Hiring security gurus: 3 strategies to find scarce talent

Hiring security gurus: 3 strategies to find scarce talent

The battle for security talent rages on: Are you looking at too small a pool of candidates?

46 readers like this


August 14, 2018
CIO Magnifying Glass

Within the broader tech skills race there’s a particular type of talent that can be especially difficult to find: Security pros.

By most analyst estimates, demand for security talent far outstrips supply. Frost & Sullivan predicts that there will be 1.5 million unfilled cybersecurity jobs worldwide in 2020. A different report from Cybersecurity Ventures projects an even greater gap: 3.5 million unfilled cybersecurity positions by 2021.

It’s not like IT leaders can run and hide from the bad guys; the threats are real, and they’re continuous. Moreover, yesteryear’s security playbook no longer suffices; the era of hybrid cloud, containers, and other modern technologies demands evolving traditional approaches and processes, as well as a healthy security culture.

[ Read DevSecOps: 7 habits of strong security organizations ]

Unless you can back up a Brinks truck and pay security talent whatever they want (must be nice,) you’ll need to be more creative in your talent identification, recruiting, and hiring.

You’ll also have to remind your whole hiring team that security talent is sometimes cut from a slightly different cloth than other IT pros. In fact, let’s start right there as we dive into several strategies for finding security talent in a hyper-competitive market.

[ Are you speaking the wrong language? See How to talk to normal people about security. ]

1. Get boots on the ground in your talent identification 

So much of the initial phases of recruiting and hiring happens online these days that you could almost forget: You’re looking for actual people, not just resumes or online profiles. That’s not to bash the web: Sites like LinkedIn, GitHub, and plenty others can be very useful for recruiters and hiring managers – and job-seekers, of course – and the digital age has made it easier than ever to cast a wide net for talent.

But if this is your go-to sourcing strategy for security talent, your net has some holes in it.

"Security talent isn’t as likely to post a resume online or utilize online job boards."

“Unlike other professionals, security talent isn’t as likely to post a resume online or utilize online job boards,” Jim Halpin, lead technical recruiter at LaSalle Network. “Many don’t have LinkedIn profiles either, so it’s really important [that] companies are networking and meeting these people in-person or through their connections.”

Halpin notes that good security people are commonly active within the IT community and regulars at local meet-ups, conferences, and other industry events. If you (or someone on your team) isn’t there, too, you’re missing out.

“Research conferences or meetups in your area specific to technology or security and make sure your company has a presence in order to meet potential candidates,” Halpin advises.

2. Get the word out that your company pays for training

If you invest in your people’s skills and careers in the form of company-paid training or education – and there are plenty of reasons you should –  make sure you and your team make that known in the broader security community.

“One uncommon way to get the word out about your company is to send team members out for training and have them share the news that your company cares about training,” says Brian Wilson, CISO at SAS. “We often run across candidates who haven’t had the benefit of company-paid training, and we use this as a selling point for new hires at SAS. Don’t underestimate the power of word-of-mouth messages that are shared by colleagues face-to-face and through social media.”



Comments 0
Kevin Casey writes about technology and business for a variety of publications. He won an Azbee Award, given by the American Society of Business Publication Editors, for his InformationWeek.com story, "Are You Too Old For IT?" He's a former community choice honoree in the Small Business Influencer Awards.

7 New CIO Rules of Road

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Mike Nelson
December 14, 2018

As the saying goes, "the only unfair fight is the one you lose.” When companies deploy  

Submitted By Carla Rudder
December 14, 2018

Make taking personal time a priority for yourself and your team this holiday season. Three leaders share strategies

Submitted By Gordon Haff
December 13, 2018

You need to encourage experiments  – without people living in fear of the blame game. Four factors will prove crucial: Scope, approach, workflow, and incentives.


Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.