As modern threats evolve in sophistication and networks become more distributed, it is more important than ever that organizations of all sizes have a cybersecurity resource strategy in place. While SMB organizations may elect to work with partners or managed security service providers (MSSPs), many larger organizations seek to outfit their teams with experienced security professionals who can protect their networks while enabling digital initiatives.
Because of the expanding attack surface and proliferation of point security products and solutions, demand for security professionals has steadily increased just at the time when the shortage of available experienced security talent has never been greater. Currently, 22 percent of security leaders say their security teams are too small for their organization, and according to a recent workforce development survey, 59% of organizations have unfilled cybersecurity positions. And the analyst group Frost & Sullivan is forecasting a shortfall of 1.5 million cybersecurity professionals by 2020.
For CISOs to effectively compete in this employee marketplace, they need to understand and implement best practices for finding and engaging security professionals. Data shows that jobseekers spend fewer than 60 seconds reading a job description before deciding if it is a good opportunity and fit. To help CISOs navigate this process and ensure that the right candidates are attracted to their job postings, Fortinet developed the CISO Hiring Guide Series. These guides cover strategies and best practices for writing effective job descriptions, job posting strategies, candidate screening, interviewing, vetting, onboarding, and retention.
Ultimately, these guides are designed to help CISOs manage risk more effectively by finding, hiring, and retaining top- and hard-to-find cybersecurity talent.
As CISOs aim to minimize risk to their network, they should first focus on filling key security positions. When drafting listings, they must leverage best practices that include proper key words and language that will attract the right—and best—candidates, along with optimal description length, and specificity, etc. For example, CISOs should keep the job summary under 100 words, keep bullet point lists to 5-6 points, break up postings with subheadings, and list specifics when referring to hard and soft skillsets.
Here are some descriptions of the requirements that C-suites and CISOs should include when seeking to fill these roles within the context of the modern threat landscape.
Locating and hiring these essential security team members can be a challenge. What’s more, once a team is established, CISOs must ensure that these individuals can work together in an integrated way across distributed networks to minimize the use of siloed, disparate solutions. Leveraging an integrated, architectural approach to security ensures that all of these team members receive the same information at the same time, thereby simplifying management of the NOC and SOC.
As CISOs and other C-level executives seek to outfit their organizations with security talent in the midst of the current cybersecurity skills shortage, they must pay close attention to how they engage with prospects. Starting with an effective, specific job listing and moving through the interview process with specific goals and objectives, CISOs can rely on the Hiring Guide Series to help find and attract those candidates with the necessary skillsets to fill each of these core positions.
Explore The CISO Collective - an online content hub and mobile application that provides CISOs with one stop to find the most relevant news and information to enable them to be more effective in their roles.