As cybercriminals’ tactics become more sophisticated, the need for effective threat reduction strategies to your organization is critical. With 39% of organizations experiencing an attack within a year, there has never been a greater urgency to hire professionals who can mitigate risk from within.
Cyber security experts are more in demand than ever. In the UK alone, it is estimated that there are currently between 100,000 and 150,000 unfilled cybersecurity vacancies. And despite government efforts, a national cyber skills survey has revealed that half (51%) of all private sector companies in the UK have identified a lack of basic technical cybersecurity skills.
For a job function that barely existed a decade or two ago, skilled cybersecurity professionals are now able to call the shots. So how do you attract the best?
If you, as an employer, offer good salary packages, working conditions, and compelling advancement opportunities, what else can you do to attract these talents and protect your business from a growing threat? Here are three suggestions:
1. Aim early
Global student news site Stunited recently listed cybersecurity among the six most in-demand jobs in the UK. Consider recruitment practices that attract early-stage applicants. Explore in-person and virtual events to connect with students and invest in online and offline marketing strategies to engage them at a stage when they are still contemplating the plethora of options for their future.
2. Diversify your target audience
In the UK, 85% of cybersecurity professionals are white and 64% are male. It is therefore important to expand the network to attract a pool of applicants from under-represented groups. A diverse workforce has numerous benefits. A 2017 study by the Boston Consulting Group (BCG) identified diversity as a key driver of innovation, finding that diverse teams generate 19% more revenue. Diversity also entails differences in ways of thinking and experiencing, and has also been attributed to increases in productivity and a reduction in staff turnover.
3. Review your recruitment processes
Before you implement policies to increase diversity, you need to know who is currently applying. Gather data about applicants to determine if you need to take proactive steps to attract specific groups – you can’t make rational business decisions without data.
Analyze job descriptions to eliminate bias so you don’t put anyone off. Check the language – are you subconsciously designing job ads and application forms for a white male?
Consider a post-application survey so you can determine what attracts recruits and what might make them drop out. You’d be surprised how many people want to share their feedback, because a negative application process can put off an applicant forever, and you could miss out on the best talent through ignorance. We have implemented an applicant tracking system to understand where our candidates are coming from, to see how diverse the candidate pool is (or not), and to improve the candidate experience by being able to track how the process progresses and ends.
Once you have these cyber experts on board, you need to keep them. In an increasingly competitive environment, you want to make sure they’re engaged and not be tempted by other companies offering something seemingly better. But how do you know that? These two approaches can help:
1. Introduce regular feedback
Introducing continuous feedback is crucial. First, taking the time to listen shows recognition of psychological safety and helps them feel empowered. Holding meetings regularly provides an opportunity to raise concerns early so they can be addressed before they escalate. If you only have a standard annual performance review, you could lose that team member before they have a chance to air their grievances.
2. Maintain an open culture
Ensure feedback processes foster a culture of openness and authenticity. If the employee feels uncomfortable, the whole exercise is useless. Maybe it’s more of an informal coffee break outside of the office than an intimidating formal meeting. Offer an objective ear – the team member may not want to share their concerns with their line manager, but will be more open and honest with someone they don’t work directly with.
The daily work environment should also promote a culture of openness and the exchange of ideas. The best cyber professionals tend to be curious and eager to learn. So giving them the opportunity to evaluate or work on new projects to “feed” that natural curiosity will make them feel valued and fulfilled.
At our company, we are on a continuous and evolving path when it comes to diversity and inclusion, but are already seeing an impact when it comes to filling cyber roles.
Since we implemented HR policies, including refining job descriptions and expanding our candidate search, we have seen an increase in underrepresented groups applying and are seeing improved efficiency among hiring managers as a result of the refinement of our processes.
We see diversity and inclusion as a learning path, but we are on the right track. In the battle for the best cyber professionals, those companies will be rewarded that demonstrate open-mindedness and objectivity, as well as proactive steps to reach and engage a diverse pool.