.
Maintain a Robust Presence on Social Media
This is good general recruiting advice, but be sure some of your efforts target this group. Join cybersecurity forums and discussion groups, for example. Encourage your existing cybersecurity talent and ranking IT leaders to write blog posts and white papers on the topic. This will help enhance your organization’s credibility as an employer of choice among cybersecurity pros.
Loosen the Requirements on Your Search
Tough sell, I know, but focus on the fact that experience is probably more important than a degree. Instead of asking for 5 to 7 years of experience, ask for 3 to 5 and highlight the opportunity for career growth. Conversely, consider hiring right out of school and promote the opportunity to gain hands-on experience alongside your existing resources.
Build for the Future
Don’t let your urgent needs keep you from looking ahead. This is an ambitious suggestion, but consider offering on-the-job training to turn raw recruits into cybersecurity sleuths. It will be a major investment in your employment brand. Larger corporations, for example, can implement internal training programs that develop cybersecurity professionals from interns, while smaller companies can use outsourced training.
You can try retraining existing IT staff, but keep in mind that success in cybersecurity takes a certain mindset. Ideally you have a System Administrator who can channel her inner hacker and ask, “What would I do if I wanted to get past these security measures?”
In the final installment I’ll continue in the big picture, forward-thinking vein, and explore ways to draw more women and other underrepresented groups into the profession.