Few industries face a skills shortage as severe as cybersecurity. Currently, there is a crippling shortage of more than 4 million cybersecurity experts, and cyber attacks are reaching record numbers. For example, we recently saw the ‘mother of all breaches’ causing widespread chaos with 26 million stolen records.
Given these challenges, you would expect recruitment strategies to adapt to bridge this gap. However, our recent research tells a very different story, with IT and security professionals arguing that recruitment processes are not fit for purpose when it comes to evaluating the right skills of candidates.
We are at a real turning point in cybersecurity, and the only way to turn the tide is through a rapid overhaul of recruitment processes.
CEO and founder of Hack The Box.
The administrative burden that plagues recruitment
The overarching problem with today’s hiring processes is simple: there is an excessive reliance on college degrees as a measure of success for early candidates.
Cybersecurity and IT professionals are calling for this to change. In fact, when we spoke to 3,000 professionals in the US and UK, they made it clear that they prioritize practical skills and experience over traditional education for newcomers entering the sector.
This doesn’t mean that candidates with a college degree aren’t worthy; it’s that companies are overlooking a hidden pool of talent that lacks formal qualifications. These individuals are ‘self-taught hackers’ or cyber enthusiasts who educate themselves through online training, CTFs or bug bounties.
As a former ethical hacker, I learned most from hands-on experience and winning hacking competitions. To be successful, you must prove that you can think outside the box and develop a hacker mentality rather than just a list of qualifications.
How can the system evolve with this in mind?
Focus on the practical
For starters, companies and hiring processes should place more emphasis on the industry certifications and hands-on upskilling methods that candidates have obtained when compiling job descriptions, requirements, and reviewing resumes.
During the interview process, it is critical that the structure focuses on practical assessments so that candidates can demonstrate their expertise and mindset through hands-on tactics.
So present candidates with hypothetical scenarios and assess their problem-solving approach. Look for candidates who demonstrate a hacker mentality and the ability to handle high-pressure situations.
Companies shouldn’t rely solely on recruiters and external sources. If you want the right cyber talent, you have to build it yourself by running internship programs and encouraging apprenticeships to advance the skills of young cybersecurity and IT talent.
Companies can also consider existing talent within their IT management or engineering teams, who could demonstrate a talent for troubleshooting and cyber, and work with them on a potential career advancement.
Recruitment cannot work successfully in a silo
It is clear that there is currently a disconnect between recruitment policies and recruitment, and what the cyber and IT professionals on the ground want.
Successful recruitment requires recruiters, HR and talent teams to work with cybersecurity industry professionals to develop effective recruitment strategies and take a more creative and practical approach to assessing candidates.
Cyber experts should absolutely play a role in crafting job descriptions that accurately reflect the actual responsibilities of the position, to ensure that a suitable person is hired for the position.
Don’t forget your existing team
Closing the cyber gap is no easy feat and robust recruitment strategies are needed to close this gap. But this doesn’t mean you should forget about investing in your existing team.
It is now paramount that organizations consider how they promote morale, wellbeing and nurture talent within their teams.
Our cybersecurity and IT professionals need to be inspired and challenged, and they need a transformative, creative and engaging approach to upskilling to keep up to date with the latest threats and thrive in their careers.
Cybersecurity is not only a fulfilling career with opportunities to fend off cybercriminals and keep businesses afloat, but also a lucrative career with ethical hackers in the UK earning an average of £58,000 and up to as much as $120,000.
Companies need to take advantage of this and the untapped talent waiting in the wings to join the industry, but to do this the recruitment process needs a major facelift. This is not a nice to have, it is a necessity for cyber teams in 2024.
We’ve highlighted the best website for hiring niche workers.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro