Filling cybersecurity jobs is getting so hard managers need to think outside the box if they hope to fill critical positions, experts say.
That means redefining jobs, training human resources departments to screen resumes differently, seeking latent talent already inside the organization, and hiring bright, motivated people who can grow into critical roles, according to an expert panel speaking at the recent Advanced Cyber Security Center conference in Boston.
Talent is so scarce that it typically takes eight to 12 months to fill cybersecurity jobs, says Mark Aiello, president of Cyber 360, a staffing firm specializing in finding cybersecurity skill. So employers need to be flexible about who they will consider.
“The goal is to hire someone not perfect for the role,” because you likely won’t find them, Aiello says. “The Goldilocks candidate does not exist.” He says organizations need to get their managers to be managers by managing how critical tasks are divvied up and training their staffs so all those tasks are accomplished. For example, he says hire a new person to handle lower-level tasks and realign existing staff to absorb the duties of the higher skilled person who left.
Look for bright, capable people with the aptitude for the skills needed for open positions, and then train them, says another panelist Devin Bryan, CISO of the Federal Reserve System. He says the 12 banks in the system had 78 vacancies for cybersecurity posts, the oldest being unfilled for a year. “There certainly is a war for talent,” he says.
Janet Levesque, CISO for RSA, says she works with her human resources team to flag candidates with critical-thinking and problem-solving skills and writing and communications talent, not just the technical competencies they tend to list on resumes.
“We have a responsibility to help HR sift through the pile of resumes from Monster,” says Bryan. And job seekers need to do more to help themselves by describing how their skills and competencies can help the hiring organization.
Aiello says HR should be told to set up interviews with everyone who meets broad qualifications. Managers should hire the smart people who meet those qualifications, even if they don’t have all the specific skills required so long as they are willing to learn and show enthusiasm for the open position. “If they have the right attitude, they will be a good employee,” he says.
Aiello says employers shouldn’t insist on a set of certifications or even a college degree when hiring. “That shouldn’t matter,” he says, just whether they have skills and brains.
Carla Brodley, dean of Northeastern University’s College of Computer and Information Science, agrees, but says that once they have jobs and want to move up the food chain, they will likely need to acquire formal credentials. “They can do that while they’re working for you,” she says.
Sign up for CIO Asia eNewsletters.