1020 Cyber Security Professionals’ Actions and Experiences When Applying for A New Role.

By Torquil Macleod, Founder and Director of Via Resource

At Via Resource, we strive to provide a supportive service to our candidates and clients. As the world shifts and everyone becomes more online, Cyber Security as a profession has grown because there is more personal and sensitive data vulnerable to an attack. The rise of Cyber Security has had a huge impact on businesses as professional industries are scouring to hire Cyber Security talent to protect their online presence, assets and customer data.

Our research focuses on the current market to candidate’s views of how the recruitment process has changed, and to establish what candidates find attractive in employers and job opportunities. We carried out an industry survey from 22nd November 2022 – 5th December 2022, asking 1020 candidates their thoughts when applying for a new role.

Torquil Macleod, Founder and Director of Via Resource comments:

“We are incredibly grateful to all the candidates who took the time to complete our survey as we look to understand how the market has changed. The feedback gathered will help us to improve candidate experience and help inform our clients. We want to ensure candidates receive the best experience possible with quality support, advice and guidance from Via Resource to find their perfect role.”

Audience of the survey

Out of the 1020 professionals surveyed, 171 (16.8%) respondents were from the UK and 849 (83.2%) respondents were from the US. With the top three areas working in:

1. Security Engineering & Architecture (35%)
2. Governance, Risk & Compliance (27%)
3. Network Security (21%)

The top three seniority of within their organisation follows:

1. Manager, 8 years + (32%)
2. Senior, 5 – 8 years (25%)
3. Associate, 2 – 4 years (18%)

Changes within the market

Cyber security jobs are in high demand with 78% respondents believe there will be in increase in roles. However, 88% believe there is a cyber security skills gap, where a recent report Cyber Security in Focus, features responses from cyber security directors, security operations directors and VPs of product security in EMEA and North America. Where 87% of respondents admitted they are suffering skills shortages, with over a third (35%) claiming positions were left unfilled after a 12-week period. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.

Three areas identified by respondents to reduce the skills gap include:

1. Attract talent (31.7%)
2. Train and apply employee skills (28.9%)
3. Encourage employees innovative thinking and practical ability (25.3%)

How Candidates Apply for A New Role

Cyber security professionals apply for roles in a mixture of ways with applying on a company website being the most popular channel with 54% of the candidates, is an unexpected for this to be the most popular when it was only 31% last year. However, the reason for this could be those applying directly to the company may be competing against a smaller pool of applicants, which will naturally decrease the competition. Also this helps delivers the applicants credentials to employers in their preferred format, as opposed to the one utilised by an external job site. Some organisations also provide more detailed information about job openings on their website, compared to the descriptions on job listing sites.

Using a recruitment Consultancy comes second, 53% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include using their own personal networks (42%), LinkedIn (35%) and job boards (11%).

44% of candidates surveyed checked company reviews before applying for a role, in particular Glassdoor. Cyber security professionals pay close attention to the ratings and reviews which can significantly influence whether they choose to move forward with the application process. On average candidates spend 21 minutes to complete each application.

What Candidates Want from An Organisation

When a candidate has applied for a role on average, they would expect a reply either within three working days (41%) or up to a week (39%) mentioning if they have been successful to the next stage or not.

If a candidate is successful to the next stage interviews, they are happy to incorporate phone and online interviews with the final stage to be in person interviews (16%). However, most candidates (41%) are only wanting to participate with online interviews due to technology allowing us to do so. After each interview stage it is important for candidates to receive detailed feedback with 42% of candidates strongly agreeing and 42% agreeing. This is an incredibly important statistic as the importance of employer branding and candidate experience is hugely important in today’s employment market. The ideal number of interview stages is seen to be three to four depending on the seniority of the role, this is to avoid interview fatigue for both employers and candidates.

What candidates want within the role

We asked 1020 cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:

1. Salary/day rate
2. Career progression
3. Employee Benefits
4. Workplace Culture/Environment
5. Skills
6. Job responsibilities
7. Job Title
8. Training

Salary is regarded as one of the most important factors while making a choice between roles, therefore putting salary ranges in job advertisements may give organisations a competitive advantage when trying to attract candidates. That’s because most candidates look first at a position’s compensation and benefits when scanning a job posting, then at the job’s required qualifications and skills.

Even with training being the lowest importance to candidates 95% of candidates surveyed would be happy to take on additional training to learn skills (1% more than last year).

Job Benefits

When an organisation provides company benefits, this helps recruit and retain the best employees, boost morale, and improve company culture and benefit from a more productive workforce. Therefore, when candidates apply for a role, they would be looking at the benefits package which could be a way to differentiate one organisation to its competitors. Due to COVID-19, the working culture has changed by providing a more flexible working culture which is important to candidates (36%) and the ability to work from home (23%). Where technology is enabling businesses to continue to function, communicate effectively and maintain positive morale through video conference calls, virtual coffee catches ups and screen-to-screen team socials.

As employees spend most of their time working, offering a health program is crucial. Health benefits can improve overall productivity at work, reduce absenteeism, improve dietary habits of employees, and promote positive behavioural patterns. This is why candidates have chosen other benefits including health insurance (45%), employee rewards platform (38%), bonus scheme (34%) and gym membership/wellness programme (29%).

Conclusion

Several new insights into the individuals working in and applying for cyber roles, the cyber security skills gaps that affect employers, and the challenges that organisations face when it comes to training and recruitment. The main lessons we draw are as follows:

1. Skills gap – The skills gap presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. It is expected organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.
2. Education – Schools, universities and training providers to give a holistic skillset, covering the relevant technical skills and soft skills that employers demand, and the ability to implement those skills in a business context. Organisations must also support existing talent through ongoing training.
3. Support – Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met.
4. Recruitment – ​Sourcing the right talent at the right time can prove arduous for any company. But the process becomes even more challenging when you work within a niche industry or sector. In these situations, a specialist recruiter can help find the perfect candidate for a hard-to-fill role.

This insight gained from information and cyber security professionals shows the new thinking when applying for a cyber security role. Which in turn helps Via Resource when speaking to organisations to guide them with the best job packages, interviewing process and onboarding successfully where candidates can fit perfectly into the role.

About the Author

Torquil Macleod, Founder and Director of Via Resource.  Tor has spent the last 10 years helping organisations build high performing Information Security teams. His experience spans from the development of large-scale recruitment and training programmes to helping Start-ups make the right security hire. His insight is from first-hand experience of the real Cyber Security Skills Market.

Tor can be reached online at https://www.linkedin.com/in/tormacleod/  and at our company website www.viaresource.com