Hiring practices to close the 4 million worker gap in cybersecurity
The Chartered Institute of Information Security (CIISec) and ISC2 have released a joint guide, Recruitment and Retention in Cybersecurity, designed to help organisations attract, recruit and retain a diverse array of cybersecurity talent.
Research from ISC2 shows that whilst the global cybersecurity workforce grew in 2023 to a record high of 5.5 million people, the demand for skills is still outpacing growth. Globally, the cyber skills gap grew by 12.6% last year, with 4 million additional workers needed to fill the void, making recruitment more important than ever.
The detailed guide written by CIISec and ISC2 experts urges the industry to increase diversity in the hiring process. Advice to organisations ranges from how to identify and support new recruits, to retaining skilled employees – all from a broad array of backgrounds.
One key approach for cybersecurity recruitment is to look beyond traditional job portals and advertise roles in unconventional venues, such as military bases, university campuses, and even gaming arcades. Additionally, reaching out to young talent directly on social media and tech communities can attract a diverse pool of candidates.
Another crucial strategy is to hire based on transferable and non-technical skills. For instance, a finance professional’s risk management capabilities can be invaluable to the cybersecurity sector, and skills like critical thinking and problem-solving are essential.
The guide also emphasises the importance of a comprehensive onboarding process, including a buddy system to help new hires navigate challenges and identify areas of support.
Continuous training and mentoring are vital for keeping both new hires and existing staff updated with the latest trends, tools, and best practices in the fast-paced security industry.
This not only supports career development but also aids in employee retention. Providing a supportive environment is crucial to prevent burnout, especially given that only 14% of cybersecurity professionals have a fully defined career path.
Finally, the guide recommends offering salary increases, particularly early on, to retain new graduates who often change roles to maximise earnings. By paying competitive salaries, organisations can incentivise talent to stay.
Recommended reading
The guide also includes a thorough recruitment ‘basics’ checklist, which outlines the importance of challenging and meaningful work, culture and understanding employees, among others.
“Despite more people working in the cybersecurity industry than ever before, we’re not doing enough to retain them,” says Amanda Finch, CEO of CIISec.
Clar Rosso, CEO at ISC2, added: “The industry desperately needs guidance on how to improve hiring practices or we’ll lose out to other sectors, which we can’t afford. But retaining talent is just as important as attracting it, and organisations have to do more to support staff at all levels, equipping them to succeed.
“The cybersecurity industry needs to recognise the need for greater diversity in teams urgently.”