What Cybersecurity Jobseekers are Telling Us

It’s been highly amusing reading the clickbait media hype about the devastating dearth of cybersecurity talent across the globe. If you can believe these articles, any cybersecurity professional can toss their resignation on the boss’ desk, pack up their framed certs, and walk two blocks down the street for a 20% salary uplift, free gym membership and a gig where you take your dog to work. My experiences and interactions with our professionals tells me otherwise.

One of these easiest ways to determine if what you’re reading is basically hype, is to see if the primary focus is on salary, equity and prerequisites. This is the same phenomenon at work for television programs showcasing luxury homes/lifestyles/cars, etc. We all become voyeurs about celebrities and people we perceive as having material items we desire. 

So, rather than take anecdotal data points, or highlight unique situations, we looked to gather data from job seekers. Of course, that doesn’t always create breathless headlines and clickbait riffs about millions of unfilled jobs or astronomical salaries.  What we found, was, rather expected.  Still, it merits a little insight.

Probably the least surprising response was only 15% of respondents had no plans to look for a new job this year. However, let’s juxtapose that data point with one other: only 15% were actively planning to seek a new position this year. At first blush, those statistics would appear to be in opposition.  Then there is the data point that 70% of respondents are open to a new job.  How do we make sense of these numbers?

I find these responses point to an intriguing trend in our profession. It shows most practitioners are passively open to new opportunities. The market for cybersecurity talent is such that a beat-the-bushes approach is less effective than leveraging networking, conferences, and social media. Hiring organizations need to keep this in mind and be savvy about using these channels to obtain the people they need. Unlike twentieth century job hunting in technology fields, the new generation of talent knows they can achieve their career goals by leveraging their digital relationships.

You may now be asking who really benefits from this phenomenon. The answer? Recruiters. Our next statistics show this trend clearly.  Forty-six percent of respondents say they are contacted by a recruiter at least once a week, and 21% claim that happens to them daily.  That’s hardly surprising. The result of all this industry churn makes for a profitable job as a talent broker.  

Source: (ISC)2

This process works just like the real estate industry.  In a very active market, home sellers are looking to stand out, and they often find working with an agent makes that process quicker and easier.  The brokers manage the buying and selling, and no middle (person) is making money until the deal closes.  When people change jobs, they may get a raise, but the recruiters always make money on the transaction. 

I didn’t truly understand this until my wife and I were in the middle of a complex real estate transaction that went sideways when a person two transactions back failed to obtain their mortgage approval. It was only then I realized why anyone would give up a sizable slice of profit or drop an asking price. If the deal collapses, it’s back to the drawing board and no one makes a dime until the deal closes. Recruiters win when there is churn. The more churn, the larger the win. This reminds me of the California gold rush of the mid 19th century.  Of all the effort, investment and human tools, the one winner from the gold rush still in business is Levi Strauss & Company.  They were born for the need to provide sturdy work clothing to hopeful miners. The miners and their meager profits are all long gone. The jeans survive.

A big common denominator for our respondents was the nearly 70% who cited the need to have their opinions taken seriously. This is especially important for the cybersecurity professionals who slog through the ever-changing morass of emerging threats, the latest vulnerabilities and ever-new mitigation strategies and technologies. We all want to be taken seriously for all our diligent efforts.  Unfortunately, that doesn’t always happen. Nearly everyone in our field needs to assume the mantle of an advisor. We analyze the risks, develop mitigation strategies and present metrics. It’s the decision makers, data owners and business process enablers who will ultimately decide to accept, mitigate or transfer the risks we identify.

And finally, we apparently need to relearn a long-established fact: salary is very rarely the top consideration for potential new hires. You wouldn’t believe it from the headlines. In almost every article in the media on the cybersecurity “skills gap,” you will see references to the fact organizations like state and federal government cannot attract the right talent because people can make sooooooo much more money in the private sector. The truth is that the highest salary is a consideration for only a minority of job seekers. Most professionals are smart enough to realize that compensation is only a part of the constellation of elements that make up the perfect job.

Please come to our session at RSAC 2018 to hear all the details of our Jobseekers’ Survey. Get in tune to the facts that back up these conclusions to understand what drives applicants and employers. Perhaps you can get a head start on the next big thing in your career.

This is a Security Bloggers Network syndicated blog post authored by John McCumber. Read the original post at: RSA Conference Blog