December 26, 2018 By Christophe Veltsos 4 min read

As 2018 draws to a close, the state of the cyber workforce can be summed up in two words: “Help Wanted!”

The numbers prove it: In November, the National Institute of Standards and Technology (NIST) released updated workforce numbers through its CyberSeek security jobs heat map. According to NIST, there were over 313,000 job openings from September 2017 to September 2018, not including the security professionals currently employed.

Just a month earlier, the International Information System Security Certification Consortium (ISC2) released its yearly “Cybersecurity Workforce Study,” in which it estimated that there were nearly half a million open jobs in North America. According to the report, 63 percent of respondents deal with challenges related to a shortage of dedicated cybersecurity staff. Nearly six in 10 organizations reported that this talent shortage puts them at moderate-to-extreme risk.

If your organization is looking to hire cybersecurity professionals, it’s likely to meet fierce competition for the limited talent supply. That’s why hiring managers need to get creative to get ahead. Here are four out-of-the-box strategies to help your organization bridge the skills gap and hire top-tier cybersecurity talent in 2019.

1. Explore Scholarship Offerings

If you have entry-level cybersecurity positions available, you can find nascent talent in the many regional colleges and universities that dot the landscape. A booth at the career fair might help plant a few seeds, but it won’t necessarily bring qualified students in droves. There’s a lot of competition for students’ attention these days, and unless you’re a thoroughly established household brand, you’re going to have to roll up your sleeves a bit and find ways to make a connection.

As many students struggle with increasing student loan debt, one way to get their attention is through by offering scholarships. Most institutions will be happy to work with you to select students that meet your criteria. Not only will your contributions expand the emerging cybersecurity talent pool, but as students approach graduation, they’ll remember those scholarships and, more importantly, your company.

2. Initiate Academic Partnerships

If money for scholarships isn’t available, you can make an indelible mark on young minds by developing educational partnerships with instructors. Most college professors recognize the incredible value external speakers bring to the classroom to infuse the curriculum with real-world projects and issues. A great benefit of regular interactions with relevant courses and students is early access to talent; you can get to potential job candidates well before your competition sits across the table at the next career fair.

Sustaining regular interactions with courses creates a solid knowledge base, but most students want or are required to work an internship before graduation. Although summer internships are the norm, many schools have flexible programs that can span or extend into fall and spring semesters. To further diversify the talent pool, consider creating an apprenticeship program to select and grow your workforce.

Competition for talent is so strong that hiring managers often secure graduating seniors with solid job offers by September or October of the year preceding graduation. If your company isn’t ready to advertise, recruit, interview, select and make an offer nine months prior to the start date, you’ll risk being left with little in terms of quantity and quality. A long-term academic partnership can help you recognize and build relationships with rising talent well before graduation.

3. Open Up Your Cyber Workforce Talent Searches

Far too many companies overfilter the cybersecurity talent pool by asking for the moon in their job listings. The NIST data spelled out the talent supply situation clearly: While the national average supply/demand ratio for all jobs is about 5.8 workers per open position, the average in cybersecurity is only 2.3. Depending on the particular metro area, this supply ratio can even dip below 1.0.

In a fairly young industry, a long, fully developed resume is hard to come by. So unless you can offer sky-high salaries, you’ll have to readjust your expectations to meet the reality of the available talent pool. This means that few companies can afford to filter applications on all of their wish-list items; instead, you’ll have to take what you can get. For example, instead of placing an ad requiring a degree in cybersecurity plus certifications and 10 years of experience, pick one or two of these qualities to open the input filter and learn to evaluate potential and the right aptitude to step into a given job.

Similarly, companies sometimes paint themselves into a corner by limiting searches to particular geographic locations. Instead, seek talent across the entire country, and be willing to open up lines of negotiation around on-premises job requirements versus telecommuting. If telecommuting is a firm negative at your company, then consider your options: A study published in the Harvard Business Review (HBR) found that an extra $10,000 resulted in candidates being “about a half percentage point more likely to be applying to a job outside their home metro.”

4. Improve Your Talent Management and Workplace Culture

The HBR article also noted that workplace culture factors into candidates’ considerations around relocation. Good workplace culture includes solid leadership, strong core values reflected in the organization’s mission and fruitful professional development opportunities.

Companies should review their hiring approach to ensure a speedy human resources (HR) process that engages candidates soon after they apply, evaluates their qualifications via effective and inclusive processes, funnels them to the most appropriate teams and keeps them informed of where they stand through each step of the process.

But the work doesn’t end with hiring. Companies should also develop cyber talent management practices that create a positive environment for new recruits as well as seasoned employees. Organizations should also demonstrate how they value talent and knowledge sharing.

Whether your company is looking to fill entry-level positions or hire more seasoned security professionals, the limited supply of cybersecurity talent means that HR processes, expectations and recruiting tactics need to be more flexible than those in other fields. Your organization’s security depends on that flexibility.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today