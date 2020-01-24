advertisement

There are currently four key market forces impacting the cyber market – increasing oversight by regulators, an explosion of security tools, a larger attack surface, and scarcer security personnel. According to (ISC) 2, the global shortage of IT security skills has now exceeded four million, and the number of security staff worldwide must increase by 145 percent to cope with the increasing demand for recruitment. The UK government recently announced plans to conduct its second check on the state of the country’s cybersecurity workforce.

As a cyber company that grew from five to fifty employees in just four years, we are well positioned to advise on how to attract and retain the best cyber employees. It’s hard to find the best and brightest the industry has to offer, especially when speed is important. After all, according to the ESG, over half (53 percent) of those surveyed said that their organization had a problematic lack of cybersecurity skills last year.

advertisement

So what did we do, what worked well, and how can you make sure you don’t fall victim to the lack of cyber skills? First, it is important that you stay true to your corporate values ​​and be clear about which type of person suits your corporate culture. This is fundamental – keeping track of the process quickly and making compromises is a completely wrong economy. You may hire more people, but they won’t stay with you. The impact of wrong personalities in the team can adversely affect the morale of the employees.

The best starting point is to think from the applicant’s perspective. Why should these talented people want to work for your organization? What’s in it for them and how does it fit in with the goals of your company or what you want to achieve in the areas you recruit? By answering these questions, you can ensure that the recruitment strategy is strengthened from the start. A job advertisement can say the right things – but if you don’t have the right work environment, you will still find it difficult to hire and retain the best candidates. So ask yourself if your organization is set up so that all kinds of people can thrive.

Take the right steps

It is also vital that you work with a broad and diverse talent pool. Including a broader element in hiring practices will naturally help you attract a wider range of applicants. You will start to find talent that you might otherwise have missed. Assuming you are working to make your organization more inclusive, you can take a few steps to attract more cyber talent, such as:

Get a picture of what a “typical Infosec candidate” will look like, and focus on the most important non-negotiable things you need to do on the first day and make sure that only these non-negotiable things matter.

Identify the values ​​you need to show – make sure they are specific, e.g.

Find ways for candidates to show that they are apt to learn and to be clear during the hiring process of how you can help them improve their skills and promote their career growth.

Forget about certifications, degrees, and the number of years of experience you have set – there are other ways people can demonstrate their core competencies. Strict training and skills experience can create artificial barriers to entry for many people.

When it comes to intangible incentives in a job advertisement, flexible work-life balance is a major challenge. People work effectively in different ways – distant, flexible working hours, part-time, job sharing and improved parental leave are all enormous advantages. All of this could make your role attractive and suitable for even more candidates who could do a fantastic job. So if you offer them, advertise them on your job advertisement.

There are a variety of options to promote your open roles. So many companies only rely on the organization’s network on LinkedIn, but how diverse is this network really? You can also connect to communities (meetups, schools, universities, local clubs) that don’t normally see your job ad – ideally long before you need to post it – by paying for advertising on their job boards or sponsoring their events. People will remember companies that sponsored their first CTF or security meeting when they were ready to find a job!

Once you have candidates through the door, another important area to address is how you can best reduce unconscious bias. An interview process based on a scorecard to assess the presentation of soft skills by candidates is extremely useful. Also, before offering roles, make sure that the team that works directly with the new employee is given the opportunity to speak to them.

Once on board, the obligation must remain. The basis for this must be clear corporate values ​​that enable a uniform language for your behavior and your dealings with one another. We also have a number of initiatives designed to ensure that our employees feel listened to and valued.

We conduct a Peakon survey weekly to give employees a voice. These are supported by functional Peakon working groups that are directly involved in how we can improve the management of the company from the office layout to product updates. There is also a large selection of groups that employees can join, from Sanctus to Yoga, Meditation Club and Sports Club – not to mention regular company parties!

Skills shortages are compounded by the evolving cybersecurity landscape, which means that hiring people is becoming an increasingly important strategic business priority. By investing time to train yourself and your company, to continuously improve your processes and to question your own assumptions and prejudices, you can ensure that you are able to keep and grow your teams successfully.

Sophie Harrison, chief of staff and co-founder of Panaseer

advertisement