How to Find, Hire Good Security Pros — Even if They’re Already Happy
… a change of plans because that supply chain is reversing flow.
“Historically there has been a steady flow of talent ready to jump from government work into the commercial sector, but that pipeline is constraining as the government hiring authorities ramp up to compete with some of the commercial counterparts,” says Saffarini.
Whom to Look For
Take a hard look at the job descriptions you’re advertising to, because you’ll likely need to revise them if your goal is to hire good security talent fast.
“Most job descriptions are unrealistic, listing too many requirements that are not core to the role, but rather are nice-to-have qualifications. Rather than limiting your potential pool of candidates, simplify the job description to include your core requirements to entice applicants to fill open roles,” advises John Samuel, executive VP and head of IT and digital transformation at CGS, a global provider of business applications, enterprise learning and outsourcing services.
Most managers would rather hire for attitude and train for aptitude than the other way around. Keep in mind that not all who work in white-hat jobs have white-hat mentalities. Insider threats are still a real thing. But that doesn’t mean hire someone with no tech skills at all, either.
“Within your organization, you’ll often find that looking at adjacent roles gets your further than you might imagine — a star system admin already knows your networks, systems, architecture, people and process, but needs training in cybersecurity constructs to tie much of it together. Over time these individuals become cyber superstars,” says Saffarini.
Make a Plan that Actually Works
But before you run to all these places with flowers and chocolates and perks-a-plenty in hand, stop and develop a security workforce plan so that you hire what you need now and develop the workforce you need in the future too. You need a strategy supported by specific actions to ensure that you’ll get these talented people’s attention, let alone sign them up for a prolonged stint at your company.
“Putting the time and resources into a security workforce plan, and then actively executing and managing that plan, has one of the best ROIs of any security spend,” says Saffarini.
Don’t think you can just dust off one of your company’s workforce plans designed for other fields, because the same tactics aren’t likely to work with this group.
“Organizations need to identify and implement more modern approaches and apply them to recruiting and retention in the cybersecurity industry workforce to fill the void and create more diversity,” says Jason Albuquerque, CISO at Carousel Industries, a national IT, managed services and cloud solution provider.
Those modern approaches means diversifying not only in terms of genders and cultures, but also in job roles and descriptions, remote as well as flexible work options, and personalized perks. It might take some experimentation and long conversations to discover what works best in recruiting and retaining security pros for your company, but the effort will pay off handsomely in even the tightest employment markets.