Despite the economic obstacles posed by COVID-19, the (ISC)2 Cybersecurity Workforce Study, 2020 found that the global shortfall fell from 4 million to 3.1 million in 2020. While more cybersecurity jobs are being filled than in years past, a big deficit remains.
Mello cites current privacy legislation like the EU’s GDPR and California’s CCPA as reasons why every corporation is a technology company. So skills like securely handling personal data, which were previously exclusively required by certain businesses like healthcare, are now required by all.
Find talent outside the regular locations.
Experts such as Andy Roeth, security manager at DHI Group, and Deborah Golden, US cyber and strategic risk leader at Deloitte Risk and Financial Advisory, advised Mello that corporations move away from recruiting candidates from a select group of institutions with proper degrees. They also suggested looking inward. There are employees that do not work in cybersecurity but have relevant skills.
Capture-the-Flag, Bug Bounty, and other skill-based competitions are great venues to uncover high-performing cybersecurity candidates.
Alan Paller, president of the SANS Institute, told Mello that apprenticeship programmed are a key source of talent.
Require no specific skills from candidates
According to Neha Joshi, strategy and innovation lead at Accenture Security, cybersecurity is perceived as complex and requiring specialized expertise. In actuality, cybersecurity abilities aren’t that different from other computer skills.
“If we just recruit from the same programmed, or from individuals who have gone through comparable curriculum, we will place ourselves at a strategic disadvantage,” says Mello, quoting Deloitte Risk and Financial Advisory’s Golden.
Look for related talents outside of school
Initially, cybersecurity was taught via trial and error. Joshi of Accenture Security proposed this to Mello. It allows for imaginative problem solving. “Problems evolve over time, therefore we need security team members to handle not only today’s problems, but ones they’ve never encountered before,” said Joshi.
RSA Security’s field chief technology officer, Ben Smith, had an unusual viewpoint. “Smart hiring managers recognize they aren’t just looking for candidates,” Smith told Mello. ‘Where can that new hire makes the most impact in making your team stronger as a whole?’
Be eager to train new employees
According to DHI Group’s Roeth, finding the appropriate applicant is difficult, thus specialist cybersecurity training or in-house training is critical.
“Security is a vast field with numerous skills, therefore there are many people who may not be perfect fit but may be following training,” said Roeth. Recruiters and technologists can pigeonhole themselves by focusing on very particular security expertise.
Give a candidate context by using certs
Experts disagree on this one. Half believe certificates show potential hires have taken the time to educate themselves.
Others, like Gurukul’s CEO Saryu Nayyar, say certifications only verify an applicant can study for and pass a test of competence and knowledge.
Melanie Kruger of Red Canary feels both should be considered when choosing the best candidate. The humility gained through trial and error and safe-space mistakes that come with on-the-job learning is what Kruger values most.
Preparation of Job Descriptions
“A job description should be about the projects and activities to be done, not the profile of the individual you believe you want to hire,” said Deidre Diamond, founder and CEO of Cyberese, a cybersecurity recruiting firm. “Job descriptions important. You’re off to the wrong start.”
Sell the position and firm
Looking at any of the top tech companies, it’s clear that culture matters as much as position. Hiring managers must know what candidates want and must offer it to them. SANS Institute’s Paller emphasizes the importance of “difficult job” and “Is the company going to invest in my skills?”
See Also: How to Fix [pii_email_9773c39327eaa6a2c2de] Email Error?
Mello and the experts stressed the importance of keeping new hires. Each new recruit must have a succession plan in place. Diamond is blunt:
“Without succession planning, there is no training of juniors, no one to take things off their plate, and individuals are changing roles every 12 to 18 months, which is not beneficial for a company. Dextrorse is offering the free cyber security courses to educate the world and spread cyber security awareness. You can also get cybersecurity consultation from expert researchers.