June 29, 2018 By Kacy Zurkus 4 min read

The job market today is tighter than it’s been in two decades, and the IT talent shortage is intensifying. Organizations are having more trouble than ever hiring IT professionals with security experience — and candidates are turning down new positions left and right.

The typical scenario: A candidate submits a resume and references, sits through interview after interview — and then waits for an offer letter. Before long, he or she begins to wonder whether the job is the right fit. Then, when the job offer finally arrives, the candidate decides to pass.

The problem: The hiring process is impersonal. With so many competitors vying for scarce talent, employers must make hiring more consultative.

Size Matters When Hiring IT Professionals

“Working at a startup, the process is very personal,” said Ben Gregg, talent manager at mobile telematics firm TrueMotion. “In fact, it’s very rare for me to ever make an offer and have it turned down.”

This intimacy tends to diminish once companies start to grow, however. Larger organizations often feel the need to set up checks and balances, which typically involves a system for getting things approved.

“If it’s not done well and there are multiple stages of approvers — hiring manager, HR [human resources] approver, business unit approver, finance approver — and only one approver designated for each stage, the process can get bogged down,” Gregg said.

Consider the impact on timing that would result from just one of those people dropping the ball. Even worse, think about those larger organizations in which the CEO has to approve all hires. The process can become painfully slow for all parties involved — particularly for companies that have established specific days of the week for handling hiring approvals.

In some organizations, an approval request can only find its way onto the list if it is submitted by a specific day. For example, hiring managers who miss a Friday deadline for a Wednesday approval must then wait an additional week before the request gets on the list, pushing the offer date off by nearly two weeks.

Getting the approval needed to even present the offer can sometimes take up to six signatures — far too long a wait for candidates that are in high demand. A multistage approval process will inevitably have roadblocks.

“It’s crazy,” said Deidre Diamond, founder and CEO of CyberSN, a cybersecurity staffing agency. “It can be something like the CEO is on vacation or the company needs to do an audit, so that puts everything on hold.”

Meanwhile, the candidate has been ready to go for two weeks.

How Can Hiring Managers Personalize the Recruitment Process?

Whether it’s a new reality driven by a workforce largely populated by millennials or a function of changes in social norms, candidates don’t want to sit through a grueling interview process in which they regurgitate the same work experiences they have detailed on their resumes.

“Candidates want to know the vision of the company and the team, yet those are the two things that hiring managers leave out all the time,” Diamond said. “The company that wins is the one that delivers the candidate the greatest understanding of what they are doing every day, what everyone else is doing and how it all leads to an overall plan.”

Short of knowing where they fit into the vision of the company, most interviewees aren’t tremendously motivated to leave their current positions and risk walking into chaos. Instead, they are using the interview process to vet companies. Therefore, companies must create what Diamond called a “crystal ball” — where candidates can envision what they are doing, what the team is doing and what the company is doing.

The hiring organizations that wait until the offer letter is on the table to paint that picture will likely have a slim chance of closing the deal. In today’s market, according to Nick Cromydas, co-founder of recruiting platform Hunt Club, companies looking to hire are fighting a war over great people.

“It’s about building relationships first as opposed to treating the hiring process as a transaction,” Cromydas said. “The very first conversation should be getting to know the person who might be joining the team — asking questions about their career ambitions, not their work experience.”

Time Is Not on Your Side

It takes time to properly communicate what the company is offering, yet Diamond and Cromydas agreed that time is the greatest obstacle to getting the job offer right. Most organizations don’t look at the big picture of the process because they have neither the bandwidth nor exceptional managers who prioritize the process.

“It’s hard to break away and do it right unless it is a priority, which happens when you have the right talent acquisition leaders,” Cromydas said. “What people have been doing needs to be radically rethought and reformed for success in tomorrow’s world.”

The process is broken.

Instead of having five people asking questions that are all over the map, Diamond stressed that hiring managers need to understand what they should communicate about the company collectively.

Consider the following questions for your communication strategy:

  • What story is your company selling?
  • Is it a true story?
  • How does each person involved in the process contribute to telling this story?

This is all the upfront work that takes time, which is one resource that many organizations don’t have.

Hiring managers must start to see the interview and recruitment process as a sales opportunity. This shift means everybody — from the C-suite to the HR department — has to be on the same page.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today