It’s no secret that the industry is lacking cybersecurity professionals. According to Dice’s latest hiring survey, a record 78% of hiring managers anticipate more hiring in the first half of 2016 compared to the second half of 2015. That’s a lot of job openings – and worse – a lot of companies missing the talent they need to stay secure.
There is no perfect cybersecurity candidate
Graduation time is fast approaching and many companies feel like there is a small pool of quality cybersecurity professionals to choose from. So what do you do?
School can only do so much to prepare students for the real world; this is especially true for those in the security industry. Things move so fast that techniques students learned their freshman year could be obsolete by graduation time.
Of course, it is scary to hire employees with “potential,” but those employees often prove to be amazing employees because you had the chance to train and mold them into the employee you need. You and your company just need to be willing to invest in new employees.
Cybersecurity education: Not just for students
Finding a candidate with potential and then training them to be an ideal employee is a team effort. Everyone from hiring managers to the CEO needs get on board with your plan to personally develop the next generation of cybersecurity professionals.
CEO or other company strategists
This is going to be your hardest sell; the idea of investing in extensive training for Millennials tends to make companies nervous. Companies know Millennials are known for jumping from job to job and fear they are going to train a great employee who is going to quit and use those skills at a competing company.
Sadly, there is no way of knowing if an employee will do this, but there are two main arguments against this reasoning for not training employees. First, Millennials are not all job hoppers; they are known for being loyal to companies that treat them well. Second, investing in training is not just something your company is doing; many companies are relying on this to have a quality workforce, so if you lose an employee you trained, you can hopefully find a candidate that a competitor trained.
Once you have a green light for extensive training, you need to work with your hiring managers on relaxing their resume elimination process. Of course, there will be a few skills you need a candidate to have, but hiring managers need to start thinking more analytically when reading resumes. They need to think about how past experiences could give candidates the right mindset and skillset to be quick and willing learners. Finally, just because cybersecurity professionals are in the technology industry doesn’t mean they don’t need soft skills; in fact, our industry is in need of professionals with the soft skills to be able to communicate with and teach non-techies how to keep the company safe.
Remember how we mentioned that Millennials are loyal to companies that treat them right? Well, that is up to you. When you invest so much in cybersecurity education you want those you trained to stay; they don’t just understand cybersecurity, they understand your company’s cybersecurity. There are hundreds or thousands of articles out there about keeping Millennials happy, but it largely requires you to develop soft skills in order to communicate your appreciation for them. For more ideas, check out this article on how to attract and keep Millennials at your company.
While it would be great if you could find your perfect cybersecurity professional without any training investment, that is not the reality of our industry. Other industries better prepare students for the real world through hands-on internships, but we can’t always offer that. The information we work with everyday is highly confidential and not meant for interns to be working with. That reality leaves us with one choice for developing better cybersecurity professionals – hiring candidates with potential and giving them extensive on-the-job training.