Overcoming the challenges of recruiting cyber security experts

James Flew of Metzger Search and Selection discusses how the global threat of cyber crime and a lack of cyber experts is a recruitment pressure cooker when sourcing senior cyber talent

Cyber security. Everyone is talking about it and, without a doubt, it has become one of the most significant threats to global business in 2018 and beyond. The peculiarity of cyber crime is that it’s a threat to all businesses regardless of size. When you have an organisation that employs others, holds confidential client data, accounts, personnel files, business plans, confidential project information, if any of it is breached, then the company is vulnerable.

The UK government stepped up the pace in the battle against cyber crime at the beginning of 2017 by promising to spend £1.9bn on protection. More than ever, our economy’s healthy growth is going to depend, in large part, on key decision makers who can strategise against immediate and long-term cyber threats.

Recognition of the risk is all very well, however, the significant problem of skills shortages in the industry makes the task even harder. Over 90% of tech employers realise that there’s a shortage. According to the most recent Global Information Security Workforce Study from (ISC)2,  the growing gap will culminate in a skills shortage of 1.8 million professionals by 2022.

According to a survey carried out by CW Jobs, 53% of workers do not receive cyber security training and 23% would not feel confident to handle a major cyber security breach. Despite the Chancellor’s additional funds pledge in the Autumn 2017 Budget, to accommodate future training, it doesn’t solve the problem for the present.

So how do we, as recruiters, help our clients when it comes to fulfilling the cyber security personnel requirements from a dwindling pool of experts? Companies have a need, but CEOs may not be aware of the difficulties of finding senior cyber security experts to plan and execute the required protection of their companies. Therefore, the recruiter must be resourceful, creative and mostly tenacious to help them achieve this.

Finding the talent

Embrace diversity in hiring strategies: diversity will play a crucial part in talent search strategies. Hitherto unprioritised in the corporate world, a change in culture, growing respect for equality and meeting professional demand will change the recruitment landscape.

Don’t look for perfect, look for potential: when your supply is short, sometimes you have to be proactive and develop the talent that you need. If you find individuals with passion, basic knowledge and qualifications, aptitude and a desire to learn, then train them to be the expert that you need.

Communicate with the candidates: once the research has been executed about the client, then we approach and negotiate with a well-researched candidate. It’s important to make these approaches with appropriate motivations on offer. It requires us as recruiters to be creative, patient and armed with rock solid data. Furthermore, we must be able to relate to the candidate, and communicate in a language and manner that they will respond to positively.

As far as senior professionals are concerned, in any industry, if they have reached a certain level of tenure, they may not be considering a change of career, or they know that they are very valued just where they are and prefer to stay there. In recent surveys salaries are going to be raised by at least 7% as a financial incentive to help fill the vacuum. Other industries who need their services may have to follow suit. Financial remuneration remains an effective incentive in any sector.

Trust your recruiter: making senior appointments always requires careful planning. These roles call for shapers and strategists. Right now, in cyber security, one might say that exceptional talent is required to manage the pressing risk of cyber threat with limited sources of qualified staff. Concurrently, they must manage raising the standard through rigorous training programmes. It’s a lot to balance.

For recruiters, rigour also plays a significant role in the crafting of a structured search strategy to find these individuals. Since there is a shortage in expertise, especially at senior level, engaging an external consultancy like ours to manage the search process is often the route taken.

The experienced recruiter will focus on extensive research, accessing a network of referrals and recommendations, along with a thorough understanding of the client organisation’s needs.

How to attract

Attracting the best from a small pool may mean having to make well-tailored, but unconventional approaches. As recruiters, we must differentiate ourselves in the market to find the expertise and talent, talk to them and persuade them to consider an offer when they’re in such high demand.

In my experience, that means being professional, honest, transparent and being part of the process from the offer to the change of role. Professionals in the cyber security sector, know their worth; they work in very engrossing environments in a highly demanding profession, so making the whole recruitment experience as painless as possible is a substantial part of our job. Despite some shared traits, not every candidate is the same and each will be persuaded by different factors. A good reward package may be a priority or more professional challenges; different sectors or geographical locations are other persuasive factors.

It isn’t a process to be rushed, however it is a negotiation that must be undertaken with consideration, discretion and mutual respect for both parties involved. This is especially relevant if the candidate being approached is already employed by a competitor.

The tech is one part of a whole candidate

While negotiating with candidates from highly technical backgrounds, as well as evaluating them on ‘hard’ criteria, (qualifications, technical expertise, education and previous job experience), it’s important to assess the cultural compatibility. Are they capable of communicating with colleagues, being leaders, investing themselves towards real change and development? Can they command respect from the board and other managers?

As recruiters, we are the first to assess that cultural fit. Quite often these leadership partnerships fail because the human factor doesn’t work regardless of technical expertise or qualifications.

Our strategy entails looking for the well-rounded professional, rather than just the technician. Where a cyber professional has progressed to director, or higher, they will have developed a broad range of abilities rather than their specialism alone. This includes interpersonal skills, business and financial strategies, corporate governance, marketing and human resources.

The trade craft can be taught but there are other aspects that can’t, such as

  • good people skills
  • good business common sense
  • being a completer/finisher
  • effective communication skills

Even though cyber security recruitment is being overshadowed by a high demand versus a low supply, the basic, sound recruitment rules apply. We invest ourselves in our clients’ brief, building trust, making informed decisions with the help of hard data and empathy for both parties in the negotiation. The human element is a very important part of our role. Moreso with the challenging global brief of finding experts, where there are very few. Helping to reveal attributes as well as skill is going to be harder. Our clients need to be aware that this conundrum exists and has potentially serious implications for their businesses if they don’t start addressing it now.