As cyber criminals’ tactics become more sophisticated, the need for high-impact strategies to reduce the threat to your organization is vital. With 39% of businesses experiencing an attack within a year, hiring professionals who can mitigate the risk from within has never been more pressing.
Cyber security experts are more in demand than ever. In the UK alone, there are estimated to be between 100,000 and 150,000 unfilled cyber security positions currently. And despite government efforts, a national cyber skills survey found that half (51%) of all private sector businesses in the UK have identified a shortage of basic technical cybersecurity skills.
For a job function that barely existed a decade or two ago, skilled cybersecurity professionals are now in a position where they can call the shots. So how do you attract the best?
If you as an employer are offering good salary packages, working conditions, and compelling career progression opportunities, what more can you do to attract these professionals and protect your business from a growing threat? Here are three suggestions:
1. Target early
Global student news site Stunited has recently listed cyber security in the top six most high demand jobs in the UK. Consider recruiting practices that attract early-stage applicants. Explore in-person and virtual events to connect with students and invest in on and offline marketing strategies to target them at a stage when they are still considering the plethora of options for their future.
2. Diversify your target audience
In the UK 85% of cyber security practitioners are white, and 64% are male. It’s therefore important to widen the net to attract a pool of applicants from underrepresented groups. There are numerous benefits to having a diverse workforce. A 2017 Boston Consulting Group (BCG) study identified diversity as a key driver of innovation, finding that diverse teams produce 19% more revenue. Diversity also brings differences in ways of thinking and experience and has also been attributed to increases in productivity and a reduction in staff turnover.
3. Review your recruitment processes
Before you introduce policies to increase diversity, you need to know who is currently applying. Gather data on applicants to establish if you need to take proactive steps to attract specific groups – you can’t make rational business decisions without data.
Analyze job descriptions to eliminate bias so you aren’t deterring anyone. Review the language — are you unconsciously drafting job advertisements and application forms with a white male in mind?
Consider a post-application survey so you can establish what is appealing to recruits and what might cause them to drop out. You’ll be surprised how many people want to share their feedback because a negative job application process can deter an applicant for good, and you could be missing out on the best talent through ignorance. We implemented an Applicant Tracking System to understand the sources our candidates are coming from, see how diverse the candidate pool is (or not), and improve the candidate experience by being able to track how their process progresses and ends.
Once you’ve got these cyber professionals on board, you need to keep them. In an increasingly competitive environment, you want to ensure they are committed, and won’t be tempted by other companies offering something apparently better. But how will you know this? These two approaches may help:
1. Introduce regular feedback
Introducing continuous feedback is vital. Firstly, taking time to listen demonstrates recognition of psychological safety and helps them feel empowered. Holding sessions regularly provides a chance to share any concerns early so they can be addressed before they escalate. If you only have a standard annual performance review, you may lose that team member before they have an opportunity to air their grievances.
2. Ensure an open culture
Ensure feedback processes promote a culture of openness and authenticity. If the employee feels uncomfortable, the entire exercise serves no purpose. Perhaps it is establishing an informal coffee outside of the office, rather than an intimidating formal meeting. Offer an objective ear — perhaps the team member doesn’t want to share their concerns with their line manager but will be more open and honest with someone they don’t directly work with.
The day-to-day work environment should also promote a culture of openness and idea-sharing. The best cyber professionals tend to be inquisitive and eager to learn so giving them the chance to evaluate or work on new projects to ‘feed’ this natural curiosity will help them feel valued and fulfilled.
At our company, we’re on an ongoing and evolving journey in terms of diversity and inclusion but are already seeing an impact when it comes to filling cyber roles.
Since we introduced HR policies including refining job descriptions and widening our candidate search, we’ve seen an increase in underrepresented groups applying, and are seeing improved efficiency amongst hiring managers as a result of finessing our procedures.
We see diversity and inclusion as a learning journey, but we’re on the right track. In the fight for the best cyber professionals, the companies that demonstrate an open mind and objectivity as well proactive steps to reach and appeal to a diverse pool, are the one that will be rewarded.