Job Posting Strategies for Finding Top Security Talent

Job posting was so easy a few years ago. But that is no longer the case and true of days of old when it was as simple as taking out a classified ad in the local metropolitan and national newspapers and posting it to the one or two primary job sites.

Compared to just a few years ago, there are a plethora of ways to promote job openings today.

Today, there are an almost unending myriad of promotional channels from which to choose—free and paid job posting sites, social media, personal referrals, event marketing, and private talent pools. Knowing when and how to use these can be the difference between a quick and easy candidate search to a lengthy slog resulting in an insufficient number of candidates who don’t match your requirements.

A Great Job Posting Strategy Is Critical

Cast your net too wide, and you’ll waste money posting to ineffective sourcing vehicles while spending valuable time culling through piles of candidate applications, many of which aren’t what you’re seeking. Go too narrow, and you’re going to miss some of your best candidates (over three-quarters are passive jobseekers) and sometime fail to find a qualified applicant.

75% of the most qualified jobseekers are passive. How you are finding and engaging these candidates is often the difference between a list of subpar candidates and one full of rock stars.

The importance of a great job ad strategy is particularly important for security leaders. There are over 1 million unfilled security positions today, a number that is expected to grow to 1.8 million in a couple years. Simply put, without a great job ad strategy, CISOs and security hiring leaders cannot attract the talent you need to fill all of your job openings. Hiring becomes an ordeal that rarely results in positive outcomes, as you are relegated to sifting through disappointing candidate applications that fall short of your specified qualifications and experience.

Two Job Posting Premises

Well-tuned job ad strategies consist of two premises—one short term and the other long term.  The long-term objective is to build up a pool of potential candidates who are aware of and interested in your organization. Assuming you maintain ongoing communications with them, this candidate pool remains engaged and a great repository from which to identify potential candidates who are good fits for the role. As to your short-term objective, you aspire to attract great candidate applications.

Understand the Available Sourcing Channels

If you target jobseekers on only a couple sourcing channels, you’re going to miss the mark. Research reveals that jobseekers use an average of 17.7 different channels when searching for a job.

Without a good job ad strategy, organizations are throwing darts at the dartboard when it comes to finding qualified jobseekers.

The following should be part of nearly every candidate search, especially in an occupational field as competitive as cybersecurity:

• Website careers pages
• Social media presence
• Word of mouth (referrals)
• Public relations
• Candidate pools
• Events and conferences

Job boards are a critical source for candidates, but they aren’t all the same. Generalist job boards are designed to attract jobseekers across a range of job titles and industries, whereas niche job boards target specific industries or even occupations. And then there are job aggregators, social media, and ad networks. 

Attributes of a Good Job Posting Strategy

To avoid disjointed, scattershot exercises that attract an unfavorable ratio of random applicant dross to strong candidate gold, hiring organizations should formulate a job posting strategy that covers the message, candidate demographics, and communications channel selection bases. Following are some core attributes to include in your job posting strategy:

1. Messaging. At this initial stage of the recruiting process, 80% of your message should be embedded in the opportunities included in the job description and 20% from the general reputation of your organization as a good place to work. Messages conveyed in the job description should speak to specific segments of the overall candidate pool and elicit responses from plausible applicants. Take care, as candidates will interpret any inconsistencies between the job description and organizational atmospherics as reasons NOTto apply to the opportunity.
2. Candidate Demographics. Cybersecurity teams, as with many business organizations, consist of seasoned senior c-level, VP, and director level leaders; middle managers; and front-line administrators and technicians. Differing communications channels will carry your message to differing categories of applications. Note that the above does not describe a rigid-class system. Career paths are dynamic things, and candidates at any level are typically seeking opportunities to move up the ladder.
3. Channel Selection. The spate of communications channels gives hiring organizations an equally wide set of options to target specific candidate cadres. The challenge, of course, is to optimize the mix of communication channels to reach desired candidate pools.

Job Posting Communications Channels

The menu of job posting communications channels generally breaks down into three categories:

1. In-House Resources. Often the best place to launch a job posting campaign is from an organization’s own resources. These include the organization’s careers webpage, social media channels, and public relations/corporate communications. A well-run careers webpage is more than a list of open opportunities. Make sure the brand of your security team is reflected on your careers webpage and articulated in the promotion of any “advertisements” of security openings that are distributed on your company’s social media accounts and other communications vehicles.
2. Internet Job Boards and Recruiting Sites. The Internet job posting scene has expanded to the extent that it can support sites that address specific job seeker demographic categories. In particular, sites such as theladders.com focuses on director and above opportunities, several sites cover mid-range technology industry managerial openings, and more specialized sites reach engineering, technical, and early career prospective/recent college graduate demographics.
3. Professional Networking and Event Outreach. Trade shows and conferences—ranging from the globally well-known RSA Conference to local cybersecurity user and discussion groups—have become hotbeds of recruiting activity. If your organization has a formal booth or similar presence at an event, it can be leveraged as a venue to meet candidates. Even in the absence of a fixed presence at an event, there’s nothing to stop an organization from making its presence and hiring objectives known.

CISO Hiring Guide on Job Posting

If our above analysis peaked your interest, you may want to check out our CISO Hiring Guide on Job Posting that includes much more detail on what you can do to ensure you and your recruiting team have the right job posting strategy in place. You can also check out our other CISO Hiring Guides on the Fortinet content hub.