Decision Toolbox acquired by leader in integrated employee engagement solutions, Engage2Excel.Read the full story.

Undercover Recruiting: Tips for Engaging Cybersecurity Talent

image description

By Domini Clark, Director of Strategy at InfoSec Connect and Senior Recruiter at Decision Toolbox
With Tom Brennan, Master Writer

It can be easy to think of cyber-attacks as something that only happens to other companies. Unfortunately, a more realistic view is not whether it will happen, but when it will happen to your organization. Cyber-attacks are on the rise. PwC’s Global State of Information Security Survey 2016 stated that, across all industries, there were 38% more security incidents in 2015 than in 2014.

It doesn’t just happen to giant corporations like Yahoo!, Sony and T-Mobile. SmallBizTrends.com claims that 43% of attacks on businesses target small business. Large or small, it can cost you plenty. The average total cost of a single data breach was $7 million — up from $5.4 million in 2013 — according to the 2016 Ponemon Cost of Data Breach Study. More than half of these costs are related to lost business due to customer churn.

The best approach to cyber security is to prevent the hacks, attacks and breeches. However, as you probably are aware, there simply aren’t enough talented IT security professionals available to do this work. In the first two parts of this three-part blog I’ll provide some tips for optimizing your efforts to recruit cybersecurity talent right now, as well as some longer-term suggestions for attracting more people to this field. In part three I’ll explore some ways of promoting inclusion and integration of including women and other underrepresented groups — well over half the working population — into the profession.

Making Contact: “I’ll Be the One with the Red Carnation”

The best cybersecurity professionals think like criminals. The joke in the industry is that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. They know better than to have a high-profile online presence. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating in “stealth mode.”

You won’t find their résumé on CareerBuilder or LinkedIn, so you’ll need to leverage your best networking skills and hardcore power searching techniques. If your quarry thinks like a criminal, you have to think like Sherlock Holmes to track them down. Don’t email them a link to apply — they won’t click on a link from an unknown source (and neither should you). Send them a PDF with instructions for connecting with you.

They’ve Heard it All Before

The demand for these professionals means that they are constantly hearing from recruiters. InformationWeek’s DarkReading.com cites new research by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) indicating that about half of cybersecurity professionals are contacted by a recruiter at least once a week. If you post a standard HR job description of duties and requirements, it will wash out among all the other background noise.

In today’s talent market you have to court talent, and that is triply true of cybersecurity professionals. Don’t think of it as a job posting, think of it as a sales pitch. Resist the ingrained habit of listing what your company needs, and focus instead on what will engage the interest of your target audience.

What They Want and When They Want It

Your pitch should appeal to this group’s common hot buttons:

  • They want to do intriguing work that is varied and unique — let them use their devious creativity to your company’s advantage.
  • They want to try new tools and techniques to keep up with the ever-evolving threat landscape. If you’ve got the coolest technology, your pitch should highlight that.
  • They want to do more than just scratch the surface . . . offer them opportunities not only to look under the hood, but also to take some deep dives into your systems and code.
  • They want the option to work remotely. Your organization may cling to traditional models, but if virtual options give you an edge in the talent war, it’s time to loosen up.
  • They want to know that the organization appreciates and values their contribution — like other employee in your company. If you don’t have a proactive recognition and rewards program in place, now’s the time.

Read on for Part Two, where I share more recruitment tactics and strategies, as well as some ideas about building a longer-term talent pipeline, including attracting more women and underrepresented groups to the cybersecurity profession.

Connect with Domini on LinkedIn.

Did You Enjoy This Article? Sign up for Decision Toolbox’s monthly newsletter: Inside the Box.

Inside the Box will share the secrets of life long happiness….not really, but we will provide you with some great talent acquisition articles and tips that will hopefully make your working life better. You’ll also get the inside scoop on DT.

Leave a Reply

Your email address will not be published. Required fields are marked *

See what our clients are saying…

Believe it or not, we don’t have giant heads. See More Client Quotes

  • " (DT Recruiter) did a superb job! Always prepared and all her candidates were spot on! "
  • " The entire team at Decision Toolbox has been amazing. I am very impressed with the level of professionalism, the quick response time and follow through as well as the ease of using your on-line tools. (DT Recruiter) has been a pleasure to work with and has done an outstanding job narrowing down the search to give us several candidates that will make our final decision very difficult. "
  • " We would not be where we are without you. "
  • " I appreciate all the time put into not sending me dozens of candidates but instead screening and only sending me what I was looking for. "
DecisionToolbox 800-344-2026 info@dtoolbox.com