October 6, 2016 By Douglas Bonderud 3 min read

Chief information security officers (CISOs) face a critical cybersecurity skills gap. Unemployment for security professionals has reached zero percent, and there are still more than 1 million open jobs.

CISOs are often at their wits’ end looking for ways to attract top IT professionals without breaking the budget or compromising the efforts of their existing IT team. One oft-untapped avenue is the marketing department. Here’s a look at the CMO’s role in the talent acquisition marketing of security experts.

A Growing Gap

The cybersecurity skills gap isn’t unexpected. Experts have been warning about talent shortfalls and offering dire predictions about the state of IT security for years. As noted by Forbes, the cost of hiring a security expect — if you can find one — is rising. Security professionals in Minneapolis, for example, enjoy an average salary of $127,757.

Where did this problem come from? Surely, companies must’ve seen the writing on the wall as both technology and security threats underwent exponential growth? In most cases, they absolutely did. But knowledge doesn’t translate directly into power.

While businesses could track the burgeoning need for IT talent, education and enrollment simply didn’t match increasing demand. Absent standards and a solid degree track, security effectively became a homegrown discipline, putting even more pressure on overworked IT admins and staff. For CISOs, meanwhile, the cybersecurity gap has led to a frustrating dance between overspending and sourcing new talent.

Recruitment Reimagined

So how can companies reinvigorate their talent acquisition marketing? It starts with the understanding that while CISOs and IT professionals know the ins and outs of company efforts and long-term plans, those on the outside often have no idea that legacy tech shops or historically manufacturing-driven companies are actually on the cutting edge of security.

Consider a recent General Electric advertising campaign. As Adweek reported, the American multinational conglomerate rolled out a new series of advertisements in which a new graduate and programmer, “Owen,” enthusiastically tells his friends and family that he’s landed a job at GE. The friends respond with a mixture of concern and confusion. Surely, Owen won’t be “changing the world,” as he says, or even working with computers. Chances are he’ll be swinging a sledgehammer or driving a train, right?

The ad campaign is a clever way for the brand to poke fun at itself and its reputation. More importantly, it recognizes that the public at large may not know what GE knows about itself: It’s a forward-thinking, technology-driven company that’s also a great place to work.

Talent Acquisition Marketing

Partnering with the CMO and marketing department may be just the push CISOs need to put a dent in the IT skills gap. Instead of assuming that corporate focus on IT security is a well-known fact, effective ad campaigns can help showcase the innovative efforts already underway. They also engender the perception that security professionals are highly sought-after sources of talent.

More importantly, however, effective ad campaign craft stories that clearly communicate corporate culture. With security professionals now able to pick and choose job type and location, companies need to produce more than just an advertising blitz — they need a mission statement that makes it impossible for new graduates to ignore the clarion call of CISOs.

A Wider Focus to Close the Gap

Ads are an excellent start, but other methods to boost hiring are also worth considering. CSO Online suggested a wider focus: Rather than writing job descriptions for the perfect candidate, CISOs should embrace the broader IT experience of employees whose skill sets might not match corporate needs but demonstrate the capacity to “manage projects and to act as a liaison between the technical staff and the business department.”

Another option is to invest in current talent. Existing IT professionals could take on a significant portion of the security workload with more time and training. While this may mean outsourcing less critical IT tasks, the payout in terms of logistical stress relief and long-term loyalty are often worth the cost.

For CISOs, tracking down the right talent is only half the battle. Convincing IT professionals to take the job is no easy feat when the world is their oyster. By partnering with the CMO, leveraging a fresh perspective on the organization and expanding hiring horizons, however, CISOs can bolster talent acquisition marketing to help bridge the cybersecurity skills gap.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today