How to woo cyber security Experts - More than Money

cybersecurity-experts

Nowadays cybersecurity experts are in high demand. Millions of jobs are vacant and need to be filled, yet most firms can't keep the talented employee. Why? Because employees want to know that they are valued and that the firms they work for taking security seriously.

Current cybersecurity experts are spoiled for preference, which means that the firms looking to fill these responsible positions need to offer more than a competitive salary both to keep the experts they have and woo new candidates.


Yes, it's two-fold. Even if current employees aren't looking to switch jobs, one call from a recruiter could lure them into giving a new position some serious thought. And recruiters are reaching out, multiple times a day, every day.

In addition, the 2018 (ISC)2 Hiring and Retaining Top Cybersecurity Talent report found that most currently employed cybersecurity professionals (70%) are open to a change despite having no plans to begin a job search in 2018.

That means that the majority of cybersecurity employees have a price. But for cybersecurity professionals who are willing to be swept away by a recruiter, money most likely won't buy their favour.

What do they want, then? Not surprisingly, there's a great deal of value placed on some of the softer skills. Current professionals are more attracted to companies that demonstrate a willingness to listen to cybersecurity employees' views. But to even get those people in for an interview, you need to first have clearly defined job responsibilities.

A word of caution — a lack of clarity in a job description implies the organization doesn't understand security. When hiring managers use vague language to craft descriptions that don't seem to accurately reflect the job, that's a red flag for job seekers.

Whether you are looking for someone well versed in cyber security strategy, cyber security management, user education, risk assessment or security operations, be clear about the skills needed and avoid ambiguity about the role.
Value the everyday skills

Our research also found that most professionals seem to be struggling to find the time for user awareness training, so one way to woo the best cybersecurity professionals to your team is to value the importance of having a quality user awareness training program. Don't stop there, though.

Here are a few more ways that you can avoid turning off a seasoned cybersecurity jobseeker.


  • Be clear. Write incredibly clear and specific job descriptions. Make sure that the required skills match the actual role. But, keep in mind that not all candidates can deliver every skill. Additionally, job seekers want to see that responsibility for cybersecurity is clearly defined among the CIO, CISO or other offices.
  • Be realistic. Recognize the limitations of what a single candidate can bring to the table and be smart about building a well-rounded cybersecurity team across skill sets and disciplines.
  • Go beyond technology. Job seekers want to protect people and their data. In order to attract them to your organization, you need to view cybersecurity more broadly than just technology. Those who invest in training and certification for cybersecurity employees will reap the rewards when candidates make the final decisions of where to set their roots.
  • Be real. Don't just talk about valuing security. Be real about your security goals and invest in the people and technology that will bring those goals to fruition. Professionals are looking to see how quickly you've responded to incidents, how efficiently you've handled remediation and how high employee awareness levels are. You can't fake that data.

First published on CIO Dive

Comments