As a recruiter or HR professional, you have a lot of responsibilities and tasks on your plate. And when it comes to hiring top talent for your organization, you’ve likely noticed some changes happening in the IT and cyber security sector.
The demand for cybersecurity roles is at an all-time high with no signs of slowing down. In fact, it has been reported to be an approximate $352 billion industry that will grow at a 15% rate through 2026. Not only is the demand high, but there’s also a skills shortage, with the field short roughly 2.7 million workers.
If you don’t focus on closing this gap, your organization could be vulnerable to data breaches, phishing attempts, malware attacks, and even identity theft. Having talent within these roles can be the difference between knowing the signs of a data breach and having a ramification to the tune of a $4.35 million data breach, which was the average amount in 2022.
But it’s not all gloom and doom -- as a recruiter or HR professional, there are some tactics and tips you can apply to attract top cybersecurity talent in such a competitive market.
What are the different careers in cyber security?
You may need to hire for several cybersecurity careers and job paths. It’s essential to understand the specific roles your company may need to succeed long-term and where overlap may occur. Before posting for open positions, determine which careers your company needs to hire.
Cyber security specialists
The role of a cyber security specialist is someone who is an expert in the field of information technology (IT) security. Usually, their job will include protecting software development. They work to secure networks from external threats, including hackers who try to get access for malicious reasons. Some responsibilities on their plate include determining security violations, implementing and maintaining security controls, and upgrading networks.
Cyber security technical architects
This is a more senior-level position. The individual handles planning, designing, testing, implementing, and maintaining the company’s computer and network security infrastructure. It’s up to this employee to think like a malicious hacker so they can anticipate and defend the company against information security risks.
Information security, cyber security, or vulnerability analysts
When your team is hiring for this type of role, you’re looking for a trained professional specializing in network and IT infrastructure security. The cybersecurity analyst will have a comprehensive understanding of cyberattacks, malware, and the behavior of cybercriminals. It’s up to them to actively anticipate and prevent these attacks.
These individuals will use tools to examine your company’s website or system for weaknesses, including application security issues and open-source vulnerabilities. Their responsibilities include performing penetration tests on computer systems, networks, and applications while creating new testing methods to identify vulnerabilities.
Security or cyber security administrators, engineers, principles, and technicians
When it comes to these roles, an individual will work to protect large volumes of sensitive user data by developing and implementing secure network solutions. They may also conduct research to identify attacks against their company.
Knowing the types of job your company needs to hire for can help you tailor job descriptions for specific responsibilities and may also determine if you decide to post these open roles on various job boards or job search sites.
5 ways to hire cyber security talent
As you create a plan of action for higher cyber security talent, consider implementing these five tips into your hiring strategy and recruitment techniques.
1. Create a talent community
One of the most underrated ways to attract talent for your company is to build a talent community of like minded people.
When we say “build a talent community” - this can be a virtual “Friday office hours” or weekly webinar type of email list community, or an in person meetup or something in between. As long as you have an engaged set of people and interesting content to share with them - you’re in business.
For example D.C. Cybersecurity Professionals Meetup in Washington, D.C. has closed to 10,000 cybersecurity professionals and is led by five different organizers who work at different companies. Now this meetup has regular in person events in D.C. and they also host some virtual video casts so that people who are not local can join as well.
Another example is SparkToro which has Office Hours once a month where they email their community to join them for one of these free sessions to learn more about marketing. A lot of people who join these office hours are marketers who might be a perfect hire for the company.
I have employed a similar tactic at TopicRanker.com where I have started building an online community with an interview series about marketing and SEO. If you go to TopicRanker about page and scroll down you’ll see a few interviews with Tim Ferris, Neil Patel and Janice Taylor where I interview them and get a community of like minded people to show up to our events. I have hired a few amazing writers just by meeting them at these events.
Building a talent community is a must have for any brand to attract talent, it also helps you build brand awareness.
2. Present an actual challenge for candidates to solve
Most of the time we list a set of requirements on a job description and wait for candidates to apply and list their qualifications. We then ask a set of generic interview questions about the candidate’s past experience and achievements. The problem is that this tactic does not attract top talent.
If you want to really attract top talent and test how smart and experienced they truly are at their craft - give them something to solve!
Post a security problem challenge publicly and ask applicants to find a solution. Innovative candidates respond to clever employers -- and this tactic will make your company and the open IT roles stand out amongst the noise.
Like ethical hacking, but in reverse, present a security issue on your company’s social media page. Ask prospective applicants who want to work with you, or are just followers of your brand on social media to solve the problem. Then, offer the first people (depending on your company’s needs) with a viable solution, an interview, or a contract gig to help with similar IT-related problems your business faces.
You might even be able to post a simple question instead of a cyber security problem and see who has the best answers.
What is the best way to restore your identity after fraud? There are a number of steps you typically take to restore your identity but you are looking for something more in depth and non generic.
Your IT department can usually let you know the types of an attack or issues your company experiences often and inform you on the best problems you can post about.
One of the most common types of fraud for most online businesses is a DDoS attack, an attack in which hackers try to overwhelm your website and take it down by flooding it with traffic.
So you can do two things to post a challenge and attract candidates:
- Since these happen pretty often, ask your IT department if they can let you know next time you’re experiencing this attack, send out a tweet with a specific question about mitigating the specific DDoS attack you are experiencing. Wait for people to answer your question on Twitter. Filter through the answers to find the best ones and engage with those folks.
- You can send out tweets like these after the attack was mitigated as a post-mortem about how others would have solved the issue.
If your company isn’t looking to offer contract gigs, you can also offer the people who solve the problem a fast-tracked interview process. For instance, if your company’s interview process usually takes three weeks to go from the first interview to the final interview, offer it in one -- but be sure to stick to it!
This would be a very non traditional way to find talent that is eager and hungry to help and get things done.
3. Launch a partnership with a university
Your company should also consider partnering with a University to attract recent graduates. If your company hires for remote roles, you can branch out and partner with universities throughout the country.
An example of a company already doing this is SAP, which launched an ongoing partnership with the Columbia University School of International and Public Affairs (SIPA) to help identify and develop early talent in the cybersecurity sector.
There’s also the SAP Cybersecurity Virtual Internship Program, which is excellent for students who seek out online courses to learn more about which cybersecurity path they may want to pursue. This program provides students with modules centered around password security, identifying phishing attempts, and compliance standards.
Not only do these courses provide a glimpse into what working in cybersecurity may look like, but these types of outreach programs inspire students to consider a career in IT. Plus, it may influence them to seek out roles at your organization.
4. Go to the same places that cyber pros go
To attract top cybersecurity talent, go where they already are.
Professions in the field have preferred podcasts, meetups, blogs, and conferences. So, if your company is hiring, get yourself seen in these places!
Think of specific issues and problems cybersecurity pros are talking about, for example:
One of the biggest challenges we are all experiencing right now is removing our personal information from the public domain on the internet. Try to find the best articles or podcasts about this topic and identify the author of the article or the podcaster of the podcast. Maybe the author/podcaster would be a potential hire or maybe the blog or podcast might feature your brand on it.
You can reach out and ask if a specific podcast is taking guests for interviews or a publication is taking new contributors to write content for them. You can of course place an ad for your company and the fact that it’s hiring on any one of these podcasts or magazines.
Here are just a few podcasts and magazines which cybersecurity nerds love:
The SCMagazine reports on latest news and happenings in the cybersecurity world, Infosecurity Magazine and Dark Reading are both frequented by cyber security pros as well. There’s also the BarCode podcast, hosted by Chris Glanden, a cybersecurity professional and tech entrepreneur. Another podcast to consider is Down the Security RabbitHole, hosted by Rafal Los and James Jardine.
Hiring talent at a conference is of course a no brainer, finding conferences which are targeted towards cyber security nerds and not HR professionals can be tough though. Here are a few to get you started:
Other places to consider are:
- Blogs: IT Security Guru, Security Weekly, The Hackers News, and The Last Watchdog
- Podcasts: Smashing Security, Risky Business, and Malicious Life
- Conferences: SaintCon, WiCys, ISACA, and The Diana Initiative
Even if your company doesn’t have the budget to contribute to other publications or advertise open IT positions and roles, being well-versed in what these meetups, podcasts, blogs, and conferences have to offer can also be helpful.
For example, one of the ways to stop getting spam emails is to perform a dark web scan, you can use this information to ask your candidates about their opinion on most effective ways to combat spam emails.
Ask candidates if they recently read any blog posts, listened to podcasts, or have attended conferences and have heard something which made them curious about the topic of email spam.
While this will let you know more about candidates, it will also let candidates know your organization keeps up with the latest places cyber pros go and is up to speed with the latest
5. Cybersecurity competition: attend, sponsor or run your own
Finally, consider a cybersecurity competition! Whether you attend one, act as a sponsor to an existing one, or run your own, it’s an unusual way to attract talent.
For instance, there’s the President's Cup Cybersecurity Competition -- a national cyber competition that identifies, recognizes, and rewards the best cybersecurity talent in the federal executive workforce. During this competition, competitors face diverse challenges that will need a specific and extensive skill set to succeed.
This is an example of one of the cybersecurity competitions your company could choose to attend or sponsor. Or, consider running one of your own! All three options are a great way to get your company’s name in front of cybersecurity talent.
Bonus: Upskill your current staff
The first tip you and your hiring team can put in place is to upskill your staff. This means creating plans and strategies for training your staff on cybersecurity basics.
Set up ways employees across all teams can identify sensitive data and possible threats. For instance, if employees have a company credit card, educate them on the features they need when purchasing a credit monitoring service to prevent credit card fraud and other related scams. On the other hand, if some team members have a work phone, teach them the warning signs of their phone being hacked.
It’s also important to educate employees and HR staff about cybersecurity. For example: create mandatory training about spotting phishing scams, which is one of the most common methods of compromise for any business. Employees need to know how to spot a phishing scam in their email inbox and what to do if they’re unsure if an email is real or a phishing attempt. Educating your team and building awareness is the first step!
Businesses can even take this one step further by enrolling employees in a cyber security course. Consider making specific courses mandatory for all staff. Udemy has courses that apply to ethical hacking, penetration testing, information security, email spamming, network security, and more, which can all be great starting points for upskilling staff on cyber security basics.
When implementing these upskill strategies, inform candidates interviewing for cybersecurity roles about these initiatives. That way, they know your company takes cybersecurity seriously and actively works to educate its staff on keeping information secure.
There are several challenges an HR team has to tackle, especially when hiring for remote tech roles, but it’s possible to set yourself and your company up for success when you implement these tips for attracting top cybersecurity talent. When hiring, remember to highlight how your organization stands out from the rest, emphasize the benefits your company offers, and offer a streamlined interview process without loopholes.