Is a bachelor's or master's degree really necessary for your talent? In some cases, the answer is no. "If IT and security talent can prove they are proficient in the skillsets you are looking for, then what's holding you back from hiring them?" Halstead says. This is where hackathons, bug bounties (offering prizes or other compensation to IT pros who identify and fix security flaws) and other 'competitions' can be helpful in both attracting and screening potential cybersecurity talent.
Consider partnering with a site like online recruiting platform HackerRank, which allows companies to develop code challenges to test programmers' skills. HackerRank recently launched a jobs platform with a limited number of companies to help connect developer talent with open roles; it's a great way to gauge the skills you need against the talent pool available.
4. Highlight your company's projects, tools & technologies
Your HR department should enlist the help of an unlikely ally in the search for cybersecurity talent -- marketing, says Leela Srinivasan CMO at recruiting and applicant tracking system software company Lever.
"Recruiting and marketing should be partners here, to make sure they're standing out as a company and targeting the right people. There seems to be a huge awareness gap of the opportunities in the cybersecurity space, so make sure you're building your brand as an employer of choice for cybersecurity talent," she says.
That could mean emphasizing specific technology tools you use, blogging about how your team solved a security problem, or discussing how you integrated emerging security technologies, says Halstead.
5. Be a thought leader
Get your CIO, CSO and CISO (if you have them) to conferences, meetups and hackathons; blog regularly about cybersecurity issues and stay on top of the most pressing issues and vulnerabilities out there, says Halstead.
"Position yourself and your company as a thought leader in this space. You can detail how these attacks might affect your industry, what kinds of skills and experience you need to defend against cybercriminals -- start participating in these conversations," he says.
6. Don't rely on salary alone
Salary alone may not be enough to attract or keep the talent, but that doesn't mean you should be stingy, Halstead says. Cybrary's survey respondents revealed that 50 percent of companies pay their average cybersecurity worker $25,000-$50,000 per year, 21 percent said $50,000-$75,000 per year, 17 percent said $75,000-$100,000 per year, and 12 percent said that their average cybersecurity worker makes more than $100,000 per year.
"Many cybersecurity pros want to be working in exciting and challenging areas of cybersecurity; most also know exactly how in-demand their skills are and know exactly what they're worth," he says. It is well worth paying one and a half or even twice what you pay other IT roles to land talent that's critical for protecting data and defending against crippling attacks, he says.
Sign up for CIO Asia eNewsletters.