Last week we took a look at the job landscape for IT security pros. Suffice to say, life is good for them right now. We shared some tips for considering multiple job offers and how to weigh the costs/benefits of each. When you hold all the power in deciding where to take your career, you have the luxury to be patient and find the best possible job situation.
Unfortunately, employers aren’t as lucky.
As our last blog mentioned, a recent survey from Tripwire shows that 93 percent of IT security professionals are concerned about the industry's skills gap and its ability to fill it. The survey said 72 percent of those IT security folks report that it’s tougher to hire skilled cybersecurity talent now than it was two years ago. For many organizations, the likelihood of that perfect, all-star candidate being available aren’t very high. And if there exists a need to hire multiple IT security pros, finding fully qualified, seasoned vets just isn’t going to happen. There aren’t enough to go around.
And while that’s distressing news for many employers, it’s certainly not all doom and gloom. There are strategies businesses and hiring managers can use to fill that talent gap and eventually find who they are looking for—someone just waiting to blossom into a new, more challenging role. It all starts with instituting more creative hiring practices.
Here are some of our tips and tricks for getting creative when it comes to finding and hiring IT security professionals.
Broaden Your Definitions of “Qualified”
In a world where free agent IT security pros are virtually nonexistent and recruiting passively employed pros is like finding a needle in a haystack, hiring managers have needed to broaden their definition of what they consider a “qualified IT security pro.” In this climate, that means considering someone with 3 years of experience rather than 8-10. It means taking a chance on someone who’s spent time working in IT security and while he may not have direct experience in cloud security design, is open to learning on the fly. If the person isn’t located near your office headquarters, it may be time to consider if remote work is a possibility.
Finding an IT professional who checks off all the boxes is hard enough; finding the perfect IT security candidate is an entirely different ballgame. It’s important to have a nice-to-have list of qualifications when hiring, but considering how few candidates there are out there, it’s even more critical to cut that list to just a few must-haves (and even that can be fluid) when searching for IT security workers.
Consider More Contract Labor
When it comes to highly specialized, highly technical labor like IT security, finding full-time employees is not only difficult, it may not even be necessary. IT security is a demanding job but not necessarily one that requires the typical year-round, 40+ hours a week to do it effectively. If your company is introducing a new security software or bulking up the digital safety of its existing technology infrastructure, it may only require the help of a highly skilled pro for a finite amount of time.
Additionally, hiring IT security pros temporarily allows for leaders to evaluate the person and see if his/her qualifications truly match with the requirements of the job. It’s also important to see if he/she fits within the company culture. If not, and the need for similar work arises in the future, the company isn’t tied down to a single individual and has the freedom to explore other options.
Introduce Internal Training Programs or Apprenticeships
This is a tip for the long-term, but if the ability, staff and resources exist, developing true IT security stars is perhaps the smartest move a company can make. Not only will hiring young, less experienced IT security pros be more affordable but in-house staff can train these individuals on the exact programs they’ll work with, methods and processes they’ll use, and skills they’ll need in order to succeed at the company.
Another option many companies are beginning to use is a college/university partnership. These alliances give students unique access and experience at today’s best companies while giving the businesses the opportunity to recruit the next generation of IT pros before they even graduate.
While it isn’t the best time to be a company in need of IT security professionals, with the right mindset and a willingness to embrace different hiring strategies and a long-term outlook, there are avenues to finding them. It’s just going to take commitment in order to do so.