Cybersecurity threats once seemed like the stuff of science fiction. Now, they are everyday occurrences with the potential to wreak large scales of havoc. As cyber breaches, hacks and threats increase both in volume and complexity, organisations need to ensure that they’re hiring the cybersecurity talent they need to keep their companies safe and future-proof them for years to come.
Another day another cyber attack
While once isolated incidents, the last few years has seen the scale of cyber attacks increase at a rate of knots. In May and June of this year, it’s estimated that 60% of the emails sent in Europe and North America were hacks or phishes of some kind. It can seem as though every week brings with it details of another huge security breach.
Cybersecurity, and how to constantly stay up-to-date with emerging threats, are becoming part of the operational remit for businesses. A report released in October 2020 states that “recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.”
Organisations also need to take a strong look at themselves when it comes to cybersecurity.
The 2019 Varonis Global Data Risk Report found that most companies have “unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss.” The report claims that 53% of companies have over 1,000 sensitive files that every employee in their organisation can access. To successfully safeguard against malicious attacks, it’s critical that companies prioritise cybersecurity awareness, prevention and best practices among their staff.
One of the ways to do this is by recruiting a dedicated cybersecurity team.
The shortage of cybersecurity talent
With cybersecurity increasingly gaining more attention over the last few years, many professionals have developed careers in this space. However, one of the ironies when it comes to this field is that while there are more cybersecurity professionals around than ever before, there are nowhere near as many as the world’s organisations need. And the demand for cybersecurity professionals is only expected to grow.
In fact, this year alone there is estimated to be a shortfall of 1.5 million unfilled cybersecurity positions. This lack of cybersecurity talent is one of the reasons why 25% of respondents told ISACA’s Cybersecurity Nexus survey that “it takes their companies six months or longer to fill priority cybersecurity positions.”
To address this need, universities are beginning to launch new cybersecurity study programs that prepare students for work in this area. Venture funding is being made available to startups that provide vocational courses in cybersecurity. In the U.S., the military is running cybersecurity training courses for active-duty military personnel. These individuals are quickly finding roles within the cybersecurity industry once they leave the service.
So how do you find the cybersecurity talent you need?
Follow the FBI’s example and expand your talent pipeline
Many of us think of cybersecurity as an IT function. It’s a logical assumption to draw considering that many cybersecurity executives come from an IT background. On the other hand, IT qualifications are not the only ones that “convert” well into cybersecurity ones.
In order to close the gap between the amount of cybersecurity professionals needed and the volume of talent available, organisations are going to have to take a leaf out of the FBI’s book. For example, many of the FBI’s cyber agents come with an accounting degree. This makes sense too when we consider the level of detail required to run an organisation’s finances well. This forensic attention to detail translates very well for cyber investigations.
Adopt a two tier approach
To staff your cybersecurity team with the individuals you need to ensure your company stays safe, you need both entry-level talent and seasoned professionals.
People with hands-on experience can be difficult to come by but they do exist. Industry consultants who have worked with companies that have a dedicated focus on cybersecurity can be a rich source of access to these professionals.
Ensure you’re blogging or putting out other content around your company’s journey towards becoming as secure as possible from a cybersecurity perspective. You want to be as attractive as possible as an employer if you’re going after this talent.
Be flexible with your offers
Salary benchmarks can be relied on for just about every industry. It’s a little different for the cybersecurity field. HR teams across the globe are working on this, but for now there is not enough detailed data to understand the salary range for the different roles with the industry.
This is partly because cybersecurity as a profession is still relatively new. Also, we need to consider that the job spec for a cybersecurity professional often overlaps with other work too, such as IT and/or compliance responsibilities.
Taking this into consideration, it’s understandable that many companies might not know what to offer the cybersecurity professionals they wish to recruit.
Of course, trying to offer the lowest salary possible is not a smart move no matter what role you’re recruiting for. However, this doesn’t mean that you have to throw money that you might not have at your cybersecurity job spec either.
For highly experienced professionals, the salary needs to reflect the market reality of these individuals being difficult to come by. On the other hand, the training and development opportunities your organisation offers to both experienced and entry-level staff are of significant value too.
Therefore, clearly articulate how working for your company provides the candidate with opportunities beyond the salary. Will they have a chance to develop your company-wide cybersecurity strategy? Can they attend industry events? Do you have a significant budget that allows them to build the resources they need to do their job well? Factors like these can make your company a magnet for cybersecurity professionals who want to grow their careers.
Highlight growth and learning opportunities
Further to the point above, being able to offer growth and learning opportunities is a huge plus in your favour as a hiring firm.
Every industry experiences change, but the cybersecurity industry is changing more rapidly than most. The field needs to be simultaneously proactive and reactive to the new threats that are emerging almost daily.
Re-skilling and upskilling employees on the tools they need to handle new systems in your business is a powerful retention and attraction strategy.
Cybersecurity professionals are deeply aware of the need for continuous learning. This can take the shape of informal workshops within your organisation, industry conferences, network events and further study options. If you don’t invest in opportunities for your cyber team to learn and grow in their roles, you’ll lose them to a firm that does.
The best defense is to recruit smartly
It’s long been claimed that the best investment any of us can make is in our company’s people.
Nowhere is this truer in the current commercial environment than with building cybersecurity teams. With the right talent, you stand a far better chance to prevent hacks, breaches and attacks in the first place. Or seriously reduce their ability to cause harm if they do happen.