One of the recent additions into the list of C-suite words is not a new management position but a burning top management concern- cyber security. Ask any company this cyber-word and they want to be on top of their game with cyber security. With global dearth of a large talent pool, the shortage of cyber security professionals is sometimes estimated to be as high as 145%. Despite such observations, the most common cyber security fixes in organisations are made in infrastructure and technology. While several organisations have gotten it right, little do we realise that cyber security in most organisations is actually more of a hiring crisisthan many other things.
“But how?”, organisations ask our tech recruitment team at BGC Group. Oftentimes, cyber security jobs are looked at in-silo; one or a few cyber security engineers, SOC experts, compliance officers etc. However, cyber security has become a crucial component across all IT roles; and organisations lack clarity of what talent and how many professionals do they actually need. This forms the biggest part of the cyber security recruitment crisis.
Next, organisations often tell BGC Group that despite having many open roles and positions, they are unable to fill them for months, sometimes years. After even having recruited people, they have problems in retaining talent. With our multi-dimensional experience in cyber security services and hiring, we understand these challenges, their causes and solutions. Let us take you through what it means to hire right, when it comes to cyber security talent:
1. Do you know what you need?
How you define your cyber security requirements defines a large part of the entire process. Do you need a dedicated security operations team? Do you need a data protection officer? Which teams require an IT Security specialist? These questions need to be asked and answered with the top management buy-in. One effective way to do this is by identifying your own organisation’s weak points to map out these requirements. Hiring has to then follow in a proactive and balanced manner rather than reactively and aggressively hiring in one particular team.
For example: after a data breach, companies often tend to ramp up security and hire a particular type of professionals while their real sore point could have required setting up another team or changing some other process.
2. Don’t over-want
The most common mistake that many non-specialist recruiters make is that of using standard eligibility requirements for a job, sometimes requiring more experience in a certain technology than the age of the technology itself. While an IT background is mostly desired by hiring managers in their cyber security hires, a wide number of these professionals now also come from backgrounds in law enforcement, forensic and financial auditing etc.
First, a comprehensive understanding of what a role demands, in terms of skills and capabilities is very important. When you post about these new openings or roles and over-state expectations, it can throw off potentially eligible and fit candidates as well. If you are not sure what skills and capabilities are really needed, get in touch with our technology recruitment specialists at BGC Group.
Secondly, a degree in cyber security or a fancy certification as a must-have may not be the best way to prove a candidate’s skill set. In fact, more relaxed educational requirements will give you access to a larger talent pool that did not attend university but has demonstrated better command over the skills that are required to do the job.
3. Hire unconventionally
The more traditional ways of cross-hiring, hiring from campuses remain relevant but now it is also important to look beyond, at the curiosity and passion in candidates for cyber security more than anything else. Hiring through events like hackathons, CTF events, bug bounty programmes etc. are some unconventional ways to engage problem solving skills of participants and enable hiring of the right talent. This would ensure that your hires stay invested in and updated about the domain along the course of their employment while demonstrating evidence of the skills actually needed for the job.
4. Be a choice employer: Ask what can you offer them
Most professionals in the domain of cyber security are young and know what their financial worth is. So, many of them are not simply looking for great salary packages and incentives. Instead, such professionals look for a sense of purpose in jobs, work-life balance, intellectually stimulating opportunities, greater flexibility of work and the opportunity to work on challenging and innovative problems. As an organisation looking to attract high quality tech talents, you would need to position yourself as an employer of choice.
5. Use external service providers who specialise in technology recruitment
One of most underrated hiring practices is that of using external service providers. It doesn’t matter if your organisation’s primary focus is cyber or not; you need capacity and talent in cyber security. At BGC Group, we are IT recruitment specialists who make certain you understand your cyber security needs. This is so that we are able to interface with the right kind of talent for those needs. Contrary to popular belief, external service providers can actually complement your existing hiring processes.
BGC Group's belief is not to disrupt, but rather, mingle with your existing business processes as a reliable business support. With decades in HR and specialising in tech sourcing, we ensure that we quickly adapt to your organisational ethics and needs while ensuring optimal investment into your hiring process. With all this comes our highly curated network of talented and skilled tech professionals in their field with relevant and demonstrated experience.
Whether internally or with external support, you need to quickly ramp up change in order to be in a better position to protect the organisation from cyber-attacks. And this change is best started at home by revisiting your workforce skills and capacity. With our recommendations and markers in mind, we strongly urge organisations to re-think and investigate if there is any gap in their cyber security related hiring processes.
And should you need a hand with hiring cyber security specialists, reach out to us!
More Recommended Reads for HR & Employers:
BGC HR Back to Basics: What Do These Programming Languages Mean?
How to: Interview Tech and Cyber Security Candidates in Singapore
Why Hiring Singaporean Employees Should be HR’s Top Priority Post-Pandemic
How to Talk to C-Suite Executives Employees About Cyber Security