Recruiting cybersecurity professionals. PHOTO: Cybercrime Magazine.

Why Cybersecurity Professionals Switch Jobs… And How To Recruit Them

Top candidates value happiness over money

Deidre Diamond, founder & CEO, CyberSN

I have worked side by side with technologists and cybersecurity professionals for over 20 years and have experienced firsthand the challenges these individuals face when it comes to hiring. I have consistently felt the pain that occurs when a team is overworked and understaffed. People often ask me why more isn’t being done to change the way that we hire. This is an issue we must address, especially at a time where there are more than 1 million open cyber jobs that need to be filled.

For me, it doesn’t boil down to a single answer. It involves addressing common challenges and paying attention to detail. I’ve outlined below what I see as the biggest challenges the cyber industry is facing in terms of hiring and retainment, along with some questions I frequently get asked about myself and the industry.

1. How did you get your start in cyber?

I worked for the founder of Rapid7 at its technical staffing agency for 13 years. In 2006, I was asked to take the transactional sales model I had built in Technical Staffing and create the software sales team for Rapid7. This included business development, account executives, sales leaders, sales engineering and customer success. I was with R7 for four years and took them from 800K to 50M in recurring revenue. I also built the staffing department.  There were 19 people when I started and 250 when I moved on to begin my career as a CEO.

2. What do you foresee as the biggest challenges when it comes to cyber hiring?

Existing job postings are unrealistic, unclear and do not accurately reflect the day-to-day responsibilities. There is also lack of budget to hire more cyber professionals, creating environments where individuals are doing the work of multiple roles. This often results in fatigue and burnout, and is a contributing factor to talent attrition, which is currently at an all-time high.   The combination of unclear job postings, burnout and fatigue is compounded by how long it takes internal recruiting teams to decide to engage external staffing services. This again is caused by lack of approved budget, in this case to hire specialized cybersecurity recruiters. What isn’t the problem is the shortage of the cybersecurity workforce; according to LinkedIn, 89 percent of the marketplace is looking, yet the numbers say that they don’t respond to job postings because they don’t understand the job.

3. What steps do you recommend taking to address these challenges?

One of the major steps that hiring managers can do to improve these challenges is to fully understand what the role you’re hiring for will do on a day-to-day basis. Cybersecurity jobs are complex; there are at least 35 job categories with over 150 titles. Job seekers today don’t respond to ads because they don’t understand what the company is looking for and they aren’t desperate to leave their current position. These are passive job seekers. They aren’t willing to sneak out for a call with a recruiter or a company that doesn’t put effort into their job descriptions. Being able to easily and effectively communicate job roles and responsibilities matters to passive job seekers. It lets them know that we speak and understand cyber. When jobs are defined clearly, passive job seekers can self-select and apply.

4. What is the #1 thing that hiring managers, HR and internal recruiters should know about recruiting cybersecurity professionals?

The majority of cyber professionals are looking to leave their current employment because there is a lack of growth or succession plans. This causes cyber pros to believe that their company does not take cyber seriously. If you want to hire these people, show them you have a career and succession plan for the entire department.

5. If I was a cybersecurity company looking to make changes to the way I hire, what is the first thing I should do starting today?

Define the job clearly and create an effective and efficient hiring process. Do not start recruiting and posting ads until both are in place and clear. Identify exactly how this person will spend their time. For instance, what tasks and projects will they work on for what percentage of their day? Then, identify no more than three people to interview. Be prepared to make offers quickly and take note of the entire compensation plans these candidates are currently receiving so you can make a competitive offer that gets accepted.

6. What is the #1 thing that people who are looking for a job in cybersecurity should know?

Look for a company that cares about your happiness. We see most people move not because of lack of money, or the desire to make more money, but rather because they don’t feel heard, supported or encouraged by their leadership to grow their careers. You can find a place that will support your professional development, personal happiness, and will compensate you well—if you do not settle.

I want to leave you all with this. In my experience of building organizations, it is the following operational actions that allow for constant development of skills, consistent financial growth and love in the workplace:

  • Measurable expectations and goals
  • Clear career path models
  • Consistent training
  • Competitive income
  • Transparent/accountable leadership
  • Integrity
  • Listening-focused leadership
  • Honest communication
  • Win/Win conversations
  • Making agreements skills
  • Honoring agreements skills
  • Creating a place for fearless communication
  • Creating constant and positive environmental change
  • Consistent performance feedback
  • The ability to make mistakes and learn

When implemented, these operational business actions create cultures that perform at high levels—meaning people are inspired, happy and LOVE their jobs! This wonderful feeling makes for explosive performance and results in long-term retention of talent. This is win/win employment.

Let’s aim to overcome these common cyber hiring challenges and create an industry where organizations are empowered to support cyber professionals, and those professionals in turn feel fully supported by the organization they are a part of. Let’s communicate powerfully and think in terms of win/win!

– Deidre Diamond is founder & CEO at CyberSN, and founder of #brainbabe. 

CyberSN, founded in 2014, specializes in permanent and contract staffing for cybersecurity, information security and security sales professionals. With a national and international reach, CyberSN dramatically decreases the frustration, time and cost associated with job searching and hiring for cybersecurity professionals. 

#brainbabe is a thought leadership platform dedicated to increasing the hiring of women in the Cyber Security and Technology professions, while also supporting those already in the professions with a communication framework that will advance and empower both women and men in the workplace.



Send this to a friend