Cyber-attacks are on the rise, with a 38% jump in security incidents from 2014 to 2015. Companies in all industries are vulnerable, regardless of size – some 43% of attacks target small business. Attacks can cost into the millions for a single data breach, and more than half of these costs are related to lost business due to customer churn.
Since the best approach is prevention, it’s clear that cybersecurity needs to be part of your IT program. Finding the right talent is not so clear. Cybersecurity professionals are a unique group, so you’ll need a recruitment approach that is different from what you’re using with other positions.
A Unique Profile
The best in the trade think like the criminals they oppose, enabling them to anticipate hacker tactics and identify chinks in a system’s armor. Insiders joke that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating under the radar.
Very few post résumés, so you’ll need to leverage your best networking skills and hardcore power searching techniques. Be creative, Sherlock. But don’t email a link — they don’t click on links from unknown sources. Send a PDF with instructions for connecting with you.
Sell, Sell, Sell
Some estimate that half of cybersecurity professionals get a recruitment call at least once a week. If you reach out with a standard list of duties and requirements, your message will wash out among all the other background noise. You have to court talent in all areas, especially with hard-to-fill roles. Don’t think of it as a job posting, think of it as a sales pitch. Instead of focusing on what your company needs, lead with the selling points that will engage your target audience.
In general, cybersecurity professionals want the opportunity to:
- Take on intriguing work that is varied and unique.
- Try new tools and techniques to keep up with the ever-evolving threat landscape.
- Do more than just scratch the surface, including taking some deep dives into systems and code.
- Work remotely, even if only two or three days a week.
- Receive recognition and rewards, like the rest of us.
Apply Social Media Liberally
The content doesn’t have to be about job openings. Think of social media as digital pheromones that make your company attractive. Have team members in all disciplines share their ideas and insights. Blogs and tweets help establish your company as a thought leader, enhancing your brand.
But be sure to target the cybersecurity community specifically, including forums and discussion groups. Encourage your existing cybersecurity and IT talent to write blog posts and white papers on the topic. Spray those pheromones where they’ll get the best results.
PREMIUM CONTENT: IT Staffing Growth Assessment 2016
Stay Loose
With a pool this small, you can’t run an effective search if you focus only on screening people out. Loosen the requirements. For example, since security threats are constantly evolving, a degree probably isn’t as important as current experience. Another tactic: Instead of asking for five to seven years of experience, ask for three to five and highlight the opportunity for career growth.
Hopefully you weren’t expecting fast and easy tips for recruiting cybersecurity talent. You’ll have to invest time and money, but you can think of it as insurance against multi-million dollar losses.
