As you probably know, employers face a lot of challenges in finding professionals in the cybersecurity job market. How can you face these challenges?
The shortage of available professionals in the cybersecurity job market is not a good thing. There is an uptick in cyberattacks, especially now that many employees work with their unsecured home networks. COVID-19 has taught us that recruiting qualified cybersecurity talent is essential. That is regardless of your industry.
As an employer, you’re probably wondering how can you attract and retain talent. Listed below are some of the most common challenges in the cybersecurity job market and how to face them.
Avoid Unrealistic Expectations
Many employers seek to fill entry-level cybersecurity jobs, yet asking for several years of experience. For instance, it is common for companies to require applicants to have a CISSP certification before considering them for an entry-level role.
However, the CISSP demands that candidates must have at least five years of cumulative, paid work experience. Thus, asking for a CISSP certification means that employers require five years of experience for an entry-level role.
As an employer, it is your right to ask for an experience. Yet, aspiring cybersecurity professionals need entry-level roles. These will allow them to learn and gain experience from others in the field. Hence, asking for experience for an entry-level role hinders the growth of the field.
For entry-level roles, create a job posting that will attract individuals that just completed their cybersecurity training.
Asking for the talent you don’t need
It is also common for employees to ask for unnecessary talent. Maybe they think that they will need that capability someday. Moreover, many hiring managers ‘cut and paste’ job posting from other companies. Doing so brings several negative impacts.
To illustrate, your company needs an analyst to help in traffic analysis. At the same time, you think that it would be great if they can do digital forensics. That is even though you realize that it is very unlikely that they would use those skills very often.
Doing so comes at an additional cost, including organizational costs for the tools a forensics analyst uses. Furthermore, a highly qualified specialist will unlikely enjoy doing traffic analysis since it is not their forte.
Conduct a job analysis to determine the required work tasks. Don’t just look for “nice to have” talent. Instead, ensure that your job posting reflects what your company really needs.
Asking for technical expertise when they are unnecessary
Cybersecurity is not purely technical. There are many cybersecurity roles that do not require technical skills. For instance, requiring someone to conduct security awareness training does not need a cybersecurity qualification. Such a role focuses on the competencies in developing and managing effective training.
Asking for technical skills that are unnecessary brings several implications. For instance, it will cause you to ignore someone with role-specific skills needed for the job. Moreover, the recruit will be dissatisfied with the lack of use of their technical skills. This will also draw down the technical talent pool in the cybersecurity job market.