Cyber Recruiting for Hiring Managers

Why is cyber recruiting for hiring managers so difficult? Well, you’re not alone in asking that question.

When Does Cyber Recruiting Fail?

A cybersecurity role is different from most other IT positions in that technical proficiency is often required for hiring managers to understand an applicant’s value.

Security professionals can’t simply be evaluated on their professional experience; they need to provide tangible evidence that they’re capable in their area of expertise.

For example, while a candidate with a CISSP certification certainly has knowledge at least around best practices, someone with a strong history of ethical hacking has more practical experience with mitigating risks in your environment.

However, all is not lost; even non-technical hiring managers who lack domain expertise can be successful in finding the right candidates with some technical help in place.

Before we dive in, consider hiring a veteran as a first choice, as some already possess a cyber background with experience.

Today’s article takes a look at one of the common challenges employers face while hiring cybersecurity candidates and a couple ways of alleviating that difficulty.

Lack Technical Proficiency?

It’s not uncommon for non-technical hiring managers and executives to have trouble telling one cybersecurity professional from another.

A hiring manager may look at two resumes that both contain the word “security” and assume they’re both equivalent.

If you didn’t know any better you’d see two resumes: one belonging to an expert advising governments on cyber policy, and the other managing federal compliance requirements for large corporations, and think they’re the same.

So if hiring managers and executives don’t understand the industry, how can they determine who and what is required for success.

Maybe it’s time to look towards your recruiter.

Time to Hire a Technical Recruiter

An experienced recruiter (or headhunter) is skilled at finding the right candidate.

Unfortunately, they’re not necessarily skilled in educating hiring managers or other decision makers on what an ideal candidate looks like.

Often recruiters are tasked with presenting candidates despite the fact that their hiring managers may have little to no actual knowledge of cybersecurity!

To combat this problem, some companies have opted for a technical recruiter to screen security candidates, especially when the hiring manager lacks the necessary skills.

The hiring manager focuses on business objectives and the recruiter focuses on vetting technical skills.

Fortunately, this model works well when you or your organization have little experience in recruiting security talent.

If this sounds like an ideal option, start having the conversation with your colleagues about bring aboard a technical recruiter with cyber experience.

Hire a Cyber Recruiting Firm

Vetting is an important part of recruiting cybersecurity talent, so it’s advisable to have a security professional as part of your overall recruitment process.

But, if your company doesn’t have an IT Security Professional or department to do the vetting for you, then it’s time to start looking into that.

Until then, you may want to consider outsourcing your security hiring to a third-party recruitment or security firm.

While there’s bound to be an additional cost in hiring an external firm, the benefits far outweigh the risks.

Third-party firms, specializing in cybersecurity recruitment, have access to a much more diverse skillset needed to identify quality candidates.

This means evaluating a candidate’s skills and qualifications based on multiple data points, beyond the resume, such as tech hubs (e.g.,GitHub profiles), gamification technologies (i.e. think Hack-the-Box or TryHackMe), or project-based cyber lab work.

So, if your vetting process is not as effective as it could be, consider hiring an external firm; they’re much more likely to do a better job finding candidates with less resources than you’re currently expending.

Vetting the Vetters

If you’re considering working with an external recruiting firm or bringing aboard a technical recruiter to enhance your cyber hiring practices, here are a few points to keep in mind:

Work with the best.

There’s a lot to be said for utilizing different types of recruiting organizations to accomplish your hiring goal.

But sometimes it pays to stick with one or two firms (or recruiters) that have the most experience in recruiting for your industry, and this is especially true of cybersecurity.

Recruiting is all about relationships, so it pays to favor recruiters who have established relationships in your niche area and can confidently match candidates with jobs that fit their unique skills sets.

Take a peak at their track record.

A good way to distinguish between okay and good firms/recruiters is by…

Looking at how long they’ve been in business.
Reviewing their previous client lists, if available.
Seeing how many candidates they’ve placed successfully.
Finding out how many clients they’ve retained over the years.
Asking if they’re affiliated with any professional associations.
Checking if they’ve received any industry awards and accreditations.
For recruiting firms, requesting verification of third-party quality control measures like ISO standards or other certifications that may demonstrate commitment to customer satisfaction.

As always, do your due diligence by performing the necessary business background checks.

Learn Cyber Recruiting Concepts

Regardless of how you source cyber candidates, the hiring process can be grueling.

Therefore, it’s important to improve the hiring experience for everyone involved.

A good way to get started is by educating yourself before jumping into recruiting new talent and learning the cyber lingo, full speed ahead if necessary.

Besides, a hiring manager who understands security concepts will eventually have a better idea of how and where cybersecurity candidates fit best into an organization’s existing structure.

By spending time learning about the cyber industry, you’ll naturally help everyone, including recruiters, to ask more relevant questions when hiring candidates, meaning less time wasted on bad hires later down the line!

Check out this article if you’re wondering how hard is cybersecurity?

Conclusion

Today’s article provided some context behind why hiring managers can have difficulty hiring quality cybersecurity candidates.

Recruiters, hiring managers, or executives may not have a security background or could lack any basic technical proficiency whatsoever.

If that’s the situation, companies have the option to either bring in a technical recruiter, or outsource the job to a third-party recruiting or security firm.

In any instance, by adding in a little elbow grease and taking on the optional tasks of learning basic cybersecurity terms and concepts, you put yourself in a much better position to hire and retain qualified security professionals.

You don’t need to become an expert right away, but by keeping a step ahead of your peers, you become a more integral aspect of your organization’s recruitment process.

And, with a bit of security knowledge, you’ll be much more prepared handling the next round of security recruitment.