Recruiting externally vs. training internally: 5 tips to improve your cybersecurity talent pipeline in 2020


If you are in the market for cybersecurity talent, you do not need to hear (again) just how hard it is to find candidates for your job postings. Across every industry and organizations big and small, you see the impact that each one of the 3.5 million unfilled cybersecurity jobs have on operations.

Instead, you want to hear about what your organization can do about filling your unfilled cybersecurity positions. This article will do just that: we outline five tips that your organization can use to improve your existing recruiting processes, as well as a few others that may open up new opportunities to recruit new security professionals. 

Tip 1: Capitalize on opportunities for internal growth

Before your knee-jerk reaction to immediately search for a replacement cybersecurity professional on the (very) competitive job market, first pause to look internally for an opportunity to find a potential fit from within your own organization. Not only is this a great opportunity to provide existing employees with an opportunity to have a new experience and grow their own skill sets, but it can provide a nice amount of continuity of organizational knowledge and opportunities for increased cross-team communication and collaboration. 

Begin by documenting the key specialized and core skills that the vacancy requires and compare this information to other functions and staff already in place. For example, a strong quality assurance tester or application security engineer requires a firm foundation in software development. These crossover skill sets can help you to identify strong performers in other job disciplines that could have an interest in a new role and enough foundational skills to quickly pick it up. As an added bonus, these individuals have already demonstrated their work ethic and personalities, which can always be an unknown during traditional hiring (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: