6 Tips to hire Top cyber security talents
If you have been trying to hire a cyber security professional in the last few years, you must have noticed how hard it is to find, recruit and retain those cyber security talents. Companies and governments are desperately searching for qualified talents in different cyber security domains like penetration testing, incident response, digital forensics, security audit, cloud security, Industrial control system security and others.
In recent statistics, it has been announced that there are 3.5 million unfilled cybersecurity positions in the world which is becoming a serious pain across all types of companies.
One of the reasons for that shortage is that the process of recruiting cyber security professionals nowadays needs to be fixed. The existing process filers out a large pool of talents who might not have a fancy certificate or a bachelor degree but they have the needed skills of the job.In addition to that, companies have limited access to cyber security talents because those talents live in closed communities and it is pretty hard to join that community unless you are part of it.For that reasons and others competitors and companies lure away employees by higher salaries and benefits.
One of the tips is to target females where the percentage of women currently working in the cybersecurity domain is very limited which gives an opportunity to find good talent with less competition. In addition to that, in this article we will mention 6 main tips that can help companies hire and retain cyber security talents.
Tip 1 => Have a clear job description
You should know that security talents are exposed to different job offers every day, the first impression they get about the open position is your job description announcement. Make sure to write a job description that matches the needed skills. Don't put a lot of requirements that don't fit in one person.Make sure to be realistic as no one knows everything. Sometimes, this can let security talents restrain from applying to your job.
Tip 2 => Run a Skills Assessment Test
Don't start with an interview. Having a technical assessment or test pre interview will give you basic understanding about the candidate before sitting for an interview. In addition, the test will filter only the best candidates. You can use CyberTalents skills assessment service to measure your candidates technical skills.
Tip 3 => Reach Talents Community
It is important to check security events, conferences, hacking or ctf competitions and others before announcing your job. You will need to build relations with the best cybersecurity talents in your country to make them looking forward to joining your organization.
CyberTalents, which is considered one of the fastest growing cybersecurity communities in the world, runs a lot of cybersecurity CTF contests, security events and webinars. CyberTalents can be one of the best places to post your job and reach the cybersecurity community.
Tip 4 => Activity Checks - Reputation is Crucial
Check the talent contributions either on technical websites like github or social media. Does he/she write any ctf writeups, articles in magazines or blogs, Does he participate in ctf competitions or speak in one of cyber security conferences. Being involved in the cybersecurity community is a positive indication that this candidate is working hard to build his career, grow his skills, and you will be able to know more about his reputation, ethics and values.
Tip 5 => Brand your Company
Employers with a strong brand can cut the cost per hire to half and can increase the number of qualified applicants tremendously. Companies must define their values and culture in order to attract the candidates that match those values and fit inside your culture. One of the ways to brand your company is to focus on why. Make sure you promote the message of why employees should join your company. What value you provide to the life of people and how you affect their lives in a better way.
In addition, make sure that you highlight the benefits you provide to your employees. Other than the traditional benefits like medical insurance and salaries, Some companies provide unique benefits like access to cybersecurity books library, free flight tickets and accommodation to international cybersecurity conferences, free meals, free Gym access and others. These activities will increase your company brand and will let more talents willing to work at your company.
Tip 6 => Focus on skills not Certificates
With the current status of cyber security talents shortage, companies must be flexible regarding the formal requirements in hiring security professionals. Requirements such as Bachelor degree or Master's degree in computer science or computer engineering or similar should be removed from job requirements as there a lot of technical talent that you miss in hiring because they might have dropped their university degree or they have been focusing on self study instead of traditional certificates. Hands on experience and skills in addition to culture should be the main criteria when it comes to cyber security hiring.
Another thing to consider is providing on-the-job training after you hire. You may come across an enthusiastic candidate with the right soft skills, but not enough experience in the cybersecurity field. It’s becoming more common for companies to enrol new hires in an intensive training program to learn the skills they’ll need for their new job.
Today, Cybersecurity employers face a big challenge in finding the right candidate and it is clear that this issue will be there for a while. With cybersecurity tackling nearly all aspects of our life, with the current digitalization trend, sectors like healthcare, transportation, education, automotive and others will start to hire more cybersecurity positions causing an increase in the shortage gap in the next coming years.
Some of the solutions that can be used is to focus on outsourcing or specialised hiring platforms like cybertalents.However, we need to bring more cybersecurity talents to the cybersecurity game which should be the role of everyone of us to make sure we have enough candidates and resources that can secure our digital life.