To fill a huge number of open cybersecurity positions, recruiters need to get creative, experts say

For recruiters in the cybersecurity space, the situation is critical: There’s a dearth of applicants for a surplus of jobs. In April, the Bureau of Labor Statistics projected that “information security analyst” would be the 19th fastest-growing job category in the country between 2022 and 2030. As of that month, there were already 714,548 cybersecurity job openings in the US, according to the job-tracking database Cyberseek.

During its National Cyber Workforce and Education Summit this week, the White House raised the alarm about the deficit of cybersecurity job applicants, writing in a statement: “With approximately 700,000 cybersecurity positions open, America faces a national security challenge that must be tackled aggressively.”

Are recruiters ready to heed the call? They could be, but they’re going to have to get creative by looking beyond the traditional applicant profile, industry experts explained to IT Brew.

What is cybersecurity? Here’s a recent example that may illuminate the concept: A string of security breaches at cryptocurrency exchanges has allowed hackers to get away with digital assets worth hundreds of millions of dollars. Robust cybersecurity protections are supposed to prevent things like that from happening. The US Cybersecurity and Infrastructure Security Agency defines “cybersecurity” as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”

Filling the job gaps. When it comes to cybersecurity staffing, there’s an irony at play: Recruiters don’t quite understand the intricacies of the positions they’re hiring for, Candy Alexander, chief information security officer at NeuEon and international board president at the Information Systems Security Association, told IT Brew over email last week.

“The trend of understaffing for cybersecurity has persisted for years because of the complexity of the issue at hand,” she said. Recruiters haven’t helped the problem much, she added, as job descriptions are often a patchwork of “other bad job descriptions” lifted from existing openings.

Because of this, it’s not uncommon to see an “entry-level position that requires three years or more experience.”

Zoom out. To ensure candidates are being vetted correctly by someone who knows the demands of the job, companies should make sure their candidates’ eventual managers are involved in the hiring process, Alexander stated.

One workaround may involve looking beyond the traditional applicant milieu and investing in training programs.

At the Japanese cybersecurity company Trend Micro, recruiting involves searching for non-traditional candidates, training them for six months, and either offering them full-time jobs or placing them with competing companies. “We hire about half of the graduating class, and then we help to get the rest of the people jobs in our ecosystem…They’re still going to be representing and carrying that Trend Micro flag,” COO Kevin Simzer told IT Brew.—SB

Do you work in HR or have information about your HR department we should know? Email [email protected] or DM @SammBlum on Twitter. For completely confidential conversations, ask Sam for his number on Signal.