With one million currently unfilled positions in the cybersecurity field, a number expected to rise to 3.5 million by 2021, recruiting, hiring, and retaining a high-quality cybersecurity team isn’t an easy undertaking. With an ever-evolving attack surface and threat landscape that is increasingly more sophisticated, security skills and the corresponding security staff have never been more important.
Recognizing the difficulty that CISOs and their recruiting partners have recruiting and hiring great talent, we launched a CISO Hiring Guide series. These Hiring Guides cover six different areas:
There are over one million unfilled cybersecurity positions today, a number that is expected to increase to 3.5 million by 2021.
The strategies and recommendations delineated in the CISO Hiring Guide series are intended to apply across the various security occupational areas—from CISOs to security administrators.
Beyond getting approval for the headcount, the hiring process starts with the creation of a job description. More than simply a laundry list of duties and qualifications, the job description defines:
With nearly every constituency at an organization—management, finance, marketing, operations, legal/compliance, and sales having a stake in an organization’s cybersecurity program—it is important to ensure their requirements and interactions are included in the job description. While language from other posted job descriptions can be leveraged for content, each job description needs to include its own unique content.
With nearly every constituency at an organization, it is important to ensure their requirements and interactions are included in the job description.
Effective job descriptions include six core elements:
Job descriptions are communications vehicles. This may seem like an obvious point, but job descriptions have developed a reputation for congested “institutional-speak” seemingly designed to baffle readers rather than enlighten them. Don’t be that organization!
Job descriptions have developed a reputation for congested “institutional-speak” seemingly designed to baffle readers rather than enlighten them.
To differentiate your job posting and compete effectively for talent, the following are some recommendations to follow:
Write for the Candidate. The candidate is your audience and most important decision-maker in the recruiting equation. Visualize yourself presenting the opportunity to an intelligent outsider that you are trying to convince to join your organization.
Keep it Crisp. Verbosity and over-amped informality are proven candidate turn-offs. The job description is the first impression your organization makes on a candidate. Demonstrate that you respect them by not wasting their time and by telling them a compelling “story” about the job and your company in general.
Watch Out for Unintended Messages. To candidates, phrases like “do whatever it takes attitude” can sound like “no work-life balance” and “rockstar” or “ninja” can signal “males only, please.” Run job descriptions past others in your organization who resemble your ideal candidates and ask them what attracts or repels them when reading draft job description copy.
Remember It’s a Digital World. It’s important to optimize job-posting language to connect with search engines. Not only do job boards, recruitment sites, and social media outlets use search engines to find and rank content relevant to their audiences, but candidates also use specific terms to mine for attractive opportunities.
If the above analysis peaked your interest, you may want to check out our CISO Hiring Guide on Job Descriptions that includes much more detail on what you can do to ensure you are developing compelling job descriptions that attract top talent.