For over a decade, businesses have weathered one of the most challenging cyber security talent hiring environments in history. It’s a phenomenon driven by two factors: a shortage of skilled workers and rapidly advancing technology that hampers efforts at producing trained job candidates. However, something unusual has been happening in the labor market lately. Increasing economic headwinds are leading to sharp declines in tech job postings. That’s creating a rare opportunity for businesses to fill long-open cyber security positions as available workers confront dwindling job opportunities. Here’s how companies can take advantage of the situation.
Triage Skill Needs
Since there’s no way to know how long the present lull in tech hiring might last, businesses need to work to maximize its advantages. The first step is to triage their skill needs. That’s because, even in the current environment, some roles will remain harder to fill than others. By separating skills needs into must-haves and nice-to-haves, it becomes easier to build a recruiting strategy.
After creating a triage list, it’s helpful to compare it to an updated list of in-demand cyber security skills. According to available data, the most challenging roles to hire for, even now, are those that require a mix of technical and compliance know-how. Most of those fall within governance, risk, and compliance (GRC) positions. As a result, those jobs aren’t good candidates for recruitment through traditional channels. They’ll require their own separate strategies beyond simple opportunism.
Create a Reasonable Hiring Budget
Unfortunately, the present economic headwinds don’t necessarily lend themselves to staff expansions. So, it may be necessary to reallocate funds from other business needs into a new cybersecurity hiring budget. For most companies, making such moves will be worth it in the long run because it allows them to take advantage of this time-limited hiring opportunity. However, creating a realistic budget requires data. For that, gathering salary information from companies like PayScale and comparing it to current public job listings helps.
When dealing with a limited hiring budget, it’s a good idea to allocate as much of it as possible to lower-level cyber security positions. That should help alleviate pressure on understaffed teams, which are a persistent problem for most organizations. Also, it’s always possible to upskill workers once you bring them aboard. If there’s enough money left after that, it can go toward filling one or two high-value positions.
Drop Any Aversion To Poaching
While creating a recruitment strategy, it’s vital to recognize that the cyber security industry writ large no longer adheres to the classical rules of fair play. Where businesses once avoided deliberate efforts to poach workers from one another, that’s no longer true. At last count, almost 60% of companies reported losing cybersecurity staff to job offers from other firms. So, it’s well past time to take the gloves off when filling cybersecurity roles. That’s especially true right now, as better-resourced firms will almost certainly use a looming economic downturn as ammunition to deepen their talent benches.
Be as Flexible as Possible
Finally, it’s essential to recognize that, even in this advantageous hiring moment, the highest-skilled workers still won’t be easy to recruit. To help with that, it’s wise to build some flexibility into any advertised job roles. For example, if any of the roles don’t require an employee’s physical presence, consider opening it to remote workers. Or, for cyber security jobs with high time demands, consider offering flexible scheduling. That can take the sting out of occasional long shifts and make them less of an obstacle to hiring. Also, many of the world’s biggest companies are scaling back or eliminating employees’ remote and flexible scheduling options. By going against the grain, you can become a destination employer for top talent.
It’s also a good idea to give preference to candidates with real-world experience or hands-on training. Due to the rapid pace of development in cyber security and its related technologies, the vast majority of degrees in the field are of limited use. However, the largest organizations still make them a prerequisite for hiring. By dropping such requirements, it’s possible to tap into a much broader and equally talented labor pool.
It’s Now or Possibly Never
The problem with economic uncertainty is that no one knows how long it will last. Hiring conditions in the cyber security labor market may revert to their previous pattern at any moment. So, it’s a good idea to put the above tactics into action as soon as practical. By moving fast, it may be possible for cyber security talent-starved businesses to remedy some of their longest-standing skill deficiencies once and for all.