Skip to main content

Ten tips to overcome lack of in-house expertise and recruit cyber security experts to protect your business.

Lack of IT skills is a constant concern for CIO, particularly in the search for IT security experts. Complex and ever-changing threats, from the rise of the emergence of billions of IoT devices, result in increased risks for businesses and, at the same time, the need for trained personnel. More and more companies are investing in hiring cybersecurity experts, however, according to a recent Gartner report, only two out of three companies can count on a security specialist. How to choose the right person? And what if the company can’t afford to expand its staff? These are ten suggestions for how best to deal with this issue.

  1. Identify your vulnerabilities

Evaluate the strengths and weaknesses of your organization’s security and focus on attracting talent to address your key vulnerabilities.
This could include hiring specialists with experience in previously neglected segments, or anticipating future threats and finding staff to mitigate potential risks.

  1. Go beyond the qualifications

When you publish a job advertisement you are overwhelmed by dozens of CVs of aspiring candidates. It is easy to fall into the trap of simply reading CVs for specific keywords and qualifications. Doing so, however, could mean losing someone with significant and much more valuable experience than just qualifications.

Potential candidates may also refrain from responding to a job advertisement if specific qualifications are required as part of the requirements.
To make sure you don’t lose your experienced talents, add a line to your job advertisement indicating that the lack of formal qualifications can be overshadowed by the right candidate with the right experience.

  1. Pay the professionals

The phrase “you will have what you paid for” is extremely relevant in hiring, especially in the technology sector. IT security professionals are in high demand and can expect to be remunerated for their value. This could penalise small businesses with smaller budgets. However, hiring junior staff and offering training, or even choosing internal staff and training them for new positions, is a great way to overcome the problem. A good way to know how much to pay is to find out how much your colleagues and competitors are paying. You can also use a service like IT Jobs Watch to monitor your job market.

  1. Diversify your workforce

Address staff shortages by proactively recruiting under-represented groups. This could mean changing the recruitment process, making the job more inclusive or providing in-house training to those who have no experience in a specific sector but have the ability, interest and skills to grow.
Only 11% of the world’s workforce in cyber security is represented by women, according to the non-profit Women’s Society of Cyberjutsu (WSC). Work with private sector groups, public bodies, and educational institutions that provide IT training programs for women to understand how to restore balance.
Human resources and professional associations can help you reach out to a diverse range of groups, make your workplace more welcoming and reduce the prejudices inherent in hiring. Promoting career opportunities for women and other underrepresented groups can make your company an attractive prospect both now and in the future.

  1. Invest in existing staff

The rapidly changing threat landscape makes continuing education essential to the security of any business. It can also be an alternative to hiring new employees.
If you can’t find the person you need, you can invest in robust in-house training programs for your current employees. Some of them may be particularly well suited to moving from general IT to IT security specialists.

  1. Address the millennial as well

Working patterns are changing rapidly and the needs and desires of millennia are often different from those of previous generations. Job satisfaction has become more important and career paths are less linear today.

Flexible working models, mentoring opportunities, training opportunities and more comfortable working environments can help make your business more attractive for millennial.

  1. Extend your range

Expand recruitment processes through online resources. Build a social media presence, interact with forums and communities, and streamline mobile applications.

Analyze industry trends and employment data to understand where needs are emerging, where talent is available and how to connect with it.
Follow cybersecurity events such as conferences, meetups, hackathons and seminars to meet new professionals and introduce your business. Hacker conferences can be particularly useful as they attract talent who often do not follow traditional career paths.

  1. Hire Senior Professionals

Chief Information Security Officers (CISOs) are becoming increasingly important in large corporations. They can help them develop a comprehensive cyber security strategy and ensure that the right recruitment policies are in place.
Another leadership role that is becoming popular is that of the Chief Risk Officer (CRO), who oversees all aspects of risk exposure and can help you choose the right people to protect your business.

  1. Hire and train junior figures

If you can’t attract the senior talent you need and can’t invest in your current employees, consider lowering the entry bar and advertising other junior roles. They can then be trained for the senior roles the company needs. The technical skills you are looking for today are certainly changing rapidly. You will need staff who can and will learn and adapt regardless of your current level of experience.

  1. Consider using external vendors

The unique needs of information security have led the IT outsourcing market to grow more than any other segment of information security, according to data released by Gartner.

If you can’t find the staff you need, consider outsourcing to specialized IT security service providers.
Outsourcing is usually not cheap, but it can provide the experience and expertise your business needs, while transferring responsibility for managing them to someone else.

Translated by: LUBEA News on Line

Date: 2018-07-25

Written by: CIO