cybersecurity risk management hiring

How to Hire for Cybersecurity

A report from Cybersecurity Ventures has estimated that there will be 3.5 million unfilled cybersecurity jobs by 2021. At a time when cybercriminals are becoming more sophisticated and adept, this is an important issue for all of us.

Senior-level executives and board members can’t afford to be complacent about this potential skills gap and can take steps now to help their organizations be better positioned to hire and train the next generation of security professionals.

It starts with recognizing that this is a challenge that will not go away on its own and then working with your teams to establish hiring policies and practices, as well as training programs, that identify and inspire cybersecurity job candidates and eventual leaders.

Here are some areas where your organization can take a leadership position in closing the skills gap.

Job Requisitions

We need to cultivate and hire the next generation of cybersecurity professionals who are strategic, creative and adaptable. Most job descriptions for cybersecurity positions require an extensive list of certifications and technical skills. Many of these are important, but not all of them.

You should have your hiring teams take the time to really evaluate each position to determine if all of those certifications and technical skills are truly required. Either way, they should consider rewriting job requisitions to also include leadership and problem-solving skills.

Since job requisitions are usually the first communication to reach candidates, having well-written ones that convey a more strategic approach, explain the team’s openness to different experiences, and highlight the need for collaboration will welcome qualified candidates to take that first step in applying for the position.

Interview for Diverse Mindsets

Building strong teams in a tight market means organizations must look for talented people who possess strong complementary skills. If everyone on the team has similar skills, experiences and backgrounds, then there could be gaps when it comes time to solve problems that the team has not encountered before.

The interview is a great way to understand a candidate’s perspectives, areas of expertise, problem-solving skills and leadership abilities. Managers who only use the interview to fire off a series of questions about one topic or one skill are missing an important opportunity. We need to build teams that are diverse to be prepared to solve tomorrow’s problems.

Cybersecurity leaders and managers, when possible, should devote time to meeting and talking to students and other potential candidates at career fair events at universities and security conferences, such as the Grace Hopper Celebration (GHC) event and the Women in CyberSecurity (WiCyS) conference.

These events provide great opportunities to network, meet potential candidates and use interview techniques to have meaningful conversations and build relationships with future team members. Make sure your hiring teams are out where the best job candidates are.

Invest in Continuous Learning & Automation

The plan for hiring success doesn’t stop when the candidate has accepted the job offer. It extends to encouraging new team members to bring their ideas and energy to the team and figuring out how the steps for continuous learning for individuals as well as the group.

Your leaders and managers have the responsibility to work with their teams to come up with personal development plans and provide a strategic vision for the group. During one-on-one meetings, they can set aside time to ask team members what they think can be improved, what they are excited about and what has become mundane. Chances are that tasks that have become routine can be automated. Automation can free up valuable time for cybersecurity professionals to focus on more challenging work and threat hunting.

Building the Best Teams

There are no tricks or shortcuts for filling in the current skills gaps. It is about being open to hiring candidates with varied skills, experiences and mindsets; investing in each team member to ensure continued growth and learning; and cultivating a team culture that welcomes new ideas and perspectives. The time investment will be well worth it for any organization that wants to build the best security team to protect their organization.

If your organization can offer security professionals a chance to be part of a team that solves challenging problems, support to carve out a career that they’re passionate about, and an environment that appreciates the skills they bring—the hiring process can be extremely rewarding. New team members will soon be the champions for your organization and will help spread the word about why your organization is a great place for anyone interested in a career in cybersecurity.