December 26, 2018 By Christophe Veltsos 4 min read

As 2018 draws to a close, the state of the cyber workforce can be summed up in two words: “Help Wanted!”

The numbers prove it: In November, the National Institute of Standards and Technology (NIST) released updated workforce numbers through its CyberSeek security jobs heat map. According to NIST, there were over 313,000 job openings from September 2017 to September 2018, not including the security professionals currently employed.

Just a month earlier, the International Information System Security Certification Consortium (ISC2) released its yearly “Cybersecurity Workforce Study,” in which it estimated that there were nearly half a million open jobs in North America. According to the report, 63 percent of respondents deal with challenges related to a shortage of dedicated cybersecurity staff. Nearly six in 10 organizations reported that this talent shortage puts them at moderate-to-extreme risk.

If your organization is looking to hire cybersecurity professionals, it’s likely to meet fierce competition for the limited talent supply. That’s why hiring managers need to get creative to get ahead. Here are four out-of-the-box strategies to help your organization bridge the skills gap and hire top-tier cybersecurity talent in 2019.

1. Explore Scholarship Offerings

If you have entry-level cybersecurity positions available, you can find nascent talent in the many regional colleges and universities that dot the landscape. A booth at the career fair might help plant a few seeds, but it won’t necessarily bring qualified students in droves. There’s a lot of competition for students’ attention these days, and unless you’re a thoroughly established household brand, you’re going to have to roll up your sleeves a bit and find ways to make a connection.

As many students struggle with increasing student loan debt, one way to get their attention is through by offering scholarships. Most institutions will be happy to work with you to select students that meet your criteria. Not only will your contributions expand the emerging cybersecurity talent pool, but as students approach graduation, they’ll remember those scholarships and, more importantly, your company.

2. Initiate Academic Partnerships

If money for scholarships isn’t available, you can make an indelible mark on young minds by developing educational partnerships with instructors. Most college professors recognize the incredible value external speakers bring to the classroom to infuse the curriculum with real-world projects and issues. A great benefit of regular interactions with relevant courses and students is early access to talent; you can get to potential job candidates well before your competition sits across the table at the next career fair.

Sustaining regular interactions with courses creates a solid knowledge base, but most students want or are required to work an internship before graduation. Although summer internships are the norm, many schools have flexible programs that can span or extend into fall and spring semesters. To further diversify the talent pool, consider creating an apprenticeship program to select and grow your workforce.

Competition for talent is so strong that hiring managers often secure graduating seniors with solid job offers by September or October of the year preceding graduation. If your company isn’t ready to advertise, recruit, interview, select and make an offer nine months prior to the start date, you’ll risk being left with little in terms of quantity and quality. A long-term academic partnership can help you recognize and build relationships with rising talent well before graduation.

3. Open Up Your Cyber Workforce Talent Searches

Far too many companies overfilter the cybersecurity talent pool by asking for the moon in their job listings. The NIST data spelled out the talent supply situation clearly: While the national average supply/demand ratio for all jobs is about 5.8 workers per open position, the average in cybersecurity is only 2.3. Depending on the particular metro area, this supply ratio can even dip below 1.0.

In a fairly young industry, a long, fully developed resume is hard to come by. So unless you can offer sky-high salaries, you’ll have to readjust your expectations to meet the reality of the available talent pool. This means that few companies can afford to filter applications on all of their wish-list items; instead, you’ll have to take what you can get. For example, instead of placing an ad requiring a degree in cybersecurity plus certifications and 10 years of experience, pick one or two of these qualities to open the input filter and learn to evaluate potential and the right aptitude to step into a given job.

Similarly, companies sometimes paint themselves into a corner by limiting searches to particular geographic locations. Instead, seek talent across the entire country, and be willing to open up lines of negotiation around on-premises job requirements versus telecommuting. If telecommuting is a firm negative at your company, then consider your options: A study published in the Harvard Business Review (HBR) found that an extra $10,000 resulted in candidates being “about a half percentage point more likely to be applying to a job outside their home metro.”

4. Improve Your Talent Management and Workplace Culture

The HBR article also noted that workplace culture factors into candidates’ considerations around relocation. Good workplace culture includes solid leadership, strong core values reflected in the organization’s mission and fruitful professional development opportunities.

Companies should review their hiring approach to ensure a speedy human resources (HR) process that engages candidates soon after they apply, evaluates their qualifications via effective and inclusive processes, funnels them to the most appropriate teams and keeps them informed of where they stand through each step of the process.

But the work doesn’t end with hiring. Companies should also develop cyber talent management practices that create a positive environment for new recruits as well as seasoned employees. Organizations should also demonstrate how they value talent and knowledge sharing.

Whether your company is looking to fill entry-level positions or hire more seasoned security professionals, the limited supply of cybersecurity talent means that HR processes, expectations and recruiting tactics need to be more flexible than those in other fields. Your organization’s security depends on that flexibility.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today