By Matt Donato, Co-founder of Charlotte, NC-based HuntSource
You’re a cybersecurity engineer and want to find an exciting career opportunity in this arena.
But several obstacles are preventing you from making this happen. For example, you may get offered a big salary, say $200,000 per year. The fact that someone is willing to pay you that much strokes your ego.
Yet you take that job and find out the work itself doesn’t appeal to you. Or the corporate culture doesn’t align with your values.
You saw the big dollar signs and took the position but now you realize you made a big mistake. You now have to start over finding another job or stay in a place where you are not happy.
You lack skills in a key area
Or here’s another problem you might have. You know a lot about cybersecurity but the position you’re applying for requires that you also understand and have skills using machine learning, for example – a hot new trend. You haven’t had time to learn about it because your current job eats up 80-100 hours a week of your time.
With this technology industry changing so fast, and the demands of your current job so all-encompassing, you haven’t had time to keep get your head around what machine learning is all about or how to get caught up in your free time.
You don’t know what certifications to get
Or you have a related problem. You need web application security knowledge to land a dream job, but you don’t know what certification to get that employers will want before hiring you.
Some employers want you to take one type of certification course and another specifies that you pass another course. Which one do you take? And which job do you want more? It’s all complicated and uncertain, a crapshoot.
You believe employers will come after you
Or you may have more fundamental obstacles to overcome. You believe you can send out your resume and employers will come chasing you because there’s a shortage of cybersecurity professionals. You’re a hot commodity. They’ll come chasing you.
All you have to do is make them aware you’re looking around. But you find out that’s not nearly enough effort and unrealistic. You have to do much more. Even when the demand for your skills is intense.
You have LinkedIn fatigue
Or you find that every day you get at least five messages on LinkedIn from employers wanting to know if you’re interested in a new cybersecurity position. But the notices are poorly targeted for positions far below your experience level.
Worn out by “LinkedIn fatigue,” you stop going to that page in your job hunt because so much of the information wastes your time. But that’s where so many opportunities for you await. It’s a conundrum.
How to overcome these obstacles
There are several actions you take to overcome these hurdles. One of the most important is to stay current and keep your skills relevant and fine-tuned in the cybersecurity market.
You must be current
Your knowledge has to be up-to-speed with what’s going on right now and where the market is headed. Three-year-old information and skills won’t cut it in the ultra-high-speed cybersecurity arena. One-year-old information doesn’t amount to much either. It’s all about now and what you know and what value you can offer today and tomorrow.
Next, focus on improving your written and verbal communication skills. Yes, technical knowledge remains important, but plenty of strong competitors have that.
You will separate yourself from competitors if you show you can handle the technical aspects of the work and communicate well. This would mean, for instance, simply and clearly explaining to upper management why the cybersecurity projects you and your team are working on are important to the financial growth of the business.
Want to enchant employers? Be authentic. Employers can tell when someone is faking who they are or what they can do. Be candid with employers about what you can and cannot do, what your passions are, why you want to work specifically for them, why you believe cybersecurity is important, and show them you understand the cybersecurity problems they need to solve.
Obstacles from the Employer’s Perspective
Employers struggle to find and hire cybersecurity professionals. They often don’t understand well what cybersecurity is, why their company needs it, and how it can help their businesses grow or prevent losses. They have a general sense that they need to have better cybersecurity so they seek to hire people who do know about it.
But these employers often cannot communicate who they want to hire because they don’t know what they want the cybersecurity person to do.
Be more flexible with job requirements
Another problem: Written job descriptions for cybersecurity jobs are too lofty, demanding, and stringent. If a candidate meets six of the eight requirements, for example, but the corporate policy stipulates that they need to meet all of them, the application won’t move any further in the process.
Companies often miss what could have been a great hire. Inflexible hiring practices blocked the process. This is a huge problem.
Shorten the job hunt process
The problems don’t end there. Companies often take far too long to hire anyone. The process tends to be overly laborious – even when searching for employees in a high-demand market such as cybersecurity.
Positions can stay open for nine months and often longer. Corporate recruiters often are asked to fill 50 or more jobs at once. Even when hundreds of people apply to one position, few people have time to review them, or at least not for several months.
Cybersecurity affects finances
Companies also wrestle with cybersecurity hiring because cybersecurity does not generate revenue. It’s an expense. Naturally, the company wants to keep the revenue-generating engine humming. They are therefore more inclined to hire salespeople and others who can affect the bottom line.
The flaw in this logic, of course, is that if the company’s cybersecurity stays weak, fraudsters are more likely to steal millions of dollars and valuable information from the company. But until that happens, companies de-prioritize cybersecurity hiring in favor of people who bring in the cash.
Overreliance on certifications
Cybersecurity professionals rely too much on certifications and are not familiar enough with the certification programs to assess whether they show that an applicant is competent in discipline just because they gained the certification. Some certifications are easy to get and don’t require much skill.
Too often companies place too much value on one applicant who has a certification when another applicant who does not is better qualified for the position.
It’s not all about the money for employees
Employers also underestimate how much job applicants value doing meaningful work. They frequently assume the salary constitutes the overriding force for luring candidates. But actually the work they will do and how valuable it is to the employer means a great deal to employees.
How to overcome these obstacles
To be more successful in hiring cybersecurity professionals, companies need to become much more knowledgeable about what cybersecurity is and pinpoint exactly why they need to hire people to help them with this important program.
There are no perfect candidates
Companies also need to be much more flexible in ascertaining who fulfills enough of their job requirements to deserve an interview. There just aren’t that many people anywhere who know everything there is to know and have all skills needed to do a cybersecurity job.
The technology is too new, the skills take too long to refine, the specific niches are too numerous and disparate. There are no perfect applicants. Applicants who show they can do most of what the job requires should be given more consideration.
Weak cybersecurity weakens businesses
Companies also need to be careful not to underestimate the financial impacts of not hiring cybersecurity professionals. Granted, this is not a revenue-generating discipline. But it does help reduce revenue losses, which can be huge when cyber breaches occur.
Don’t overestimate the value of certifications
Companies should also not overestimate the value of cybersecurity certifications. Some people might take an easy course while others may not. It’s important to figure out which certifications show a job applicant’s mastery of a skill or subject matter.
Professionals seeking jobs in cybersecurity have their hands full. It’s a market moving at blazing speeds. The dynamics are complicated and tough to synthesize. Above all else, the key is to stay current on the latest news in cybersecurity, track market dynamics, and keep taking courses that help you develop skills valued right now by employers.
Employers need to do their part to really get their minds around what cybersecurity is all about so they can hire people to do meaningful cybersecurity work. They can’t rely on the people they hire to figure all this out.
And they need to move much faster and get more aligned on their corporate storyline when they interview candidates. A quick way to turn off a job candidate is to have that person interview four different people within your company who give the person four different stories about what’s important to the business.
Get your story straight. The applicant will be more inclined to work for you if you are all singing the same tune. It eases their minds and shows them your company has its act together. Additionally, even if the role you discuss is not the right match, you’ll earn tremendous credibility and trust with the candidate as someone who may want to revisit joining your team.
About the Author
Matt Donato is the co-founder of Charlotte, NC-based HuntSource. He can be reached at firstname.lastname@example.org. HuntSource provides comprehensive talent recruiting services for companies and professionals in the cybersecurity, data intelligence, and analytics markets. The company accelerates, streamlines, and simplifies the hiring process for companies and professionals in all three of these industries. The company’s capabilities include performing direct hires and executive searches, retained searches, and various staffing solutions. www.huntsource.io.