Barclay Simpson
Accessibility Links

How to hire cyber security professionals in the current climate

23 / 11 / 2020

The unprecedented impact of the pandemic and the mass move to remote working has pushed many businesses to examine their cyber security defences and offering. Whilst taking this opportunity to examine their priorities and look at where their resources were being best deployed, many have realised they need more skilled talent and support than they currently have in their teamsMany organisations have increased their security budgets as the need to hire talented cyber security professionals is greater than ever. 

 

"During this crucial time, IT service must remain connected and remote, with security and privacy considered paramount as firms continue to invest in digital transformation. As such, we have seen several clients 'ring-fence' security and privacy recruitment, even while other business areas have put hiring on hold or introduced blanket hiring freezes. This has allowed recruitment to proceed as normal, utilising video conferencing facilities to carry out ‘face-to-face’ interviews concluding in offers and onboarding. Security requirements and responsibilities can be very vast and can wear many hats. This can mean the job specifications could become a ‘Wishlist’ or unrealistic expectation to find that ‘unicorn’.  You need to do things right at the very beginning. It is a lot easier to do it correctly at the very start and ensure all stakeholders are aligned to the role requirement. It is very expensive (both in cost and time) to amend at the end or get the process wrong.Any critical hire being signed off, is being highly scrutinized from senior management with the emphasis to hire the right person first time, is more important now than ever” 

 

 - Luke Pulsford, Lead Recruiter Security GRC, Data Privacy and Security Consulting at Barclay Simpson

 

Barclay Simpson has taken this opportunity to share what information security departments should consider when hiring cyber security professionals in the current climate. 

 

Three things to consider when hiring Cyber Security professionals

 

 Budget increases in cyber security measures 

 

Many organisations across a wide range of sectors are increasing their budgetary spend on cyber security. According to Microsoft, 58% of business leaders have increased their budget spend on security measures. 

 

Spending on information security and risk management technology has grown from $120.9 billion in 2019 to 123.8 billion in 2020. This significant increase is, however, lower than the total cost of data breaches, which implies that security budgets -- and likely resulting staff augmentation strategies -- will continue to increase. 

 

 The talent shortage is getting worse 

 

Despite the wider employment downturn, cyber professionals have generally been excluded from the pool of recently redundant staff. With many SMEs looking to build their cyber security function from the ground up and larger corporations looking to bolster theirs, an even further shortage of skilled and proficient talent has become apparent, making competition that much higher when recruiting.  

 

 You’ll need to adapt to a remote hiring strategy 

 

Whilst initially starting off as an emergency measure to protect employees from the pandemic, remote working has become the norm for many organisations and recruitment has, in many instances, been adapted to follow suit. However, this poses a few challenges when it comes to information and cyber security roles:

  •  Recruiting can take longer to finalise as video interviewing can make assessing cultural fit and personality more difficult; this can result in additional interviews required
  •  Onboarding can become harder and will require more planning as there isn’t the immediacy of being in the office together to organise and onboard a new hire
  •  Assessing technical skills can also be difficult when changing software offerings are improving all the time 

 

Advice when hiring Information Security professionals

 

Recruiters can speed up your process and improve results

 

The Information Security landscape is always evolving and keeping up-to-date with the latest threats and technologies, while managing your day-to-day activities, can be challenging.  The information security recruitment talent market is no different. Recruiters who specialise in cyber security have well-maintained and deep networks within the cyber security community. This means they are better positioned to suggest relevant skill sets to support and complement existing security frameworks and attract the right talent.  Engaging a specialist cyber security recruiter can significantly reduce the time to hire, and ensure you hire the right person with the right skills and experience to support your cyber security function.  

 

 Leaning on specialist cyber recruiters earlier on in the recruitment process, will help build a business case by creating:  

  •  Salary benchmarks
  •  Example profiles
  •  Advice on regulations (IR35) 
  •  Networks of active and passive candidates
  •  Alternative resourcing options, including project teams and consulting services via Barclay Simpson Solutions 

When the safety of your organisation and data is at stake, there’s nothing more important than quickly finding the right talent! 

 

Prioritise diversity 

 

Employers are becoming increasing aware of the importance of diversity and the benefits it can have within all teams across an organisation. Security teams that have a broad range of backgrounds, have been found to outperform firms with a more homogenous workforce. Securing the most talented cyber security professionals will require employers to take on a new, innovative approach to access more diverse talent pools. 

 

Ensure you have a unified recruitment strategy 

 

When creating your cyber security recruitment strategy, it is important to ensure all stakeholders are on the same page. This includes ensuring that the hiring managers, internal recruitment/HR teams and the external recruitment partners are all aware of the job spec, timeframes and diversity and cultural considerations and have realistic expectations.   

 

Create an accurate and inclusive job spec 

 

Unrealistic expectations from various stakeholders can often be an issue when it comes to the job descriptionSecurity requirements and responsibilities can be very vast and span many areas of the business, which can result in the specifications becoming a slightly over-idealised ‘wish list’. Your job spec should aim to be:

  •  An accurate representation of the role 

Written in the right way and portraying the right message, your job spec can be a powerful tool to your talent acquisition strategy. Try to list only the most essential skills and requirements to avoid trying to find that ‘unicorn’ who must possess 10+ essential skills, qualifications and technology competencies – as that perfect candidate does not exist and it will slow down your recruitment timeframes unnecessarily trying to find them! 

 

However, a candidate might possess a few of those ‘nice to have’ skills, so it can be useful to have a separate list of the non-essential skills you’d like to possess on your team and assess them at the interview stage or include them under a different ‘Not compulsory skills’ heading in the job spec.  

  •  Be inclusive and avoid biased language 

Biased language can be a huge deterrent for many applicants and can seriously affect the diversity of your candidate pool. This can be a challenging obstacle to overcome as much of the information security language can be subtly gender-nuancedMany adjectives have been proven to appeal more to male or female applicants. For example, words such as active, competitive, dominate, decisive, fearless and objective are often considered to be masculine. Words like community, dependable, responsible, committed, empathetic and supportive are regarded as more feminine.  

 

 However, unconscious bias can work its way in if you’re not careful in the language of your job description, but an experienced recruiter can help you avoid the pitfalls of unconscious bias and keep your job description inclusive. 

  • Communicate your unique selling points as an employer

Creating an idea of the big picture and where this role fits into the long-term plans of the company can be a great way to communicate desirable employer traits such as: dynamism, future-orientation, and even ethical mandates.It is fair to say, this reflects the firm and a strong sell is an important part of the talent acquisition strategy.

  • Convey your culture

An effective way to promote your company culture is in your mission statement and is closely related to how you communicate your unique selling points as an employer (as covered above)Conveying company values and ethos is a powerful way of doing this, and you can immediately eliminate a large proportion of applicants who do not adhere to such values. 

 

 

Focus on creating a positive candidate experience

 

The recruitment and onboarding process are a representation of your company culture and of you as an employerCreating a positive candidate experience from interview to onboarding is growing increasingly important with the rise of employer review sites such as Glassdoor and LinkedIn, plus made slightly more challenging by the pressures of remote interviewing and onboarding.  

 

Yet ultimately, having a positive employer reputation will attract better cyber security talent and ensure better results on your information security offering from your recruiting, even affecting your entire team’s productivity and company bottom line.

 

This can be done by enacting some simple yet effective communication channels:

  •  Ensure your relationship with your recruiter, or if using an in-house team, is seamless and they understand the brief to minute detail so they can clearly and effectively screen candidates in and out on your behalf
  •  Ensure you follow up quickly with your recruiter, so the impression on the candidate is always positive, even if it’s a no
  •  Set expectations for what in-person or video interviews will entail
  •  Ensure the interviewer is engaged and listening to candidates during interviews
  •  Let candidates know early if they are no longer being considered for the role
  •  Provide and invite constructive feedback
  •  Take time to get to know the candidate and assess cultural alignment – when it’s all online, it can be more of a challenge, so understand this and plan how you to satisfy this criteria, as well as the technical capabilities.

 

Hiring cyber security professionals needs to be a high priority for many organisations, and the current climate means there are additional factors to consider, from the challenges of remote communication to a talent shortage. However, engaging a cyber security specialist recruiter can simplify the process by leveraging market insight and deep networks of active and passive cyber security professionals, saving you time and money in your recruitment process. They can also help you shape an inclusive hiring strategy from start to finish and support your remote onboarding process.   

 

Barclay Simpson is an international recruitment consultancy that specialises in recruiting professionals for the interrelated disciplines of governance, namely Information/IT Security, Risk, Resilience, Audit, Compliance, Legal and Treasury. When time is of the essence to protect your organisation from cyber attack, Barclay Simpson can help you quickly build a technically proficient cyber security function and team. 

 

Get in touch for support in hiring cybersecurity professionals 

Download Report
Download Report


For more information about how the cyber security market is being currently impacted, our latest report, The Impact of Covid-19 on the UK Information and Cyber Security Sector, aims to shine a spotlight on how the information and cyber security markets across multiple sectors have adapted - and continue to adapt - following the pandemic. 

Download Report