Cybersecurity professionals encompass a wide range of job roles including security engineer, cryptographer, ethical hacker, security analyst, vulnerability tester, security consultant, and more.
Broadly speaking, cybersecurity professionals are individuals who have been trained to protect data via various different methods.
The need for dedicated cybersecurity professionals in the US has been recognized by both business leaders and members of the government. Recent large data breaches and politically-motivated cyber crime are some of the reasons why the need for such individuals as standard in many organizations has been identified.
However, there is currently a nationwide shortage of workers with sufficient training to enter a cybersecurity-focused role, and an estimated shortfall of 1.5 million professionals is estimated by 2020. The demand for cybersecurity professionals is expected to rise 53% through 2018.
With such a lack of necessary talent, it can be challenging to secure staff to fit cybersecurity roles, so what is the best way to recruit for such a position?
Table of Contents
Recruit Graduates from Specialist Cybersecurity Courses
A number of universities have recognized this growing need for workers with specialist training in cybersecurity and have responded by developing courses intended to address this need.
Some examples of courses available at the bachelor’s degree and master’s level include:
- Cybersecurity Management and Policy
- Digital Forensics and Cyber Investigation
- Information Security
- Network Security
However, there is a lot more to being a successful cybersecurity professional than learning theory, and in many cases it makes more sense to hire an individual with a more generic computer science qualification, but up-to-date industry experience in the cybersecurity field.
Look for the Key Skills for Cybersecurity Experts
When it comes to recruiting a cybersecurity specialist, the candidate who is most qualified on paper is not necessarily the best one for the job. Those who are most successful in the field tend to think outside the box and boast skills that may be demonstrated through prior experience or practical tests and demonstrations.
- Ability to detect unauthorized intrusion on systems via network traffic, unusual activity, or physical threats
- Secure software development skills
- Ability to analyze, diagnose, and detect security risks
- Keeping up to date with the latest news and developments in cybersecurity
- Skilled in innovation and attacking problems from different angles
- Understanding of network architecture
- Strong communication and collaboration skills with other colleagues and customers
- Understanding of secure exit practices
- Cybersecurity awareness
Be Flexible With Job Requirements
Certain requirements, such as a particular degree, or needing a certain number of years of experience, reduces the pool of qualified applicants and may eliminate talented individuals before they have a chance to demonstrate their skills.
For example, 90% of security engineering jobs currently require certification as a Certified Information Systems Security Professional (CISSP), but this certification requires a minimum of five years industrial experience to obtain.
While those candidates with this certification may be more qualified than those without, it may not be necessary for every position in cybersecurity, particularly entry-level roles.
Things change so fast in the world of cybersecurity that a long period of experience in a particular technology may not even be possible, so it’s important to bear this in mind and be flexible with recruitment requirements.
Train Staff In-house
Sometimes the best place to look for when recruiting cybersecurity professionals is to seek out talent from within your existing team.
Employees who are already familiar with your systems and network have a head start on any new recruit, and may be just as suited for the position – particularly if they have demonstrated some of the key skills listed above.
In-house training programs can be very successful, particularly when provided from several different angles including management and communication, as well as just technical skills.
Bringing in external experts and consultants for training processes can be a costly business, but it may well work out cheaper than starting the hiring and new employee integration process from scratch.
Staff can also be given the option to attain additional qualifications through external training outside of work hours. This can be attractive if costs are covered by the company, particularly with the incentive of a higher paid role further down the track.
Offer Attractive Salaries and Benefits
With such a shortage of cybersecurity professionals, those with the best skills and brightest prospects are often snapped up by big companies like Google and Microsoft.
Smaller companies with lower budgets can find it difficult to compete, nevertheless cybersecurity roles should attract generally higher salaries than other positions within the IT team.
The average US salary for a cybersecurity specialist is currently $82,000 and salaries for top chief information security officers (CISOs) have reached as high as $420,000, and are expected to continue to grow.
Not every company can afford to offer the top salaries, but this can sometimes be offset with attractive benefits such as health care, retirement contributions and saving schemes, generous leave, and family-friendly and flexible working policies.
Such benefits will also help to retain those all-important cybersecurity staff once you have hired or trained them, and will help to avoid the additional costs of recruitment in the future.
Security as a service
Another option, if employing an employee dedicated to cybersecurity is out of budget, is to outsource some of your company’s security needs to a provider offering security as a service (SECaas).
SECaas is a cloud business model offering security services such as general security management and assessment, authentication, anti-malware, and intrusion detection, on a subscription basis.
SECaas providers like Spinbackup provide the vital security services required to secure data on a much lower budget than it would cost to pay a dedicated in-house employee.