Work

Your cybersecurity staffing gap might be a creativity gap

There’s no end in sight to the cybersecurity staffing gap, but recruiters can get creative.
article cover

Miodrag Ignjatovic/Getty Images

· 3 min read

It’s no secret that there aren’t enough cybersecurity chefs in the kitchen: Surveys have shown that demand continues to outpace supply, even as hundreds of thousands of new roles were added to the global workforce last year.

Hiring to fill the estimated global deficit of 2.72 million cybersecurity roles isn’t going to happen overnight. In the meantime, industry leaders told IT Brew, recruiters should be rethinking the way they’re going about the hiring process by finding less traditional candidates, and by involving hiring managers who understand the complexity of the open jobs.

Don’t Ctrl + Paste job ads

“The trend of understaffing for cybersecurity has persisted for years because of the complexity of the issue at hand,” Candy Alexander, CISO at NeuEon and international board president at the Information Systems Security Association, wrote to IT Brew via email. Alexander added that HR departments often don’t understand the roles they’re recruiting for, cobbling together job listings from “other bad job descriptions” or relying on keywords to filter candidates.

That’s why it is common to “see an entry-level position that requires three years or more experience,” Alexander continued. “Or a CISO position that requires hands-on contributions, which is like having a VP of manufacturing that requires them to work on the assembly line. It just doesn’t make sense.”

And don’t just Ctrl + F résumés

One major first step is to ensure hiring managers who understand open roles are involved in the screening and interviewing process, Alexander told IT Brew. But recruiters should also realize certs and specific technical skill sets aren’t the only kind of experience that matters.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

For example, a “financial analyst would be a great infosec analyst or GRC (Governance, Risk, and Compliance) analyst that is responsible for spotting trends in issues,” Alexander wrote. “Or a project manager…would be great at managing a risk or compliance program by following up on risk mitigation tasks.” (That’s another area where filtering applications by keywords can be a problem, Alexander added.)

A recent Trellix survey  showed widespread concern about the risks associated with the dearth of cybersecurity professionals. To ease the shortage, a 2018 report suggests, recruiters need to court candidates from underrepresented groups and non-traditional backgrounds.

Kevin Simzer, COO at Trend Micro, told IT Brew the company has had luck recruiting nontraditional candidates whose skills are “a little more raw” and paying them to take six-month training courses before giving out full-time job offers. Trend Micro then tries to place the remainder with clients and other partners, with those alums often maintaining long-term relationships with the company.

“Some people might be more mercenary, [but] we find curating our own talent can actually produce better results in the long haul if you're patient and willing to work with them,” Simzer said. “We hire about half of the graduating class, and then we help to get the rest of the people jobs in our ecosystem…They're still going to be representing and carrying that Trend Micro flag.”—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

Top insights for IT pros

From cybersecurity and big data to software development and gaming. Our IT Brew newsletter delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.