Why is cyber recruiting for hiring managers so difficult? Well, you’re not alone in asking that question.
When Does Cyber Recruiting Fail?
A cybersecurity role is different from most other IT positions in that technical proficiency is often required for hiring managers to understand an applicant’s value.
Security professionals can’t simply be evaluated on their professional experience; they need to provide tangible evidence that they’re capable in their area of expertise.
For example, while a candidate with a CISSP certification certainly has knowledge at least around best practices, someone with a strong history of ethical hacking has more practical experience with mitigating risks in your environment.
However, all is not lost; even non-technical hiring managers who lack domain expertise can be successful in finding the right candidates with some technical help in place.
Today’s article takes a look at one of the common challenges employers face while hiring cybersecurity candidates and a couple ways of alleviating that difficulty.
Lack Technical Proficiency?
It’s not uncommon for non-technical hiring managers and executives to have trouble telling one cybersecurity professional from another.
A hiring manager may look at two resumes that both contain the word “security” and assume they’re both equivalent.
If you didn’t know any better you’d see two resumes: one belonging to an expert advising governments on cyber policy, and the other managing federal compliance requirements for large corporations, and think they’re the same.
So if hiring managers and executives don’t understand the industry, how can they determine who and what is required for success.
Maybe it’s time to look towards your recruiter.
Time to Hire a Technical Recruiter
An experienced recruiter (or headhunter) is skilled at finding the right candidate.
Unfortunately, they’re not necessarily skilled in educating hiring managers or other decision makers on what an ideal candidate looks like.
Often recruiters are tasked with presenting candidates despite the fact that their hiring managers may have little to no actual knowledge of cybersecurity!
To combat this problem, some companies have opted for a technical recruiter to screen security candidates, especially when the hiring manager lacks the necessary skills.
The hiring manager focuses on business objectives and the recruiter focuses on vetting technical skills.
Fortunately, this model works well when you or your organization have little experience in recruiting security talent.
If this sounds like an ideal option, start having the conversation with your colleagues about bring aboard a technical recruiter with cyber experience.
Hire a Cyber Recruiting Firm
Vetting is an important part of recruiting cybersecurity talent. Therefore, it’s advisable to have a security professional as part of your overall recruitment process.
But, what if your company doesn’t have an IT Security Professional or department to do the vetting for you?
Until then, you may want to consider outsourcing your cybersecurity hiring needs to a third-party recruitment or security firm.
While hiring an external firm presents higher costs, the benefits far outweigh the risks.
Third-party firms, specializing in cybersecurity recruitment, have access to a diverse set of qualified candidates.
This means evaluating a candidate’s skills and qualifications based on multiple data points, beyond the resume, such as tech hubs (e.g.,GitHub profiles), gamification technologies (i.e. think Hack-the-Box or TryHackMe), or project-based cyber lab work.
So, if your vetting process isn’t working, consider hiring an external firm. They’re likely to do a better job finding candidates with fewer resources.
Vetting the Vetters
If you’re considering working with an external recruiting firm or bringing aboard a technical recruiter to enhance your cyber hiring practices, here are a few points to keep in mind:
Work with the best.
Sometimes, it pays to stick with one or two firms (or recruiters) that have the most experience in cybersecurity recruiting.
Recruiting is all about relationships, use recruiters who have established relationships in your niche area. They’ll do a better at matching candidates with positions that fit their unique skills sets.
Take a peak at their track record.
A good way to distinguish between okay and good firms/recruiters is by reviewing…
- How long they’ve been in business?
- Their previous client lists.
- How many candidates they’ve placed successfully?
- How many veterans have they placed?
- How many clients they’ve retained over the years?
- If they’re affiliated with any professional associations.
- If they’ve received any industry awards and accreditations.
- For recruiting firms, requesting verification of third-party quality control measures like ISO standards or other certifications that may demonstrate commitment to customer satisfaction.
As always, do your due diligence by performing the necessary business background checks.
Learn Cyber Recruiting Concepts
Regardless of how you source cyber candidates, the hiring process is tough.
Therefore, it’s important to improve the hiring experience for everyone involved.
A good way to get started is by educating yourself before jumping into recruiting new talent. Learn the cyber lingo, full speed ahead if necessary.
Besides, a hiring manager who understands security concepts will know how and where cybersecurity candidates fit best into your company.
By spending time learning about the cyber industry, you’ll naturally help everyone ask more relevant questions. This means less time wasted on bad hires later down the line!
Check out this article if you’re wondering how hard is cybersecurity?
Conclusion
Today’s article provided some context behind why hiring managers can have difficulty hiring quality cybersecurity candidates.
Recruiters, hiring managers, or executives may not have a security background or could lack any basic technical proficiency whatsoever.
If that’s the situation, companies have the option to either bring in a technical recruiter, or outsource the job to a third-party recruiting or security firm.
In any instance, by adding in a little elbow grease and taking on the optional tasks of learning basic cybersecurity terms and concepts, you put yourself in a much better position to hire and retain qualified security professionals.
You don’t need to become an expert right away, but by keeping a step ahead of your peers, you become a more integral aspect of your organization’s recruitment process.
And, with a bit of security knowledge, you’ll be much more prepared handling the next round of security recruitment.
Want more of the latest cybersecurity job news?