How to work with HR or recruiters to improve your cybersecurity hiring strategy

Introduction: Is there a talent gap in your organization?

With the IT security industry’s skills shortage and the high demand for advanced cybersecurity pros, finding those who possess the traits of an “ideal candidate” has become a challenge for many companies and organizations. In fact, the ISACA State of Cybersecurity 2020 “shows little progress—and, in some cases, worse results—when it comes to cybersecurity hiring and retention.” 

According to ISACA, 57% of the surveyed professionals say they have unfilled cybersecurity positions on their team and 62% actually report being understaffed. 66% lament difficulties in retaining talents who are either recruited by other companies or leave because of the high stress level that comes with the job or the lack of development opportunities, financial incentives and management support.

When positions are open and applicants screened, companies are often faced with candidates that do not seem like a good fit for the vacancy. Lack of IT knowledge, business insight, technical experience or even the proper soft skills plague the pool of applicants. According to ISACA’s research, 70% of companies believe fewer than half of cybersecurity applicants are well qualified and 32% actually believe that it takes six months or more to fill an open cybersecurity position with a qualified candidate.

Creative ways to attract and engage potential candidates 

So, how can CISOs improve their recruiting strategy and find the right candidate to complement their existing cyber security team? Being creative in the search is obviously a bonus, with a number of initiatives that can help companies in the long run. Options include partnership with schools and universities, widening the pool by improving diversity and hiring from within by developing internal talents.

Enhance your security department with an internship program

Structuring a successful internship program will not only give interested students much needed (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: