How to hire top cybersecurity pros

The IT skills gap is an ongoing concern for CIOs, particularly in the search for cybersecurity talent.

Complex and ever-evolving threats, from the rise in ransomware to the emergence of billions of IoT devices, mean both the risks and the staffing needs are always growing and changing.

With the threat of cyber attacks on the rise, an increasing number of organisations are investing in cybersecurity professionals and upping their cyber headcount.

Read next: How to improve cyber security awareness in your organisation

Where do you need cybersecurity talent the most?
iStock

Where do you need cybersecurity talent the most?

Evaluate your organisation's security strengths and weaknesses and focus on attracting talent that can address your major vulnerabilities.

This could mean recruiting specialists with expertise in areas that were previously neglected, or identifying future threats and finding staff who can mitigate those risks.

Often companies don't hire cybersecurity staff until it's too late. By finding out where you could potentially fall victim, you'll be able to hire someone with specific needs to your company.

This might require a small IT security evaluation but will be worth it when the hiring process begins.

Build a social media presence

Build a social media presence

One of the first things potential employees will do is search for you online and on social media outlets. And they might be put off by a lack of presence.

If you don't have social channels set up, create Twitter, Facebook and LinkedIn accounts. Most businesses already have social media, but some fail to post about things that will entice future employees.

Try posting about your workplace to make it more personal. For example - "Thursday night work pub quiz" accompanied by a photo will be a nice break from the usual business tweets.

Social media is also a great way of interacting with the infosec community. You should join in online discussions within the cybersecurity community and get your branding out there.

Read next: Should UK CIOs have a social media policy

It\'s about more than qualifications - forget the degree

It's about more than qualifications - forget the degree

When hiring for a new role, you'll be faced with numerous CVs, and you'll undoubtedly fall into the trap of just skim reading for keywords and specific qualifications.

But by doing this, you might miss out on someone with loads of experience, which for the most part is a lot more valuable than qualifications alone.

This can be tackled quite easily. When you create your job ad, be careful not to add too many required skills or qualifications. This might put some talented people off from applying, as they may have the skills and experience but lack the formal qualifications.

To make sure you don't neglect the experience-rich talent pool, you should add a line in your job ad indicating that lack of formal qualifications will be overlooked for the right candidate with the right experience.

Pay them what they are worth
iStock

Pay them what they are worth

The phrase "you get what you pay for" is extremely relevant in hiring, especially in the tech sector. Cybersecurity professionals are very much in demand and as such can expect to be paid their worth.

This may isolate smaller businesses with smaller budgets, however, so hiring junior staff and offering training or even hiring internally and training on the job is a great way to get around it.

A good way to know what to pay is to know what your peers and competitors are paying. You could use a service like IT Jobs Watch to track this.

Diversify your workforce
iStock

Diversify your workforce

Address the labour shortage by proactively recruiting underrepresented groups. This may mean changing the recruitment process, making the workplace more inclusive, or providing training on the job to those who lack IT experience but have the ability, interest and skills to develop it.

Only 11% of the world's information security workforce are women, according to the non-profit Women's Society of Cyberjutsu (WSC). Work with groups from the private sector, government agencies and educational institutions that provide IT training programmes for women to understand how you can redress the balance.

HR and professional associations can help you reach a diverse range of groups, make the workplace more welcoming to them and reduce implicit bias when hiring.

Promoting career opportunities for women and other underrepresented groups will make your organisation an attractive destination both now and in the future when these marginalised groups become better represented.

Upskill your existing team
iStock

Upskill your existing team

The constantly evolving nature of cybersecurity threats makes ongoing training essential to keep any organisation secure. It can also provide an alternative to hiring new employees.

If you can't find the talent you need on the job market, you could instead invest in robust internal training programmes for your current team. Some of them will be particularly well suited for being developed from IT generalists into cybersecurity specialists.

Appeal to millennials
iStock

Appeal to millennials

Working patterns are changing rapidly, and the needs and desires of millennials are often different from those of previous generations. Job satisfaction has become more important and contemporary career paths less linear.

Flexible working patterns, the provision of mentoring, training opportunities and more sociable working environments can help make your organisation more attractive to millennials.

Widen your reach
iStock

Widen your reach

Expand your recruitment across online resources. Interact with the community forums and make applications mobile-friendly.

Analyse industry trends and employment data to understand where the needs are emerging and where the talent is available and target them as required.

Support cybersecurity events, such as conferences, meetups, hackathons and seminars, to help find talent and increase your appeal. Hacker conferences can be particularly useful, as they often attract talent that doesn't follow traditional career paths.

Recruit specialist senior positions
iStock

Recruit specialist senior positions

Chief Information Security Officers (CISOs) are becoming increasingly prominent at large organisations. They can help companies devise a comprehensive cybersecurity strategy and ensure that the right recruitment policies are in place.

Another cybersecurity leadership position that is starting to become popular is that of the Chief Risk Officer (CRO). This role oversees all aspects of risk exposure and can help get the right personnel on board to protect the organisation.

Read next: Does your organisation need a CISO?

Hire and train junior employees
iStock

Hire and train junior employees

If you can't upskill your existing team or attract the senior talent you need, consider lowering the bar of entry and advertising more junior roles. They can then be trained up to take on the senior roles that you require.

The technical skills you want are certain to quickly change. You'll need staff who can and want to learn and adapt regardless of their current level of expertise

Consider using external contractors
iStock

Consider using external contractors

The unique needs of cybersecurity has led the market for IT outsourcing to grow more than any other segment of information security, according to research by industry analyst firm Gartner that was released in 2016.

If you can't find the staff you need independently, consider outsourcing to specialist cyber security service providers. Outsourcing doesn't normally come cheap, but it can provide the expertise you need, while transferring the responsibility of managing it to someone else.

Read next: How CIOs are using outsourcing

Copyright © 2018 IDG Communications, Inc.

Related Slideshows